[go: up one dir, main page]

CN108600222B - Communication method, system and terminal of client application and trusted application - Google Patents

Communication method, system and terminal of client application and trusted application Download PDF

Info

Publication number
CN108600222B
CN108600222B CN201810375244.6A CN201810375244A CN108600222B CN 108600222 B CN108600222 B CN 108600222B CN 201810375244 A CN201810375244 A CN 201810375244A CN 108600222 B CN108600222 B CN 108600222B
Authority
CN
China
Prior art keywords
key
channel
public key
terminal
secure channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810375244.6A
Other languages
Chinese (zh)
Other versions
CN108600222A (en
Inventor
张渊
李勃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Beijing WatchSmart Technologies Co Ltd
Original Assignee
Beijing Watchdata Co ltd
Beijing WatchSmart Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Watchdata Co ltd, Beijing WatchSmart Technologies Co Ltd filed Critical Beijing Watchdata Co ltd
Priority to CN201810375244.6A priority Critical patent/CN108600222B/en
Publication of CN108600222A publication Critical patent/CN108600222A/en
Application granted granted Critical
Publication of CN108600222B publication Critical patent/CN108600222B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a communication method, a system and a terminal of client application and trusted application, relating to the field of communication, wherein the method comprises the following steps: and the CA and the TA carry out bidirectional identity authentication respectively based on the first key parameter and the second key parameter, if the authentication is successful, a first secure channel is established between the CA and the TA to generate a channel session key corresponding to the first secure channel, and the CA and the TA carry out data interaction through the transmission of the first secure channel and carry out encryption and decryption processing on data based on the channel session key and a preset channel transmission rule. The communication method, the system and the terminal establish the secure channel between the CA and the TA and protect the data in the secure channel, prevent a third party from intercepting, storing, analyzing and revealing sensitive information transmitted between the CA and the TA, and can support a plurality of CAs to access the same TA through a plurality of secure channels which are isolated from each other.

Description

Communication method, system and terminal of client application and trusted application
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, a system, and a terminal for communicating a client application and a trusted application.
Background
Currently, most terminals integrate a Trusted Execution Environment (TEE) and a Rich Execution Environment (REE). The REE is composed of a Client Application (CA) and an Application operating system. The TEE is composed of a Trusted Application (TA), and a Trusted Operating System (Trusted OS). REEs support rich applications, but REEs present some security risks. The TEE is an independent area in the terminal, and the application installed in the area is controlled by the management server platform.
In the ARM-based TrustZone technology architecture, the CA running in Normal World (REE) and the TA running in Secure World (TEE) have the capability of data interaction. Without secure channel protection, the data interaction behavior between CA and TA may present the following risks: 1. sensitive information is revealed: the data interaction process of the CA and the TA depends on the functional support provided by third-party software, service and drive, and the third-party components have the opportunity of intercepting, storing, analyzing and revealing sensitive information transmitted between the CA and the TA and are not perceived by the CA and the TA; 2. sensitive information is tampered: the third party component has the opportunity to tamper with the sensitive information transmitted between the CA and the TA and is not perceived by the CA and the TA; 3. and (3) injection attack: the third party component may inject additional data in the data flow between the CA and TA and not be perceived by the CA and TA, causing the CA or TA to perform unintended functions; 4. the replay attack third-party component can make the CA or the TA execute unexpected functions by repeatedly playing the old historical interaction data between the CA and the TA without being perceived by the CA and the TA; 5. disguised malicious TA: the CA cannot verify the legal identity of the TA, and an illegal malicious TA may impersonate a legal TA to obtain sensitive information of the user. Therefore, a new communication mechanism between CA and TA is needed.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method, a system and a terminal for communication between a client application and a trusted application.
According to an aspect of the present invention, there is provided a method for a client application to communicate with a trusted application, including: respectively deploying a first key parameter and a second key parameter in a client application CA and a trusted application TA; the CA and the TA perform bidirectional identity authentication respectively based on the first key parameter and the second key parameter; if the authentication is successful, establishing a first secure channel between the CA and the TA, and generating a channel session key corresponding to the first secure channel; and the CA and the TA carry out data interaction through the transmission of the first secure channel, and carry out encryption and decryption processing on the data transmitted through the first secure channel based on the channel session key and a preset channel transmission rule.
Optionally, the first key parameter includes: a vendor public key; the second key parameter includes: a terminal public key, a terminal private key and a terminal public key signature value.
Optionally, the deploying the first key parameter and the second key parameter in the client application CA and the trusted application TA respectively includes: storing the vendor public key in a CA program corresponding to the CA, wherein the vendor public key is deployed through issuing and installing of the CA program; and when the TA is installed and operates for the first time, generating the terminal public key and the terminal private key in a TEE environment, wherein the terminal public key and the terminal private key are stored in the TEE environment where the TA is located in a persistent mode.
Optionally, in the personalization phase of the TA, a second secure channel is established between the TA and a TAM server; the TA sends the terminal public key to the TAM server through the second secure channel and receives the terminal public key signature value sent by the TAM server through the second secure channel, wherein the TAM server carries out digital signature on the terminal public key by using a manufacturer private key; and the TA stores the terminal public key signature value in a persistent mode.
Optionally, the TA calls a white-box encryption library to obtain the terminal public key signature value, wherein a manufacturer private key is used in the white-box encryption library to digitally sign the terminal public key; and the TA stores the terminal public key signature value in a persistent mode.
Optionally, the vendor public key and the vendor private key are issued by a TA management root certificate of the TA provider and generated at the key management center.
Optionally, the performing, by the CA and the TA, bidirectional identity authentication based on the first key parameter and the second key parameter respectively includes: the TA sends first verification information to the CA, wherein the first verification information comprises: the terminal public key and the terminal public key signature value; the CA verifies the terminal public key signature value by using the manufacturer public key, and if the verification is successful, the channel session key is generated; the CA uses the terminal public key to encrypt second verification information and sends the second verification information to the TA, wherein the second verification information comprises: the channel session key and the verification data; and the TA uses the terminal private key to decrypt the encrypted second verification information, and if the verification of the verification data is successful, the TA establishes the first secure channel and returns a channel establishment success message to the CA.
Optionally, the CA sends a command to establish a secure channel to the TA, where the command to establish a secure channel includes a CA process instance identifier corresponding to the CA; the TA judges whether a secure channel is established with the CA based on the CA process instance identification, if so, returns an establishment success message, and if not, sends the first verification information to the CA, wherein the first verification information further comprises: channel number of the CA.
Optionally, the second verification information further includes: the channel number of the CA and the identification of the CA process instance; the channel session key includes: a random number.
Optionally, the encrypting and decrypting the data transmitted through the first secure channel based on the channel session key and a preset channel transmission rule includes: encrypting and decrypting interactive data between the CA and the TA by adopting a preset encryption algorithm based on the channel session key; and transmitting the channel number of the CA and the encrypted interactive data between the CA and the TA through the first secure channel.
Optionally, the encrypting and decrypting the interactive data between the CA and the TA based on the channel session key by using a preset encryption algorithm includes: using the channel session key as a key, obtaining the current value of a channel IV counter as an IV, and encrypting and decrypting the interactive data and the verification data by adopting the encryption algorithm; wherein the encryption algorithm comprises: a symmetric encryption algorithm.
Optionally, the CA sets a first IV counter, and the TA sets a second IV counter corresponding to the secure channel; when the secure channel is established, the CA and the TA respectively enable the initial values of the first IV counter and the second IV counter to be 0; after completing one bidirectional data interaction between the CA and the TA, the CA and the TA respectively add 1 to the values of the first IV counter and the second IV counter.
According to another aspect of the present invention, there is provided a communication system of a client application and a trusted application, comprising: a client application CA running in a trusted execution environment TEE, a trusted application TA running in a rich execution environment REE; deploying a first key parameter and a second key parameter in the CA and the TA, respectively; the CA and the TA respectively perform bidirectional identity authentication based on the first key parameter and the second key parameter, if the authentication is successful, a first secure channel is established between the CA and the TA, and a channel session key corresponding to the first secure channel is generated; and the CA and the TA carry out data interaction through the transmission of the first secure channel, and carry out encryption and decryption processing on the data transmitted through the first secure channel based on the channel session key and a preset channel transmission rule.
Optionally, the first key parameter includes: a vendor public key; the second key parameter includes: a terminal public key, a terminal private key and a terminal public key signature value.
Optionally, storing the vendor public key in a CA program corresponding to the CA, wherein the vendor public key is deployed by issuing and installing the CA program; and when the TA is installed and operates for the first time, generating the terminal public key and the terminal private key in a TEE environment, wherein the terminal public key and the terminal private key are stored in the TEE environment where the TA is located in a persistent mode.
Optionally, the method further comprises: a TAM server; in the personalization phase of the TA, establishing a second secure channel between the TA and a TAM server; the TA is used for sending the terminal public key to the TAM server through the second secure channel, receiving the terminal public key signature value sent by the TAM server through the second secure channel, and storing the terminal public key signature value in a TEE environment in a persistent mode; and the TAM server carries out digital signature on the terminal public key by using a manufacturer private key.
Optionally, the TA is further configured to call a white-box encryption library to obtain the terminal public key signature value, and store the terminal public key signature value in a TEE environment in a persistent manner; and digitally signing the terminal public key in the white-box encryption library by using a manufacturer private key.
Optionally, the method further comprises: a key management center; the manufacturer public key and the manufacturer private key are issued by a TA management root certificate of a TA provider and generated in the key management center.
Optionally, the TA is configured to send first authentication information to the CA, where the first authentication information includes: the terminal public key and the terminal public key signature value; the CA is used for verifying the terminal public key signature value by using the manufacturer public key, and if the verification is successful, the channel session key is generated; encrypting second authentication information by using the terminal public key and sending the second authentication information to the TA, wherein the second authentication information comprises: the channel session key and the verification data; and the TA is also used for decrypting the encrypted second verification information by using the terminal private key, and if the verification data is successfully verified, the first secure channel is established and a channel establishment success message is returned to the CA.
Optionally, the CA is further configured to send a command for establishing a secure channel to the TA, where the command for establishing a secure channel includes a CA process instance identifier corresponding to the CA; the TA is configured to determine, based on the CA process instance identifier, whether a secure channel has been established with the CA, if yes, return an establishment success message, and if no, send the first authentication information to the CA, where the first authentication information further includes: channel number of the CA.
Optionally, the second verification information further includes: the channel number of the CA and the identification of the CA process instance; the channel session key includes: a random number.
Optionally, the CA and the TA encrypt and decrypt the interactive data between the CA and the TA based on the channel session key and by using a preset encryption algorithm, respectively, where a channel number of the CA and the encrypted interactive data are transmitted between the CA and the TA through the first secure channel.
Optionally, the CA and the TA use the channel session key as a key, respectively, obtain a current value of a channel IV counter as an IV, and perform encryption and decryption processing on the interactive data and the verification data by using the encryption algorithm; wherein the encryption algorithm comprises: a symmetric encryption algorithm.
Optionally, the CA sets a first IV counter, and the TA sets a second IV counter corresponding to the secure channel; when the secure channel is established, the CA and the TA respectively enable the initial values of the first IV counter and the second IV counter to be 0; after completing one bidirectional data interaction between the CA and the TA, the CA and the TA respectively add 1 to the values of the first IV counter and the second IV counter.
According to a further aspect of the present invention, there is provided a communication system of a client application and a trusted application, comprising: a memory; and a processor coupled to the memory, the processor configured to execute the method of communication of the client application with the trusted application as described above based on instructions stored in the memory.
According to a further aspect of the present invention, there is provided a terminal comprising a communication system of a client application and a trusted application as described above.
According to yet another aspect of the invention, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by one or more processors, implement the steps of the method as described above.
According to the communication method, the system and the terminal of the client application and the trusted application, the CA and the TA respectively perform bidirectional identity authentication based on the first key parameter and the second key parameter, if the authentication is successful, a first safe channel is established between the CA and the TA to generate a channel session key corresponding to the first safe channel, and the CA and the TA perform data interaction through transmission of the first safe channel and perform encryption and decryption processing on data based on the channel session key and a preset channel transmission rule; a secure channel is established between the CA and the TA and data in the secure channel is protected, the CA can verify the legal identity of the TA by verifying the public key signature of the TA terminal, and a third-party component in the system is prevented from intercepting, storing, analyzing and revealing sensitive information transmitted between the CA and the TA; the CA and the TA can sense and prevent malicious behaviors of an attacker, such as data tampering, replay attack, injection attack and the like; multiple CAs may be supported to access the TA over multiple secure channels isolated from each other.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic flow chart diagram illustrating one embodiment of a method for a client application to communicate with a trusted application, in accordance with the present invention;
FIG. 2 is a key hierarchy diagram in one embodiment of a method of communication of a client application with a trusted application in accordance with the present invention;
FIG. 3 is a schematic flow chart illustrating a method for establishing a secure channel according to an embodiment of a communication method between a client application and a trusted application;
FIG. 4 is a block diagram illustrating one embodiment of a communication system for a client application and a trusted application in accordance with the present invention;
fig. 5 is a block diagram of another embodiment of a communication system of a client application and a trusted application according to the present invention.
Detailed Description
Various exemplary embodiments of the present invention will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Embodiments of the invention are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the computer system/server include, but are not limited to: smart phones, personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network pcs, minicomputers, mainframe computer systems, distributed cloud computing environments that include any of the above systems, and the like.
The computer system/server may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system/server may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
The terms "first" and "second" are used hereinafter only for descriptive distinction and have no other special meaning.
Fig. 1 is a flowchart illustrating an embodiment of a communication method between a client application and a trusted application according to the present invention, as shown in fig. 1:
step 101, a first key parameter and a second key parameter are deployed in a client application CA and a trusted application TA, respectively.
And 102, performing bidirectional identity authentication by the CA and the TA respectively based on the first key parameter and the second key parameter.
Step 103, if the authentication is successful, a first secure channel is established between the CA and the TA, and a channel session key corresponding to the first secure channel is generated. The channel session key may be of various types, for example, the two communicating parties may respectively calculate the channel session key according to known parameters.
And step 104, the CA and the TA perform data interaction through transmission of the first secure channel, and perform encryption and decryption processing on the data transmitted through the first secure channel based on the channel session key and a preset channel transmission rule.
In the communication method between the client application and the trusted application in the above embodiment, the CA and the TA serve as two ends of data communication, and data interaction between the CA and the TA is protected by deploying a key system and establishing an end-to-end secure channel.
In one embodiment, the first key parameter includes: a vendor public key, etc. The second key parameter includes a terminal public key, a terminal private key, a terminal public key signature value, and the like. The manufacturer public key is stored in the CA program, and is deployed through the issuance and installation of the CA program. And when the TA is installed and operates for the first time, generating a terminal public key and a terminal private key in the TEE environment, and storing the terminal public key and the terminal private key in the TEE environment where the TA is located in a persistent mode. The manufacturer public key and the manufacturer private key are issued by a TA management root certificate of a TA provider and generated in a key management center.
As shown in fig. 2, a TA owned by a TA provider manages a root certificate RpairAnd storing the data in an encryption machine of a key management center of a manufacturer. TA provider owned vendor certificate and its public and private key pair PpairAnd storing the data in an encryption machine of a key management center of a manufacturer. Storing the manufacturer certificate and its public key P in CApub(ii) a TA stores TA terminal public and private key pair Tpair(ii) a TA storageUsing vendor private Key PpriTerminal public key T for TApubThe digitally signed signature value is performed.
The manufacturer certificate is issued by TA management root certificate owned by TA provider, and its public and private key pair PpairThe public key is exportable and the private key is not exportable, which are generated and used in the encryption machine of the key management center. Derived vendor public key PpubThe CA program can be packaged in a binary form and can be deployed on the intelligent mobile terminal device along with the issuance of the CA program. When TA runs for the first time after being installed, a TA terminal public and private key pair T is generated in TEEpairAnd persistently stored in the TEE environment in a secure storage manner.
For a deployment scenario of whether a TAM server (Trusted Application Manager) exists, a method for generating a terminal public key signature value of a TA has the following two situations: for deployment scenarios with TAM, in the personalization phase of TA, a second secure channel is established between TA and TAM server. And the TA sends the terminal public key to the TAM server through a second secure channel and receives the terminal public key signature value sent by the TAM server through the second secure channel, wherein the TAM server carries out digital signature on the terminal public key by using a manufacturer private key, and the TA stores the terminal public key signature value in a persistent mode. For example, TA sends the terminal public key T via a second secure channelpubThe cipher machine manufacturer private key P sent to the TAM and called the key management center by the TAMpriTo terminal public key (T)pub) And carrying out digital signature, issuing the signature value to the TA through a second secure channel, and finally storing the signature value in the TEE environment by the TA.
And for the situation without TAM deployment, the TA calls a white-box encryption library to obtain a terminal public key signature value, wherein the white-box encryption library carries out digital signature on the terminal public key by using a manufacturer private key, and the TA stores the terminal public key signature value in a persistent mode. For example, vendor private key PpriThe data is stored in the TA mirror image safely through a white-box encryption technology, which is a plurality of existing white-box encryption technologies. TA calls the white box encryption library after generating the public and private key pair of the terminal, and uses the manufacturer private key P in the white box encryption librarypriTo terminal public keyTpubDigital signatures are made and finally the TA persistently stores the signature values in the TEE environment.
In one embodiment, the CA sends a command to the TA to establish a secure channel, which contains an identification of the CA process instance corresponding to this CA. The TA judges whether a safety channel is established with the CA based on the CA process example identification, if so, the TA returns a successful establishment message, and if not, the TA sends first verification information to the CA, wherein the first verification information comprises: the channel number of the CA, the terminal public key, and the terminal public key signature value, etc.
And the CA verifies the terminal public key signature value by using the manufacturer public key, and if the verification is successful, a channel session key is generated and comprises a random number and the like. The CA uses the terminal public key to encrypt the second verification information and sends the second verification information to the TA, and the second verification information comprises: the channel number of the CA, the instance identification of the CA process, the channel session key, the check data and the like. And the TA uses the terminal private key to decrypt the encrypted second verification information, and if the verification data is successfully verified, a first secure channel is established and a channel establishment success message is returned to the CA.
Fig. 3 is a schematic flowchart of a method for establishing a secure channel according to an embodiment of the present invention, where the method includes:
step 301, the CA sends a command for establishing a secure channel to the TA, where the command for establishing a secure channel carries the unique identifier of the CA process instance. The unique identification of the CA process instance may be various, such as 2 byte process ID +2 byte random number, etc.
The TA checks the unique identification of the CA process instance, if the CA is confirmed to establish the secure channel, the step 302 is carried out, the success is directly returned, and the channel number associated with the CA is given; if it is confirmed that the CA has not established a secure channel, step 303 is performed, and a message is returned that the channel has not been established and output data is appended: channel number newly allocated for CA, terminal public key T of TApubAnd the signature value of the terminal public key.
In step 304, CA uses vendor public key PpubVerifying the terminal public key signature value of TA, if the verification is unsuccessful, then showing thatIf the TA is not the true legal TA, the step 305 is carried out, and the safe channel establishing process is ended; if the verification is successful, go to step 306, the CA generates a random number as the channel session key of the secure channel, and the CA uses the terminal public key T of the TApubEncrypting a request packet, the request packet comprising: the newly allocated channel number, the unique identifier of the CA process instance, the channel session key, the check data and the like, wherein the check data can be CRC, Hash, MAC and the like, and the CA sends the encrypted request data packet to the TA.
Step 307, TA uses terminal private key TpriDecrypting the request data, if the decrypted verification data is incorrect, performing step 308, and ending the secure channel establishing process; if the decrypted check data is correct, the context of the new secure channel is established, the relevant parameters are saved, step 309 is performed, and a message of successful establishment of the secure channel is returned. The CA and the TA both acquire the channel session key and other parameters of the first secure channel, and the establishment process of the first secure channel is completed.
In one embodiment, interactive data between the CA and the TA is encrypted and decrypted by using a preset encryption algorithm based on a channel session key, and a channel number of the CA and the encrypted interactive data are transmitted between the CA and the TA through a first secure channel. The encryption algorithm comprises a symmetric encryption algorithm and the like, a channel session key is used as a key, the current value of a channel IV counter is obtained as an IV, and the encryption algorithm is adopted to carry out encryption and decryption processing on the interactive data and the verification data.
After the first secure channel is established, the CA and the TA acquire a channel number of the secure channel, a channel session key, a unique identifier of a CA process instance, an initial value (default to 0) of a channel IV counter, and the like. All packets exchanged between CA and TA contain the channel number and ciphertext data. The ciphertext data can use CBC, CFB, OFB and other modes of symmetric encryption and decryption algorithms such as AES, 3DES and the like, a channel session key is used as a key, the current value of a channel IV counter is used as an IV, original data to be exchanged between CA and TA and check data are encrypted, and the check data comprise CRC, Hash, MAC and the like.
CA sets up the first IV counter, TA sets up the second IV counter corresponding to safe channel, TA needs to support the coexistence of a plurality of safe channels at the same time, every channel number has corresponded to a safe channel context in TA, parameters such as session key, IV counter under different safe channels are saved in their own safe channel context, mutual noninterference. When the secure channel is established, the CA and the TA respectively set the initial values of the first IV counter and the second IV counter to be 0, and after one-time bidirectional data interaction between the CA and the TA is completed, the CA and the TA respectively add 1 to the values of the first IV counter and the second IV counter.
For example, CA and TA each maintain a local channel IV counter, both of which have an initial value of 0 when the channel is just established. When the CA encrypts a downlink (CA- > TA) data packet and decrypts an uplink (TA- > CA) data packet, and when the TA decrypts the downlink data packet and encrypts the uplink data packet, the current value of the IV counter of each CA is used as the IV parameter of the encryption and decryption operation. After each bidirectional interaction (CA- > TA, TA- > CA) is completed, the CA and the TA simultaneously add 1 to respective IV counters, and the updated IV counters are used for taking values in the next interaction.
In one embodiment, as shown in fig. 4, the present invention provides a communication system of a client application and a trusted application, including: CA 41 running in trusted execution environment TEE, TA 42 running in rich execution environment REE, TAM server 43, and key management center 44. The first and second key parameters are deployed in the CA 41 and TA 42, respectively. The CA 41 and the TA 42 perform bidirectional identity authentication based on the first key parameter and the second key parameter, respectively, and if the authentication is successful, a first secure channel is established between the CA 41 and the TA 42, and a channel session key corresponding to the first secure channel is generated. The CA 41 and the TA 42 perform data interaction through the first secure channel transmission, and perform encryption and decryption processing on data transmitted through the first secure channel based on the channel session key and the preset channel transmission rule.
In one embodiment, the first key parameter comprises a vendor public key or the like and the second key parameter comprises a terminal public key, a terminal private key, a terminal public key signature value, or the like. The vendor public key is stored in a CA program corresponding to CA 41, and is deployed by the issuance and installation of the CA program. When the TA 42 is installed and first run, a terminal public key and a terminal private key are generated in the TEE environment, and the terminal public key and the terminal private key are stored in the TA 42 in a persistent manner. The vendor public key and the vendor private key are issued by a TA management root certificate of the TA provider and generated at the key management center 44.
In the personalization phase of TA 42, a second secure channel is established between TA 42 and TAM server 43. The TA 42 sends the terminal public key to the TAM server 43 through the second secure channel, receives the terminal public key signature value sent by the TAM server 43 through the second secure channel, stores the terminal public key signature value in the TEE environment in a persistent manner, and the TAM server 43 digitally signs the terminal public key by using the vendor private key.
The TA 42 calls a white-box encryption library to obtain a terminal public key signature value, and stores the terminal public key signature value in a TEE environment in a persistent mode; wherein, the terminal public key is digitally signed by using a manufacturer private key in the white-box encryption library.
In one embodiment, the CA 41 sends a secure channel setup command to the TA 42, the secure channel setup command including an identification of the CA 41 process instance corresponding to this CA 41. The TA 42 judges whether a secure channel has been established with the CA 41 based on the CA process instance identifier, if so, returns an establishment success message, and if not, the TA 42 sends first verification information to the CA 41, where the first verification information includes a channel number of the CA, a terminal public key signature value, and the like.
The CA 41 verifies the terminal public key signature value using the vendor public key, and if the verification is successful, generates a channel session key, encrypts second verification information using the terminal public key, and sends the second verification information to the TA 42, where the second verification information includes: the channel number of the CA, the instance identification of the CA process, the channel session key, the check data and the like. The channel session key includes: random numbers, and the like. The TA 42 decrypts the encrypted second authentication information using the terminal private key, and if the verification of the verification data is successful, establishes the first secure channel and returns a channel establishment success message to the CA 41.
The CA 41 and the TA 42 respectively perform encryption and decryption processing on the interactive data between the CA 41 and the TA 42 based on the channel session key and by using a preset encryption algorithm, wherein a channel number of the CA and the encrypted interactive data are transmitted between the CA 41 and the TA 42 through a first secure channel. CA 41 and TA 42 use the channel session key as the cipher key separately, obtain the present value of the channel IV counter as IV, adopt the encryption algorithm to carry on the encryption and decryption to interactive data and check data; wherein, the encryption algorithm comprises: a symmetric encryption algorithm.
CA 41 sets a first IV counter, TA 42 sets a second IV counter corresponding to the secure channel; here, CA 41 and TA 42 set the initial values of the first IV counter and the second IV counter to 0, respectively, when the secure channel is established. After completing one bidirectional data interaction between CA 41 and TA 42, CA 41 and TA 42 respectively increment the values of the first IV counter and the second IV counter by 1.
Fig. 5 is a block diagram illustrating another embodiment of a communication system between a client application and a trusted application according to the present disclosure. As shown in fig. 5, the apparatus may include a memory 51, a processor 52, a communication interface 53, and a bus 54. The memory 51 is used for storing instructions, the processor 52 is coupled to the memory 51, and the processor 52 is configured to execute a communication method implementing the above-mentioned client application and trusted application based on the instructions stored by the memory 51.
The memory 51 may be a high-speed RAM memory, a nonvolatile memory (NoN-volatile memory), or the like, and the memory 51 may be a memory array. The processor 52 may be a central processing unit CPU, or an application Specific Integrated circuit asic, or one or more Integrated circuits configured to implement the communication method of the client application and the trusted application disclosed in the present invention.
In one embodiment, the present invention provides a terminal comprising a communication system of a client application and a trusted application as in any of the above embodiments. The terminal can be a smart phone, a tablet computer and the like.
In one embodiment, the present disclosure also provides a computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, which when executed by a processor, implement the communication method between the client application and the trusted application according to any of the above embodiments. As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, apparatus, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Thus far, the present disclosure has been described in detail. Some details that are well known in the art have not been described in order to avoid obscuring the concepts of the present disclosure. It will be fully apparent to those skilled in the art from the foregoing description how to practice the presently disclosed embodiments.
In the communication method, system, and terminal for the client application and the trusted application provided in the above embodiment, CA and TA perform bidirectional identity authentication based on a first key parameter and a second key parameter, respectively, if authentication is successful, a first secure channel is established between CA and TA, a channel session key corresponding to the first secure channel is generated, and CA and TA perform data interaction through transmission of the first secure channel and perform encryption and decryption processing on data based on the channel session key and a preset channel transmission rule; a secure channel is established between the CA and the TA and data in the secure channel is protected, the CA can verify the legal identity of the TA by verifying the public key signature of the TA terminal, and a third-party component in the system is prevented from intercepting, storing, analyzing and revealing sensitive information transmitted between the CA and the TA; the CA and the TA can sense and prevent malicious behaviors of an attacker, such as data tampering, replay attack, injection attack and the like; multiple CAs may be supported to access the TA over multiple secure channels isolated from each other.
The method and system of the present invention may be implemented in a number of ways. For example, the methods and systems of the present invention may be implemented in software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustrative purposes only, and the steps of the method of the present invention are not limited to the order specifically described above unless specifically indicated otherwise. Furthermore, in some embodiments, the present invention may also be embodied as a program recorded in a recording medium, the program including machine-readable instructions for implementing a method according to the present invention. Thus, the present invention also covers a recording medium storing a program for executing the method according to the present invention.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (19)

1. A method for a client application to communicate with a trusted application, comprising:
respectively deploying a first key parameter and a second key parameter in a client application CA and a trusted application TA;
the CA and the TA perform bidirectional identity authentication respectively based on the first key parameter and the second key parameter;
the first key parameter includes: the method comprises the steps that a manufacturer public key, a manufacturer public key and a manufacturer private key are issued by a TA management root certificate of a TA provider and generated in a key management center, and the manufacturer public key is stored in a CA program corresponding to CA, wherein the manufacturer public key is issued, installed and deployed through the CA program;
the second key parameter includes: the method comprises the steps that a terminal public key, a terminal private key and a terminal public key signature value are generated in a Trusted Execution Environment (TEE) environment when the TA is installed and operates for the first time, wherein the terminal public key and the terminal private key are stored in the Trusted Execution Environment (TEE) environment where the TA is located in a persistent mode, and the terminal public key signature value is obtained by digitally signing the terminal public key through a manufacturer private key;
the TA sends first verification information to the CA, wherein the first verification information comprises: the terminal public key and the terminal public key signature value;
the CA verifies the terminal public key signature value by using the manufacturer public key, and if the verification is successful, a channel session key is generated;
the CA uses the terminal public key to encrypt second verification information and sends the second verification information to the TA, wherein the second verification information comprises: the channel session key and the verification data;
the TA uses the terminal private key to decrypt the encrypted second verification information, and if the verification of the verification data is successful, a first secure channel is established and a channel establishment success message is returned to the CA;
and the CA and the TA carry out data interaction through the transmission of the first secure channel, and carry out encryption and decryption processing on the data transmitted through the first secure channel based on the channel session key and a preset channel transmission rule.
2. The method of claim 1, further comprising:
in the personalization phase of the TA, a second secure channel is established between the TA and a trusted service management (TAM) server;
the TA sends the terminal public key to the TAM server through the second secure channel and receives the terminal public key signature value sent by the TAM server through the second secure channel, wherein the TAM server carries out digital signature on the terminal public key by using a manufacturer private key;
and the TA stores the terminal public key signature value in a persistent mode.
3. The method of claim 1, further comprising:
the TA calls a white-box encryption library to obtain the signature value of the terminal public key, wherein the white-box encryption library carries out digital signature on the terminal public key by using a manufacturer private key;
and the TA stores the terminal public key signature value in a persistent mode.
4. The method of claim 1, further comprising:
the CA sends a command for establishing a secure channel to the TA, wherein the command for establishing the secure channel comprises a CA process instance identifier corresponding to the CA;
the TA judges whether a secure channel is established with the CA based on the CA process instance identification, if so, returns an establishment success message, and if not, sends the first verification information to the CA, wherein the first verification information further comprises: channel number of the CA.
5. The method of claim 4, further comprising:
the second authentication information further includes: the channel number of the CA and the identification of the CA process instance;
the channel session key includes: a random number.
6. The method of claim 1, wherein the encrypting and decrypting the data transmitted through the first secure channel based on the channel session key and a preset channel transmission rule comprises:
encrypting and decrypting interactive data between the CA and the TA by adopting a preset encryption algorithm based on the channel session key;
and transmitting the channel number of the CA and the encrypted interactive data between the CA and the TA through the first secure channel.
7. The method of claim 6, wherein the encrypting and decrypting the interactive data between the CA and the TA based on the channel session key and by using a preset encryption algorithm comprises:
using the channel session key as a key, obtaining the current value of a channel IV counter as an IV, and encrypting and decrypting the interactive data and the verification data by adopting the encryption algorithm;
wherein the encryption algorithm comprises: a symmetric encryption algorithm.
8. The method of claim 7,
the CA sets a first IV counter, and the TA sets a second IV counter corresponding to the secure channel;
when the secure channel is established, the CA and the TA respectively enable the initial values of the first IV counter and the second IV counter to be 0;
after completing one bidirectional data interaction between the CA and the TA, the CA and the TA respectively add 1 to the values of the first IV counter and the second IV counter.
9. A communication system between a client application and a trusted application, comprising:
a client application CA running in a trusted execution environment TEE, a trusted application TA running in a rich execution environment REE;
deploying a first key parameter and a second key parameter in the CA and the TA, respectively;
the first key parameter includes: the method comprises the steps that a manufacturer public key, a manufacturer public key and a manufacturer private key are issued by a TA management root certificate of a TA provider and generated in a key management center, and the manufacturer public key is stored in a CA program corresponding to CA, wherein the manufacturer public key is issued, installed and deployed through the CA program;
the second key parameter includes: the terminal public key and the terminal private key are generated in a TEE environment when the TA is installed and operates for the first time, wherein the terminal public key and the terminal private key are stored in the TEE environment where the TA is located in a persistent mode, and the terminal public key signature value is obtained by digitally signing the terminal public key by using a manufacturer private key;
the CA and the TA respectively perform bidirectional identity authentication based on the first key parameter and the second key parameter, if the authentication is successful, a first secure channel is established between the CA and the TA, and a channel session key corresponding to the first secure channel is generated;
the TA is configured to send first authentication information to the CA, where the first authentication information includes: the terminal public key and the terminal public key signature value;
the CA is used for verifying the terminal public key signature value by using the manufacturer public key, and if the verification is successful, the channel session key is generated; encrypting second authentication information by using the terminal public key and sending the second authentication information to the TA, wherein the second authentication information comprises: the channel session key and the verification data;
the TA is further configured to decrypt the encrypted second verification information by using the terminal private key, and if the verification of the verification data is successful, establish the first secure channel and return a channel establishment success message to the CA;
and the CA and the TA carry out data interaction through the transmission of the first secure channel, and carry out encryption and decryption processing on the data transmitted through the first secure channel based on the channel session key and a preset channel transmission rule.
10. The system of claim 9, further comprising: a trusted service management (TAM) server;
in the personalization phase of the TA, establishing a second secure channel between the TA and a TAM server;
the TA is used for sending the terminal public key to the TAM server through the second secure channel, receiving the terminal public key signature value sent by the TAM server through the second secure channel, and storing the terminal public key signature value in a TEE environment in a persistent mode; and the TAM server carries out digital signature on the terminal public key by using a manufacturer private key.
11. The system of claim 9,
the TA is further used for calling a white-box encryption library to obtain the terminal public key signature value, and storing the terminal public key signature value in a TEE environment in a persistent mode; and digitally signing the terminal public key in the white-box encryption library by using a manufacturer private key.
12. The system of claim 9,
the CA is further configured to send a command for establishing a secure channel to the TA, where the command for establishing a secure channel includes a CA process instance identifier corresponding to the CA;
the TA is configured to determine, based on the CA process instance identifier, whether a secure channel has been established with the CA, if yes, return an establishment success message, and if no, send the first authentication information to the CA, where the first authentication information further includes: channel number of the CA.
13. The system of claim 12,
the second authentication information further includes: the channel number of the CA and the identification of the CA process instance;
the channel session key includes: a random number.
14. The system of claim 9,
and the CA and the TA respectively perform encryption and decryption processing on interactive data between the CA and the TA based on the channel session key and by adopting a preset encryption algorithm, wherein the channel number of the CA and the encrypted interactive data are transmitted between the CA and the TA through the first secure channel.
15. The system of claim 14,
the CA and the TA respectively use the channel session key as a key, obtain the current value of a channel IV counter as an IV, and encrypt and decrypt the interactive data and the verification data by adopting the encryption algorithm; wherein the encryption algorithm comprises: a symmetric encryption algorithm.
16. The system of claim 15,
the CA sets a first IV counter, and the TA sets a second IV counter corresponding to the secure channel; when the secure channel is established, the CA and the TA respectively enable the initial values of the first IV counter and the second IV counter to be 0; after completing one bidirectional data interaction between the CA and the TA, the CA and the TA respectively add 1 to the values of the first IV counter and the second IV counter.
17. A communication system between a client application and a trusted application, comprising:
a memory; and a processor coupled to the memory, the processor configured to execute the method of communication of the client application with a trusted application according to any one of claims 1 to 8 based on instructions stored in the memory.
18. A terminal, characterized by:
a communication system comprising a client application as claimed in any of claims 9 to 17 and a trusted application.
19. A computer readable storage medium having stored thereon computer program instructions which, when executed by one or more processors, implement the steps of the method of any one of claims 1 to 8.
CN201810375244.6A 2018-04-24 2018-04-24 Communication method, system and terminal of client application and trusted application Active CN108600222B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810375244.6A CN108600222B (en) 2018-04-24 2018-04-24 Communication method, system and terminal of client application and trusted application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810375244.6A CN108600222B (en) 2018-04-24 2018-04-24 Communication method, system and terminal of client application and trusted application

Publications (2)

Publication Number Publication Date
CN108600222A CN108600222A (en) 2018-09-28
CN108600222B true CN108600222B (en) 2021-01-29

Family

ID=63609430

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810375244.6A Active CN108600222B (en) 2018-04-24 2018-04-24 Communication method, system and terminal of client application and trusted application

Country Status (1)

Country Link
CN (1) CN108600222B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111046383B (en) * 2018-10-12 2023-10-13 华为技术有限公司 Terminal attack defense method, device, terminal and cloud server
CN109413086B (en) * 2018-11-16 2020-11-24 创新先进技术有限公司 Method and device for online verification of identity information
CN110099063B (en) * 2019-05-08 2020-05-26 杭州健康在线信息技术有限公司 Method for generating conference registration certificate
CN112422487A (en) * 2019-08-23 2021-02-26 北京小米移动软件有限公司 Data transmission method, device, system and computer readable storage medium
CN110806978A (en) * 2019-10-31 2020-02-18 吉林亿联银行股份有限公司 Defect management method and device for third-party component
CN110855667B (en) * 2019-11-14 2023-04-07 宁夏吉虎科技有限公司 Block chain encryption method, device and system
CN113553125B (en) * 2020-04-26 2024-03-19 中移(成都)信息通信科技有限公司 Method, device and equipment for calling trusted application program and computer storage medium
CN112713987B (en) * 2020-12-10 2022-07-26 北京握奇数据股份有限公司 System and method for establishing session key between CA and TA
CN114765544B (en) * 2021-01-11 2024-11-08 中国移动通信有限公司研究院 Trusted execution environment data offline migration method and device
CN115706981B (en) * 2021-08-12 2025-09-23 荣耀终端股份有限公司 Key negotiation method and electronic device
CN114844672B (en) * 2022-03-22 2023-08-22 华为技术有限公司 Method, management unit and equipment for confirming application trusted identity
CN114826596B (en) * 2022-04-24 2024-07-19 南京邮电大学 Secret key exchange acceleration method for establishing security level of trusted execution environment
CN117254916B (en) * 2023-09-07 2024-12-20 奥特酷智能科技(南京)有限公司 Non-key DDS safety authentication and communication method based on OP-TEE
CN117896167A (en) * 2024-01-31 2024-04-16 清华大学深圳国际研究生院 Server, terminal and security system
CN119989333A (en) * 2024-12-30 2025-05-13 福建联迪商用设备有限公司 Application management method and electronic equipment based on OpenHarmony system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051451A (en) * 2011-12-12 2013-04-17 微软公司 Encryption authentication of security service execution environment
CN105574720A (en) * 2015-12-14 2016-05-11 联想(北京)有限公司 Secure information processing method and secure information processing apparatus
CN105843653A (en) * 2016-04-12 2016-08-10 恒宝股份有限公司 TA (trusted application) configuration method and device
CN106936774A (en) * 2015-12-29 2017-07-07 中国电信股份有限公司 Authentication method and system in credible performing environment
EP3293656A1 (en) * 2016-09-13 2018-03-14 Gemalto Sa Method for controlling access to a trusted application in a terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103051451A (en) * 2011-12-12 2013-04-17 微软公司 Encryption authentication of security service execution environment
CN105574720A (en) * 2015-12-14 2016-05-11 联想(北京)有限公司 Secure information processing method and secure information processing apparatus
CN106936774A (en) * 2015-12-29 2017-07-07 中国电信股份有限公司 Authentication method and system in credible performing environment
CN105843653A (en) * 2016-04-12 2016-08-10 恒宝股份有限公司 TA (trusted application) configuration method and device
EP3293656A1 (en) * 2016-09-13 2018-03-14 Gemalto Sa Method for controlling access to a trusted application in a terminal

Also Published As

Publication number Publication date
CN108600222A (en) 2018-09-28

Similar Documents

Publication Publication Date Title
CN108600222B (en) Communication method, system and terminal of client application and trusted application
US10454674B1 (en) System, method, and device of authenticated encryption of messages
US8171527B2 (en) Method and apparatus for securing unlock password generation and distribution
CN102196375B (en) Securing out-of-band messages
EP2954448B1 (en) Provisioning sensitive data into third party network-enabled devices
CN107294937B (en) Data transmission method based on network communication, client and server
CN108768963B (en) Communication method and system of trusted application and secure element
CN108566381A (en) A kind of security upgrading method, device, server, equipment and medium
US8904195B1 (en) Methods and systems for secure communications between client applications and secure elements in mobile devices
CN112087304B (en) Heterogeneous fusion method and device of trusted computing environment and related equipment
CN105553951A (en) Data transmission method and data transmission device
CN104094267A (en) Method, device, and system for securely sharing media content from a source device
CN110868291A (en) Data encryption transmission method, device, system and storage medium
CN108199847B (en) Digital security processing method, computer device, and storage medium
CN116050537A (en) Federated learning method, device, readable storage medium and electronic equipment
CN115473655B (en) Terminal authentication method, device and storage medium for access network
KR101531662B1 (en) Method and system for mutual authentication between client and server
CN111654503A (en) Remote control method, device, equipment and storage medium
Keleman et al. Secure firmware update in embedded systems
CN112003697A (en) Encryption and decryption method and device for cryptographic module, electronic equipment and computer storage medium
CN109492359B (en) Secure network middleware for identity authentication and implementation method and device thereof
CN109450643B (en) Signature verification method realized on Android platform based on native service
CN114520726A (en) Processing method and device based on block chain data, processor and electronic equipment
US20250013737A1 (en) Method to store data persistently by a software payload
KR101329789B1 (en) Encryption Method of Database of Mobile Communication Device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant