[go: up one dir, main page]

CN114676392A - Application trusted authorization method, device and electronic device - Google Patents

Application trusted authorization method, device and electronic device Download PDF

Info

Publication number
CN114676392A
CN114676392A CN202210270141.XA CN202210270141A CN114676392A CN 114676392 A CN114676392 A CN 114676392A CN 202210270141 A CN202210270141 A CN 202210270141A CN 114676392 A CN114676392 A CN 114676392A
Authority
CN
China
Prior art keywords
trusted
application
trusted application
protection domain
domain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210270141.XA
Other languages
Chinese (zh)
Other versions
CN114676392B (en
Inventor
钱毅
钟嘉烽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202210270141.XA priority Critical patent/CN114676392B/en
Publication of CN114676392A publication Critical patent/CN114676392A/en
Application granted granted Critical
Publication of CN114676392B publication Critical patent/CN114676392B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/107License processing; Key processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a trusted authorization method and device for application and electronic equipment, relates to the field of hardware equipment, and particularly relates to the field of trusted equipment. The specific implementation scheme is as follows: the method is applied to ARM trusted equipment, and the ARM trusted equipment comprises two protection domains with different authorities on a processor layer: a first protection domain and a second protection domain, comprising the steps of: establishing an incidence relation between the trusted application in the first protection domain and the trusted application in the second protection domain; and controlling other applications in the first protection domain except the trusted application to perform local authorization through the trusted application in the first protection domain.

Description

应用的可信授权方法、装置及电子设备Application trusted authorization method, device and electronic device

技术领域technical field

本公开涉及硬件设备技术领域,尤其涉及可信设备领域。The present disclosure relates to the technical field of hardware devices, and in particular, to the field of trusted devices.

背景技术Background technique

随着5G网络的快速发展,云原生等底层技术的成熟,使得应用的部署和分发变得更加快捷和高效,越来越多的应用部署到边缘节点的ARM设备上。应用在边缘设备的部署环境相较于传统层层防护的互联网数据中心(Internet Data Center,IDC)部署环境,由于安全建设相对薄弱,更容易遭到攻击,主要体现在对应用的攻击、数据的窃取、设备的非法准入。因此对边缘侧的安全性提出了更高的要求。With the rapid development of 5G networks and the maturity of underlying technologies such as cloud native, application deployment and distribution become faster and more efficient, and more and more applications are deployed on ARM devices at edge nodes. Compared with the traditional Internet data center (Internet Data Center, IDC) deployment environment with layer-by-layer protection, the deployment environment of applications on edge devices is more vulnerable to attacks due to relatively weak security construction. Theft, illegal access to equipment. Therefore, higher requirements are placed on the security on the edge side.

发明内容SUMMARY OF THE INVENTION

本公开提供了一种用于应用的可信授权方法、装置及电子设备。The present disclosure provides a trusted authorization method, apparatus and electronic device for applications.

根据本公开的一方面,提供了一种应用的可信授权方法,应用于ARM可信设备,ARM可信设备在处理器层包括两个不同权限的保护域:第一保护域和第二保护域,该方法包括以下步骤:建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系;控制第一保护域中除可信应用之外的其他应用通过第一保护域中的可信应用进行本地授权。According to an aspect of the present disclosure, an application trusted authorization method is provided, which is applied to an ARM trusted device. The ARM trusted device includes two protection domains with different permissions at the processor layer: a first protection domain and a second protection domain domain, the method includes the following steps: establishing an association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain; controlling other applications except the trusted application in the first protection domain to pass Trusted applications in the first protection domain perform local authorization.

根据本公开的另一方面,提供了一种应用的可信授权装置,包括:建立模块,设置为建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系,其中,第一保护域和第二保护域为ARM可信设备在处理器层包括的两个不同权限的保护域;控制模块,设置为控制第一保护域中除可信应用之外的其他应用通过第一保护域中的可信应用进行本地授权。According to another aspect of the present disclosure, there is provided a trusted authorization device for applications, comprising: an establishment module configured to establish an association between a trusted application in a first protection domain and a trusted application in a second protection domain relationship, wherein the first protection domain and the second protection domain are two protection domains with different permissions included in the processor layer of the ARM trusted device; the control module is configured to control the first protection domain except for trusted applications. Other applications perform local authorization through trusted applications in the first protection domain.

根据本公开的另一方面,提供了一种电子设备,包括:至少一个处理器;以及与至少一个处理器通信连接的存储器;其中,存储器存储有可被至少一个处理器执行的指令,指令被至少一个处理器执行,以使至少一个处理器能够执以上的应用的可信授权方法。According to another aspect of the present disclosure, there is provided an electronic device comprising: at least one processor; and a memory communicatively connected to the at least one processor; wherein the memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor. At least one processor executes the trusted authorization method of the above application to enable the at least one processor to execute.

根据本公开的再一方面,提供了一种存储有计算机指令的非瞬时计算机可读存储介质,其中,计算机指令用于使计算机执行以上的应用的可信授权方法。According to yet another aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions, wherein the computer instructions are used to cause a computer to execute the above trusted authorization method of an application.

根据本公开的再一方面,提供了一种计算机程序产品,包括计算机程序,计算机程序在被处理器执行时实现以上的应用的可信授权方法。According to yet another aspect of the present disclosure, a computer program product is provided, including a computer program, which implements the above trusted authorization method for an application when executed by a processor.

应当理解,本部分所描述的内容并非旨在标识本公开的实施例的关键或重要特征,也不用于限制本公开的范围。本公开的其它特征将通过以下的说明书而变得容易理解。It should be understood that what is described in this section is not intended to identify key or critical features of embodiments of the disclosure, nor is it intended to limit the scope of the disclosure. Other features of the present disclosure will become readily understood from the following description.

附图说明Description of drawings

附图用于更好地理解本方案,不构成对本公开的限定。其中:The accompanying drawings are used for better understanding of the present solution, and do not constitute a limitation to the present disclosure. in:

图1是根据本公开实施例的一种应用的可信授权方法的流程图;1 is a flowchart of an applied trusted authorization method according to an embodiment of the present disclosure;

图2是根据本公开实施例的一种ARM可信设备的结构示意图;2 is a schematic structural diagram of an ARM trusted device according to an embodiment of the present disclosure;

图3是根据本公开实施例的一种ARM可信设备的启动流程图;Fig. 3 is a startup flowchart of an ARM trusted device according to an embodiment of the present disclosure;

图4是根据本公开实施例的一种应用的可信授权装置的结构框图;4 is a structural block diagram of an applied trusted authorization device according to an embodiment of the present disclosure;

图5示出了可以用来实施本公开的实施例的示例电子设备500的示意性框图。5 shows a schematic block diagram of an example electronic device 500 that may be used to implement embodiments of the present disclosure.

具体实施方式Detailed ways

以下结合附图对本公开的示范性实施例做出说明,其中包括本公开实施例的各种细节以助于理解,应当将它们认为仅仅是示范性的。因此,本领域普通技术人员应当认识到,可以对这里描述的实施例做出各种改变和修改,而不会背离本公开的范围和精神。同样,为了清楚和简明,以下的描述中省略了对公知功能和结构的描述。Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding and should be considered as exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted from the following description for clarity and conciseness.

首先,在对本申请实施例进行描述的过程中出现的部分名词或术语适用于如下解释:First of all, some nouns or terms that appear in the process of describing the embodiments of the present application are suitable for the following explanations:

云原生,是基于分布部署和统一运管的分布式云,以容器、微服务、DevOps等技术为基础建立的一套云技术产品体系。Cloud native is a set of cloud technology product systems based on distributed deployment and unified operation and management of the distributed cloud, and based on technologies such as containers, microservices, and DevOps.

边缘设备,向企业或服务提供商核心网络提供入口点的设备,例如,路由器、路由交换机、集成接入设备,多路复用设备,以及各种城域网和广域网接入设备。Edge devices, devices that provide an entry point to an enterprise or service provider core network, such as routers, routing switches, integrated access devices, multiplexing devices, and various metro and wide area network access devices.

Trustzone硬件架构,旨在提供安全框架,从而使设备能够抵御将遇到的众多的威胁。Trustzone技术可提供允许SoC设计人员从大量可在安全环境中实现特定功能的组件中进行选择的基础结构,而不提供固定且一成不变的安全解决方案。The Trustzone hardware architecture is designed to provide a security framework that enables devices to defend against the multitude of threats they will encounter. Trustzone technology provides an infrastructure that allows SoC designers to choose from a large number of components that can implement a specific function in a secure environment, rather than providing a fixed and one-size-fits-all security solution.

Kubernete,是Google开源的一个容器编排引擎,它支持自动化部署、大规模可伸缩、应用容器化管理。Kubernetes, a container orchestration engine open sourced by Google, supports automated deployment, large-scale scalability, and application containerized management.

Unix Domain Socket,进程间通信,用于实现同一主机上的进程间通信。Unix Domain Socket, inter-process communication, is used to implement inter-process communication on the same host.

Transport Layer Security,TLS,安全传输层协议,用于在两个通信应用程序之间提供保密性和数据完整性。Transport Layer Security, TLS, a secure transport layer protocol used to provide confidentiality and data integrity between two communicating applications.

在背景技术中提到越来越多的应用部署到边缘节点的ARM设备上,边缘设备的应用保护,目前普遍从以下两个方面进行考虑:As mentioned in the background art, more and more applications are deployed on ARM devices of edge nodes, and the application protection of edge devices is generally considered from the following two aspects:

1)边缘设备基于指纹的设备和应用授权部署;1) Fingerprint-based device and application authorization deployment for edge devices;

2)边缘设备应用基于远程鉴权的中心式授权;2) The edge device applies central authorization based on remote authentication;

在边缘设备上基于指纹的设备和应用授权,会存在以下缺点:由于指纹采集的维度与硬件设备相关,而硬件是由硬件生产商提供,无法保证源头不被篡改,即使没有硬件厂商修改,也很难保证对懂得设备固件的攻击者从固件层面复刻指纹维度从而达到攻击的目的,成为恶意的边缘节点设备;在流程上常采用先采集指纹后部署的模式,对应用的部署下发时机造成了制约,不符合云原生部署模式。Fingerprint-based device and application authorization on edge devices has the following disadvantages: Since the dimension of fingerprint collection is related to hardware devices, and the hardware is provided by hardware manufacturers, there is no guarantee that the source has not been tampered with. It is difficult to guarantee that an attacker who understands the device firmware will reproduce the fingerprint dimension from the firmware level to achieve the purpose of attack and become a malicious edge node device; in the process, the mode of first collecting fingerprints and then deploying is often adopted, and the timing of application deployment and delivery This creates constraints and does not conform to the cloud-native deployment model.

在采用中心式鉴权的边缘设备上,应用需要依赖外部服务授权,对边缘设备在边缘环境下的网络可用性、通信安全等方面也提出了更高的要求,同时增加了攻击面,比如通过代理绕过远程授权机制来达成攻击。On edge devices that use centralized authentication, applications need to rely on external service authorization, which puts forward higher requirements for edge devices in terms of network availability and communication security in the edge environment, and increases the attack surface, such as through proxy Bypassing the remote authorization mechanism to achieve the attack.

当前已有的边缘设备准入和应用授权方案,还是较为容易遭到恶意节点准入和对授权的绕过,采用中心式授权也额外增加了攻击点。The existing edge device access and application authorization schemes are still relatively vulnerable to malicious node access and authorization bypassing, and the use of centralized authorization also adds additional attack points.

针对上述提到的设备非法准入和应用的非授权使用问题,本公开针对边缘设备提出了一中基于ARM可信设备的边缘应用激活和授权的方案,旨在保护边缘设备的安全准入和应用的可信授权。Aiming at the above-mentioned problems of illegal access to devices and unauthorized use of applications, the present disclosure proposes a solution for edge application activation and authorization based on ARM trusted devices for edge devices, aiming to protect the security access and authorization of edge devices. Trusted authorization for the application.

本公开提供的方案能够解决边缘上恶意节点的接入和提供可信应用,并且通过可信应用的授权机制保证运行在节点上的其他应用的安全部署。该方案也具有很高的可扩展性,能够基于此方案扩展多种可信设备的接入,并大大降低上层应用在不同设备上的适配难度,甚至达到零代码适配。The solution provided by the present disclosure can solve the access of malicious nodes on the edge and provide trusted applications, and ensure the safe deployment of other applications running on the nodes through the authorization mechanism of trusted applications. The solution also has high scalability, and can expand the access of multiple trusted devices based on this solution, and greatly reduce the adaptation difficulty of upper-layer applications on different devices, and even achieve zero-code adaptation.

下面结合具体实施例对本公开提供的方案进行详细说明:The scheme provided by the present disclosure will be described in detail below in conjunction with specific embodiments:

图1是根据本公开实施例的一种应用的可信授权方法的流程图,该方法应用于ARM可信设备,ARM可信设备在处理器层包括两个不同权限的保护域:第一保护域和第二保护域,该方法包括以下步骤:1 is a flowchart of an application trusted authorization method according to an embodiment of the present disclosure. The method is applied to an ARM trusted device, and the ARM trusted device includes two protection domains with different permissions at the processor layer: the first protection domain and a second protection domain, the method includes the following steps:

步骤S101,建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系。Step S101, establishing an association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain.

图2是根据本公开实施例的一种ARM可信设备的结构示意图,如图2所示,ARM提供了硬件和固件的相关文档,包含设计安全设备的所必需的安全需求。因此在基于ARM架构的边缘设备上一般都具备Trustzone能力。Arm Trust-zone是ARM公司推出的Soc及CPU范围内的安全解决方案,基本原理是通过对原有硬件架构进行修改,在处理器层引入了两个不同权限的保护域—安全世界(Trustzone OS,即上文中的第二保护域)和普通世界(NormalOS,即上文中的第一保护域),任何时刻处理器仅在其中的一个环境内运行。同时这两个世界是硬件隔离的,并具有不同的权限,普通世界中运行的应用程序或操作系统访问安全世界的资源受到严格的限制,反过来安全世界中运行的程序可以正常访问正常世界中的资源。这种两个世界之间的硬件隔离和不同权限等属性为保护应用程序的代码和数据提供了有效的机制,本公开实施例提供的方案就是在基于Trustzone技术上构建一套安全的边缘设备准入和可信应用授权方案。FIG. 2 is a schematic structural diagram of an ARM trusted device according to an embodiment of the present disclosure. As shown in FIG. 2 , ARM provides relevant documents of hardware and firmware, including necessary security requirements for designing a security device. Therefore, the Trustzone capability is generally available on edge devices based on the ARM architecture. Arm Trust-zone is a security solution within the scope of Soc and CPU launched by ARM. The basic principle is that by modifying the original hardware architecture, two protection domains with different permissions are introduced at the processor layer—Secure World (Trustzone OS). , ie the second protection domain above) and the normal world (NormalOS, ie the first protection domain above), the processor only runs in one of these environments at any time. At the same time, the two worlds are isolated by hardware and have different permissions. Applications or operating systems running in the normal world are strictly restricted from accessing the resources of the secure world. Conversely, programs running in the secure world can normally access the normal world. Resources. The hardware isolation and different permissions between the two worlds provide an effective mechanism for protecting application code and data. The solution provided by the embodiments of the present disclosure is to build a set of secure edge device standards based on Trustzone technology. Access and trusted application authorization schemes.

在图2所示的结构图中,其前后的授权关系为Normal OS中可信应用的启动和启动后是否正常提供授权其他应用运行的能力取决于是否与Trustzone OS中的可信应用(图2中为Trusty应用)产生关联,此过程称之为激活。In the structure diagram shown in Figure 2, the authorization relationship before and after is the startup of the trusted application in Normal OS and whether it normally provides the ability to authorize other applications to run after startup depends on whether it is related to the trusted application in Trustzone OS (Figure 2 The Trusty application) generates an association, and this process is called activation.

步骤S102,控制第一保护域中除可信应用之外的其他应用通过第一保护域中的可信应用进行本地授权。Step S102, controlling other applications in the first protection domain except the trusted applications to perform local authorization through the trusted applications in the first protection domain.

在Normal OS中的其他应用(一般指实际的业务应用)在云端下发后基于Kubernete部署时是否能够正常运行则是通过本地授权的方式实现,即向Normal OS中的可信应用访问是否被授权的凭据。Whether other applications (generally referring to actual business applications) in Normal OS can run normally when deployed based on Kubernetes after being delivered to the cloud is achieved through local authorization, that is, whether access to trusted applications in Normal OS is authorized credentials.

通过上述方法,解决了边缘设备上恶意节点接入的问题,并且通过建立普通世界(Normal OS)和安全世界(Trustzone OS)之间的关联关系,实现了可信应用的授权机制,可以保证运行在边缘设备上的其他应用的安全部署。Through the above method, the problem of malicious node access on edge devices is solved, and by establishing an association relationship between the normal world (Normal OS) and the secure world (Trustzone OS), an authorization mechanism for trusted applications is realized, which can ensure the operation of Secure deployment of other applications on edge devices.

根据本申请的一个可选的实施例,执行步骤S101建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系,可以通过以下方式实现:将第一保护域中的可信应用的授权信息存储在第二保护域中;将用于启动第一保护域中的可信应用的根密钥存储在第二保护域中。According to an optional embodiment of the present application, performing step S101 to establish an association relationship between a trusted application in the first protection domain and a trusted application in the second protection domain can be achieved by the following methods: The authorization information of the trusted application in the domain is stored in the second protection domain; the root key used to start the trusted application in the first protection domain is stored in the second protection domain.

Normal OS中的可信应用与Trustzone OS中的可信应用之间产生关联关系可以体现为多种形式:比如Normal OS中可信应用的授权信息(license)是否存储于Trustzone OS中、或者启动Normal OS中可信应用的根密钥是否存储在Trustzone OS中。The association between the trusted applications in the Normal OS and the trusted applications in the Trustzone OS can be embodied in various forms: for example, whether the authorization information (license) of the trusted applications in the Normal OS is stored in the Trustzone OS, or whether to start the Normal OS Whether the root keys of trusted applications in the OS are stored in Trustzone OS.

因此在本步骤中,建立Normal OS中的可信应用与Trustzone OS中的可信应用之间的关联关系可以通过以下方式实现:将Normal OS中可信应用的授权信息(license)存储于Trustzone OS中,或者将启动Normal OS中可信应用的根密钥存储在Trustzone OS中。Therefore, in this step, establishing an association relationship between the trusted application in the Normal OS and the trusted application in the Trustzone OS can be achieved in the following manner: storing the authorization information (license) of the trusted application in the Normal OS in the Trustzone OS , or store the root key for launching trusted applications in Normal OS in Trustzone OS.

在实际应用中,一般采用第二种方式,即将启动Normal OS中可信应用的根密钥存储在Trustzone OS中,因为Normal OS中的上层应用启动时需要根密钥,将根密钥存储在Trustzone OS中可以防止Normal OS和Trustzone OS进行通信的过程中通信内容被窃听,可以实现提高数据的安全性的技术效果。In practical applications, the second method is generally adopted, that is, the root key for starting the trusted application in the Normal OS is stored in the Trustzone OS, because the upper-layer application in the Normal OS needs the root key when starting, and the root key is stored in the The Trustzone OS can prevent the communication content from being eavesdropped during the communication between the Normal OS and the Trustzone OS, and can achieve the technical effect of improving data security.

通过上述方法,可以实现基于Trustzone的Normal OS中可信应用的授权机制。Through the above method, an authorization mechanism for trusted applications in the Trustzone-based Normal OS can be implemented.

根据本申请的另一个可选的实施例,执行步骤S102控制第一保护域中除可信应用之外的其他应用通过第一保护域中的可信应用进行本地授权,包括如下步骤:控制其他应用从第一保护域中的可信应用获取进行本地授权的凭证;依据凭证对其他应用进行本地授权。According to another optional embodiment of the present application, executing step S102 to control other applications in the first protection domain except the trusted application to perform local authorization through the trusted application in the first protection domain includes the following steps: controlling other applications The application obtains a credential for local authorization from a trusted application in the first protection domain; and performs local authorization for other applications according to the credential.

在本申请的一些可选的实施例中,控制其他应用从第一保护域中的可信应用获取进行本地授权的凭证,通过以下方法实现:通过进程间通信套接字和双向安全传输层协议获取凭证。In some optional embodiments of the present application, controlling other applications to obtain a credential for local authorization from a trusted application in the first protection domain is implemented by the following methods: using an inter-process communication socket and a two-way secure transport layer protocol Get credentials.

Normal OS中除可信应用以外的其他应用(一般指实际的业务应用)进行本地授权的过程中,向Normal OS中的可信应用访问是否被授权的凭据,该部分的通信一般基于进程间通信套接字(Unix Domain Socket)和双向安全传输层协议(Transport LayerSecurity,TLS)的方式实现,前者保证了通信的效率,后者保证了通信双方的身份认证可靠性。In the process of local authorization of other applications (generally referring to actual business applications) other than trusted applications in Normal OS, access to trusted applications in Normal OS is authorized credential. This part of the communication is generally based on inter-process communication Socket (Unix Domain Socket) and two-way security transport layer protocol (Transport Layer Security, TLS) are implemented. The former ensures the efficiency of communication, and the latter ensures the reliability of identity authentication of both parties.

通过以上方法,实现了Normal OS中可信应用和业务应用的安全部署。Through the above methods, the secure deployment of trusted applications and business applications in Normal OS is realized.

作为一个可选的实施例,ARM可信设备运行有加密和签名的固件。As an optional embodiment, the ARM trusted device runs encrypted and signed firmware.

在本申请的一个可选的实施例中,建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系之前,上述方法还包括:利用预设私钥对固件进行解密,并验证固件的签名与预设签名是否一致;在对固件成功解密,且固件的签名与预设签名一致的情况下,触发执行建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系。In an optional embodiment of the present application, before establishing the association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain, the above method further includes: using a preset private key pair The firmware decrypts and verifies whether the signature of the firmware is consistent with the preset signature; when the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature, trigger execution to establish the trusted application in the first protection domain and the second The association between trusted applications in the protection domain.

仅基于上述的实现无法保证设备不是恶意的节点。ARM设备上Trustzone能力提供了安全访问的隔离环境,保证了机密数据可以在Trustzone中被存储和隔离,但无法保证Trustzone在当前设备上是可信的,依旧存在伪造和克隆Trustzone分区的可能,从而将Trustzone固件刷入未授权的设备,同时拷贝相关应用到新的设备上授权运行的情况,从而出现恶意节点。因此在上述trustzone功能的基础上,本公开提供的上述技术方案中加入了可信固件和可信启动的概念,即设备刷入的固件是加密和签名后的,在没有私钥的情况下无法实现系统分区的克隆,也无法实现在可信的设备上刷入其他的固件。系统启动的过程中会解密固件并验证固件的签名值是否一致。Based on the above implementation alone, there is no guarantee that the device is not a malicious node. The Trustzone capability on ARM devices provides an isolated environment for secure access, ensuring that confidential data can be stored and isolated in the Trustzone, but it cannot be guaranteed that the Trustzone is credible on the current device, and there is still the possibility of forging and cloning the Trustzone partition. A malicious node is created by flashing the Trustzone firmware to an unauthorized device and copying related applications to the new device for authorized operation. Therefore, on the basis of the above-mentioned trustzone function, the above-mentioned technical solutions provided by the present disclosure add the concepts of trusted firmware and trusted boot, that is, the firmware flashed by the device is encrypted and signed, and cannot be used without a private key. It is impossible to implement the clone of the system partition, and it is impossible to flash other firmware on the trusted device. During system startup, the firmware is decrypted and the signature value of the firmware is verified to be consistent.

图3是根据本公开实施例的一种ARM可信设备的启动流程图,如图3所示,首先从设备根(Soc BootRom)启动;然后对固件进行解密,并验证固件的签名;在固件解密成功,且固件的签名验证通过的情况下,加载kernel。Fig. 3 is a startup flow chart of an ARM trusted device according to an embodiment of the present disclosure, as shown in Fig. 3, first boot from the device root (Soc BootRom); then decrypt the firmware, and verify the signature of the firmware; If the decryption is successful and the signature verification of the firmware is passed, the kernel is loaded.

本公开提供的上述方案在ARM设备上使用固件加密和签名的机制实现刷入设备的固件来源可靠,从而保证了节点设备的可信接入;同时利用Trustzone OS中的可信应用实现Normal OS中的可信应用激活,而Normal OS中业务程序的部署和运行基于Normal OS中的可信应用,从而实现了业务应用的授权部署。并且此方案在迁移不同硬件时也具有相当大的普适性,只需要实现Normal OS中可信应用适配多种硬件的激活策略,Normal OS中的业务程序可大大减少适配工作量或零代码适配。The above solution provided by the present disclosure uses the firmware encryption and signature mechanism on the ARM device to realize the reliable source of the firmware flashed into the device, thereby ensuring the trusted access of the node device; The trusted application activation of the normal OS, and the deployment and operation of the business program in the Normal OS are based on the trusted application in the Normal OS, thus realizing the authorized deployment of the business application. And this solution also has considerable universality when migrating different hardware. It only needs to implement the activation strategy for the trusted application in Normal OS to adapt to multiple hardware. The business program in Normal OS can greatly reduce the adaptation workload or zero. Code adaptation.

本公开提供的技术方案综合考虑设备准入和应用部署的完整链路。可以保护软件资产在可信和授权的边缘节点上运行,同时当边缘节点出现更多硬件类型时,降低业务程序适配的门槛,只需要可信应用适配在不同硬件平台的底层授权实现即可,具有很高的灵活度。The technical solution provided by the present disclosure comprehensively considers the complete link of device admission and application deployment. It can protect software assets to run on trusted and authorized edge nodes. At the same time, when more hardware types appear on edge nodes, the threshold for business program adaptation is lowered. Only trusted applications need to be adapted to the underlying authorization implementation of different hardware platforms. , with high flexibility.

本公开的技术方案中,所涉及的用户个人信息的获取,存储和应用等,均符合相关法律法规的规定,且不违背公序良俗。In the technical solution of the present disclosure, the acquisition, storage and application of the user's personal information involved are all in compliance with the provisions of relevant laws and regulations, and do not violate public order and good customs.

图4是根据本公开实施例的一种应用的可信授权装置的结构框图,如图4所示,该装置包括:FIG. 4 is a structural block diagram of a trusted authorization device for an application according to an embodiment of the present disclosure. As shown in FIG. 4 , the device includes:

建立模块41,设置为建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系,其中,第一保护域和第二保护域为ARM可信设备在处理器层包括的两个不同权限的保护域。The establishing module 41 is configured to establish an association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain, wherein the first protection domain and the second protection domain are processed by the ARM trusted device The server layer includes two protection domains with different permissions.

如图2所示,ARM提供了硬件和固件的相关文档,包含设计安全设备的所必需的安全需求。因此在基于ARM架构的边缘设备上一般都具备Trustzone能力。Arm Trust-zone是ARM公司推出的Soc及CPU范围内的安全解决方案,基本原理是通过对原有硬件架构进行修改,在处理器层引入了两个不同权限的保护域—安全世界(Trustzone OS,即上文中的第二保护域)和普通世界(Normal OS,即上文中的第一保护域),任何时刻处理器仅在其中的一个环境内运行。同时这两个世界是硬件隔离的,并具有不同的权限,普通世界中运行的应用程序或操作系统访问安全世界的资源受到严格的限制,反过来安全世界中运行的程序可以正常访问正常世界中的资源。这种两个世界之间的硬件隔离和不同权限等属性为保护应用程序的代码和数据提供了有效的机制,本公开提供的方案就是在基于Trustzone技术上构建一套安全的边缘设备准入和可信应用授权方案。As shown in Figure 2, ARM provides hardware and firmware related documents, including the necessary security requirements for designing security devices. Therefore, the Trustzone capability is generally available on edge devices based on the ARM architecture. Arm Trust-zone is a security solution within the scope of Soc and CPU launched by ARM. The basic principle is that by modifying the original hardware architecture, two protection domains with different permissions are introduced at the processor layer—Secure World (Trustzone OS). , namely the second protection domain above) and the normal world (Normal OS, namely the first protection domain above), the processor only runs in one of these environments at any time. At the same time, the two worlds are isolated by hardware and have different permissions. Applications or operating systems running in the normal world are strictly restricted from accessing the resources of the secure world. Conversely, programs running in the secure world can normally access the normal world. Resources. The hardware isolation and different permissions between the two worlds provide an effective mechanism for protecting application code and data. The solution provided by the present disclosure is to build a set of secure edge device access and Trusted application authorization scheme.

在图2所示的结构图中,其前后的授权关系为Normal OS中可信应用的启动和启动后是否正常提供授权其他应用运行的能力取决于是否与Trustzone OS中的可信应用(图2中为Trusty应用)产生关联,此过程称之为激活。In the structure diagram shown in Figure 2, the authorization relationship before and after is the startup of the trusted application in Normal OS and whether it normally provides the ability to authorize other applications to run after startup depends on whether it is related to the trusted application in Trustzone OS (Figure 2 The Trusty application) generates an association, and this process is called activation.

控制模块42,设置为控制第一保护域中除可信应用之外的其他应用通过第一保护域中的可信应用进行本地授权。The control module 42 is configured to control other applications in the first protection domain except the trusted applications to perform local authorization through the trusted applications in the first protection domain.

在Normal OS中的其他应用(一般指实际的业务应用)在云端下发后基于Kubernete部署时是否能够正常运行则是通过本地授权的方式实现,即向Normal OS中的可信应用访问是否被授权的凭据。Whether other applications (generally referring to actual business applications) in Normal OS can run normally when deployed based on Kubernetes after being delivered to the cloud is achieved through local authorization, that is, whether access to trusted applications in Normal OS is authorized credentials.

通过上述装置,解决了边缘设备上恶意节点接入的问题,并且通过可信应用的授权机制,可以保证运行在边缘设备上的其他应用的安全部署。Through the above device, the problem of malicious node access on the edge device is solved, and the secure deployment of other applications running on the edge device can be ensured through the authorization mechanism of the trusted application.

根据本申请的一个可选的实施例,建立模块41包括:第一存储单元,设置为将第一保护域中的可信应用的授权信息存储在第二保护域中;第二存储单元,设置为将用于启动第一保护域中的可信应用的根密钥存储在第二保护域中。According to an optional embodiment of the present application, the establishment module 41 includes: a first storage unit, configured to store authorization information of trusted applications in the first protection domain in the second protection domain; a second storage unit, configured to for storing the root key for launching the trusted application in the first protection domain in the second protection domain.

Normal OS中的可信应用与Trustzone OS中的可信应用之间产生关联关系可以体现为多种形式:比如Normal OS中可信应用的授权信息(license)是否存储于Trustzone OS中、或者启动Normal OS中可信应用的根密钥是否存储在Trustzone OS中。The association between the trusted applications in the Normal OS and the trusted applications in the Trustzone OS can be embodied in various forms: for example, whether the authorization information (license) of the trusted applications in the Normal OS is stored in the Trustzone OS, or whether to start the Normal OS Whether the root keys of trusted applications in the OS are stored in Trustzone OS.

因此,建立Normal OS中的可信应用与Trustzone OS中的可信应用之间的关联关系可以通过以下方式实现:将Normal OS中可信应用的授权信息(license)存储于Trustzone OS中,或者将启动Normal OS中可信应用的根密钥存储在Trustzone OS中。Therefore, establishing an association relationship between a trusted application in the Normal OS and a trusted application in the Trustzone OS can be achieved by: storing the authorization information (license) of the trusted application in the Normal OS in the Trustzone OS, or storing The root keys for launching trusted applications in Normal OS are stored in Trustzone OS.

通过上述装置,可以实现基于Trustzone的Normal OS中可信应用的授权机制。Through the above device, an authorization mechanism for trusted applications in the Trustzone-based Normal OS can be implemented.

根据本申请的另一个可选的实施例,控制模块42包括:控制单元,设置为控制其他应用从第一保护域中的可信应用获取进行本地授权的凭证;处理单元,设置为依据凭证对其他应用进行本地授权。According to another optional embodiment of the present application, the control module 42 includes: a control unit configured to control other applications to obtain credentials for local authorization from trusted applications in the first protection domain; a processing unit configured to Other applications perform local authorization.

在本申请的一些可选的实施例中,控制单元,还设置为通过进程间通信套接字和双向安全传输层协议获取凭证。In some optional embodiments of the present application, the control unit is further configured to obtain the credential through an inter-process communication socket and a bidirectional secure transport layer protocol.

Normal OS中除可信应用以外的其他应用(一般指实际的业务应用)进行本地授权的过程中,向Normal OS中的可信应用访问是否被授权的凭据,该部分的通信一般基于进程间通信套接字(Unix Domain Socket)和双向安全传输层协议(Transport LayerSecurity,TLS)的方式实现,前者保证了通信的效率,后者保证了通信双方的身份认证可靠性。In the process of local authorization of other applications (generally referring to actual business applications) other than trusted applications in Normal OS, access to trusted applications in Normal OS is authorized credential. This part of the communication is generally based on inter-process communication Socket (Unix Domain Socket) and two-way security transport layer protocol (Transport Layer Security, TLS) are implemented. The former ensures the efficiency of communication, and the latter ensures the reliability of identity authentication of both parties.

通过以上装置,实现了Normal OS中可信应用和业务应用的安全部署。Through the above devices, the secure deployment of trusted applications and business applications in Normal OS is realized.

作为一个可选的实施例,ARM可信设备运行有加密和签名的固件。As an optional embodiment, the ARM trusted device runs encrypted and signed firmware.

在本申请的另一些可选的实施例中,上述装置还包括:处理模块,设置为利用预设私钥对固件进行解密,并验证固件的签名与预设签名是否一致;触发模块,设置为在对固件成功解密,且固件的签名与预设签名一致的情况下,触发执行建立第一保护域中的可信应用与第二保护域中的可信应用之间的关联关系。In some other optional embodiments of the present application, the above-mentioned device further includes: a processing module, configured to decrypt the firmware by using a preset private key, and verify whether the signature of the firmware is consistent with the preset signature; a trigger module, set to In the case that the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature, the execution is triggered to establish an association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain.

仅基于上述的实现无法保证设备不是恶意的节点。ARM设备上Trustzone能力提供了安全访问的隔离环境,保证了机密数据可以在Trustzone中被存储和隔离,但无法保证Trustzone在当前设备上是可信的,依旧存在伪造和克隆Trustzone分区的可能,从而将Trustzone固件刷入未授权的设备,同时拷贝相关应用到新的设备上授权运行的情况,从而出现恶意节点。因此在上述trustzone功能的基础上,本公开提供的上述技术方案中加入了可信固件和可信启动的概念,即设备刷入的固件是加密和签名后的,在没有私钥的情况下无法实现系统分区的克隆,也无法实现在可信的设备上刷入其他的固件。系统启动的过程中会解密固件并验证固件的签名值是否一致。Based on the above implementation alone, there is no guarantee that the device is not a malicious node. The Trustzone capability on ARM devices provides an isolated environment for secure access, ensuring that confidential data can be stored and isolated in the Trustzone, but it cannot be guaranteed that the Trustzone is credible on the current device, and there is still the possibility of forging and cloning the Trustzone partition. A malicious node is created by flashing the Trustzone firmware to an unauthorized device and copying related applications to the new device for authorized operation. Therefore, on the basis of the above-mentioned trustzone function, the above-mentioned technical solutions provided by the present disclosure add the concepts of trusted firmware and trusted boot, that is, the firmware flashed by the device is encrypted and signed, and cannot be used without a private key. It is impossible to implement the clone of the system partition, and it is impossible to flash other firmware on the trusted device. During system startup, the firmware is decrypted and the signature value of the firmware is verified to be consistent.

如图3所示,首先从设备根(Soc BootRom)启动;然后对固件进行解密,并验证固件的签名;在固件解密成功,且固件的签名验证通过的情况下,加载kernel。As shown in Figure 3, first boot from the device root (Soc BootRom); then decrypt the firmware and verify the signature of the firmware; if the firmware decryption is successful and the signature verification of the firmware is passed, the kernel is loaded.

本公开提供的上述装置在ARM设备上使用固件加密和签名的机制实现刷入设备的固件来源可靠,从而保证了节点设备的可信接入;同时利用Trustzone OS中的可信应用实现Normal OS中的可信应用激活,而Normal OS中业务程序的部署和运行基于Normal OS中的可信应用,从而实现了业务应用的授权部署。并且此方案在迁移不同硬件时也具有相当大的普适性,只需要实现Normal OS中可信应用适配多种硬件的激活策略,Normal OS中的业务程序可大大减少适配工作量或零代码适配。The above-mentioned device provided by the present disclosure uses the mechanism of firmware encryption and signature on the ARM device to realize the reliable source of the firmware flashed into the device, thereby ensuring the trusted access of the node device; The trusted application activation of the normal OS, and the deployment and operation of the business program in the Normal OS are based on the trusted application in the Normal OS, thus realizing the authorized deployment of the business application. And this solution also has considerable universality when migrating different hardware. It only needs to implement the activation strategy for the trusted application in Normal OS to adapt to multiple hardware. The business program in Normal OS can greatly reduce the adaptation workload or zero. Code adaptation.

本公开提供的技术方案综合考虑设备准入和应用部署的完整链路。可以保护软件资产在可信和授权的边缘节点上运行,同时当边缘节点出现更多硬件类型时,降低业务程序适配的门槛,只需要可信应用适配在不同硬件平台的底层授权实现即可,具有很高的灵活度。The technical solution provided by the present disclosure comprehensively considers the complete link of device admission and application deployment. It can protect software assets to run on trusted and authorized edge nodes. At the same time, when more hardware types appear on edge nodes, the threshold for business program adaptation is lowered. Only trusted applications need to be adapted to the underlying authorization implementation of different hardware platforms. , with high flexibility.

根据本公开的实施例,本公开还提供了一种电子设备、一种可读存储介质和一种计算机程序产品。According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium, and a computer program product.

图5示出了可以用来实施本公开的实施例的示例电子设备500的示意性框图。电子设备旨在表示各种形式的数字计算机,诸如,膝上型计算机、台式计算机、工作台、个人数字助理、服务器、刀片式服务器、大型计算机、和其它适合的计算机。电子设备还可以表示各种形式的移动装置,诸如,个人数字处理、蜂窝电话、智能电话、可穿戴设备和其它类似的计算装置。本文所示的部件、它们的连接和关系、以及它们的功能仅仅作为示例,并且不意在限制本文中描述的和/或者要求的本公开的实现。5 shows a schematic block diagram of an example electronic device 500 that may be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. Electronic devices may also represent various forms of mobile devices, such as personal digital processors, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions are by way of example only, and are not intended to limit implementations of the disclosure described and/or claimed herein.

如图5所示,设备500包括计算单元501,其可以根据存储在只读存储器(ROM)502中的计算机程序或者从存储单元508加载到随机访问存储器(RAM)503中的计算机程序,来执行各种适当的动作和处理。在RAM 503中,还可存储设备500操作所需的各种程序和数据。计算单元501、ROM 502以及RAM 503通过总线504彼此相连。输入/输出(I/O)接口505也连接至总线504。As shown in FIG. 5 , the device 500 includes a computing unit 501 that can be executed according to a computer program stored in a read only memory (ROM) 502 or loaded from a storage unit 508 into a random access memory (RAM) 503 Various appropriate actions and handling. In the RAM 503, various programs and data necessary for the operation of the device 500 can also be stored. The computing unit 501 , the ROM 502 , and the RAM 503 are connected to each other through a bus 504 . An input/output (I/O) interface 505 is also connected to bus 504 .

设备500中的多个部件连接至I/O接口505,包括:输入单元506,例如键盘、鼠标等;输出单元507,例如各种类型的显示器、扬声器等;存储单元508,例如磁盘、光盘等;以及通信单元509,例如网卡、调制解调器、无线通信收发机等。通信单元509允许设备500通过诸如因特网的计算机网络和/或各种电信网络与其他设备交换信息/数据。Various components in the device 500 are connected to the I/O interface 505, including: an input unit 506, such as a keyboard, mouse, etc.; an output unit 507, such as various types of displays, speakers, etc.; a storage unit 508, such as a magnetic disk, an optical disk, etc. ; and a communication unit 509, such as a network card, a modem, a wireless communication transceiver, and the like. The communication unit 509 allows the device 500 to exchange information/data with other devices through a computer network such as the Internet and/or various telecommunication networks.

计算单元501可以是各种具有处理和计算能力的通用和/或专用处理组件。计算单元501的一些示例包括但不限于中央处理单元(CPU)、图形处理单元(GPU)、各种专用的人工智能(AI)计算芯片、各种运行机器学习模型算法的计算单元、数字信号处理器(DSP)、以及任何适当的处理器、控制器、微控制器等。计算单元501执行上文所描述的各个方法和处理,例如应用的可信授权方法。例如,在一些实施例中,应用的可信授权方法可被实现为计算机软件程序,其被有形地包含于机器可读介质,例如存储单元508。在一些实施例中,计算机程序的部分或者全部可以经由ROM 502和/或通信单元509而被载入和/或安装到设备500上。当计算机程序加载到RAM 503并由计算单元501执行时,可以执行上文描述的应用的可信授权方法的一个或多个步骤。备选地,在其他实施例中,计算单元501可以通过其他任何适当的方式(例如,借助于固件)而被配置为执行应用的可信授权方法。Computing unit 501 may be various general-purpose and/or special-purpose processing components with processing and computing capabilities. Some examples of computing units 501 include, but are not limited to, central processing units (CPUs), graphics processing units (GPUs), various specialized artificial intelligence (AI) computing chips, various computing units that run machine learning model algorithms, digital signal processing processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 501 performs the various methods and processes described above, such as the trusted authorization method of the application. For example, in some embodiments, the trusted authorization method of an application may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 508 . In some embodiments, part or all of the computer program may be loaded and/or installed on device 500 via ROM 502 and/or communication unit 509 . When the computer program is loaded into RAM 503 and executed by computing unit 501, one or more steps of the trusted authorization method of the application described above may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured to execute the trusted authorization method of the application by any other suitable means (eg, by means of firmware).

本文中以上描述的系统和技术的各种实施方式可以在数字电子电路系统、集成电路系统、场可编程门阵列(FPGA)、专用集成电路(ASIC)、专用标准产品(ASSP)、芯片上系统的系统(SOC)、负载可编程逻辑设备(CPLD)、计算机硬件、固件、软件、和/或它们的组合中实现。这些各种实施方式可以包括:实施在一个或者多个计算机程序中,该一个或者多个计算机程序可在包括至少一个可编程处理器的可编程系统上执行和/或解释,该可编程处理器可以是专用或者通用可编程处理器,可以从存储系统、至少一个输入装置、和至少一个输出装置接收数据和指令,并且将数据和指令传输至该存储系统、该至少一个输入装置、和该至少一个输出装置。Various implementations of the systems and techniques described herein above may be implemented in digital electronic circuitry, integrated circuit systems, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), application specific standard products (ASSPs), systems on chips system (SOC), load programmable logic device (CPLD), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or more computer programs executable and/or interpretable on a programmable system including at least one programmable processor that The processor, which may be a special purpose or general-purpose programmable processor, may receive data and instructions from a storage system, at least one input device, and at least one output device, and transmit data and instructions to the storage system, the at least one input device, and the at least one output device an output device.

用于实施本公开的方法的程序代码可以采用一个或多个编程语言的任何组合来编写。这些程序代码可以提供给通用计算机、专用计算机或其他可编程数据处理装置的处理器或控制器,使得程序代码当由处理器或控制器执行时使流程图和/或框图中所规定的功能/操作被实施。程序代码可以完全在机器上执行、部分地在机器上执行,作为独立软件包部分地在机器上执行且部分地在远程机器上执行或完全在远程机器或服务器上执行。Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer or other programmable data processing apparatus, such that the program code, when executed by the processor or controller, performs the functions/functions specified in the flowcharts and/or block diagrams. Action is implemented. The program code may execute entirely on the machine, partly on the machine, partly on the machine and partly on a remote machine as a stand-alone software package or entirely on the remote machine or server.

在本公开的上下文中,机器可读介质可以是有形的介质,其可以包含或存储以供指令执行系统、装置或设备使用或与指令执行系统、装置或设备结合地使用的程序。机器可读介质可以是机器可读信号介质或机器可读储存介质。机器可读介质可以包括但不限于电子的、磁性的、光学的、电磁的、红外的、或半导体系统、装置或设备,或者上述内容的任何合适组合。机器可读存储介质的更具体示例会包括基于一个或多个线的电气连接、便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦除可编程只读存储器(EPROM或快闪存储器)、光纤、便捷式紧凑盘只读存储器(CD-ROM)、光学储存设备、磁储存设备、或上述内容的任何合适组合。In the context of the present disclosure, a machine-readable medium may be a tangible medium that may contain or store a program for use by or in connection with the instruction execution system, apparatus or device. The machine-readable medium can be a machine-readable signal medium or a machine-readable storage medium. Machine-readable media may include, but are not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices, or devices, or any suitable combination of the foregoing. More specific examples of machine-readable storage media would include one or more wire-based electrical connections, portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), fiber optics, compact disk read only memory (CD-ROM), optical storage, magnetic storage, or any suitable combination of the foregoing.

为了提供与用户的交互,可以在计算机上实施此处描述的系统和技术,该计算机具有:用于向用户显示信息的显示装置(例如,CRT(阴极射线管)或者LCD(液晶显示器)监视器);以及键盘和指向装置(例如,鼠标或者轨迹球),用户可以通过该键盘和该指向装置来将输入提供给计算机。其它种类的装置还可以用于提供与用户的交互;例如,提供给用户的反馈可以是任何形式的传感反馈(例如,视觉反馈、听觉反馈、或者触觉反馈);并且可以用任何形式(包括声输入、语音输入或者、触觉输入)来接收来自用户的输入。To provide interaction with a user, the systems and techniques described herein may be implemented on a computer having a display device (eg, a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user ); and a keyboard and pointing device (eg, a mouse or trackball) through which a user can provide input to the computer. Other kinds of devices can also be used to provide interaction with the user; for example, the feedback provided to the user can be any form of sensory feedback (eg, visual feedback, auditory feedback, or tactile feedback); and can be in any form (including acoustic input, voice input, or tactile input) to receive input from the user.

可以将此处描述的系统和技术实施在包括后台部件的计算系统(例如,作为数据服务器)、或者包括中间件部件的计算系统(例如,应用服务器)、或者包括前端部件的计算系统(例如,具有图形用户界面或者网络浏览器的用户计算机,用户可以通过该图形用户界面或者该网络浏览器来与此处描述的系统和技术的实施方式交互)、或者包括这种后台部件、中间件部件、或者前端部件的任何组合的计算系统中。可以通过任何形式或者介质的数字数据通信(例如,通信网络)来将系统的部件相互连接。通信网络的示例包括:局域网(LAN)、广域网(WAN)和互联网。The systems and techniques described herein may be implemented on a computing system that includes back-end components (eg, as a data server), or a computing system that includes middleware components (eg, an application server), or a computing system that includes front-end components (eg, a user computer having a graphical user interface or web browser through which a user may interact with implementations of the systems and techniques described herein), or including such backend components, middleware components, Or any combination of front-end components in a computing system. The components of the system may be interconnected by any form or medium of digital data communication (eg, a communication network). Examples of communication networks include: Local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.

计算机系统可以包括客户端和服务器。客户端和服务器一般远离彼此并且通常通过通信网络进行交互。通过在相应的计算机上运行并且彼此具有客户端-服务器关系的计算机程序来产生客户端和服务器的关系。服务器可以是云服务器,也可以为分布式系统的服务器,或者是结合了区块链的服务器。A computer system can include clients and servers. Clients and servers are generally remote from each other and usually interact through a communication network. The relationship of client and server arises by computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, a distributed system server, or a server combined with blockchain.

应该理解,可以使用上面所示的各种形式的流程,重新排序、增加或删除步骤。例如,本发公开中记载的各步骤可以并行地执行也可以顺序地执行也可以不同的次序执行,只要能够实现本公开公开的技术方案所期望的结果,本文在此不进行限制。It should be understood that steps may be reordered, added or deleted using the various forms of flow shown above. For example, the steps described in the present disclosure can be executed in parallel, sequentially, or in different orders. As long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, there is no limitation herein.

上述具体实施方式,并不构成对本公开保护范围的限制。本领域技术人员应该明白的是,根据设计要求和其他因素,可以进行各种修改、组合、子组合和替代。任何在本公开的精神和原则之内所作的修改、等同替换和改进等,均应包含在本公开保护范围之内。The above-mentioned specific embodiments do not constitute a limitation on the protection scope of the present disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may occur depending on design requirements and other factors. Any modifications, equivalent replacements, and improvements made within the spirit and principles of the present disclosure should be included within the protection scope of the present disclosure.

Claims (15)

1. A trusted authorization method of an application is applied to an ARM trusted device, and the ARM trusted device comprises two protection domains with different authorities in a processor layer: a first protection domain and a second protection domain, the method comprising the steps of:
establishing an association between a trusted application in the first protected domain and a trusted application in the second protected domain;
and controlling other applications in the first protection domain except the trusted application to perform local authorization through the trusted application in the first protection domain.
2. The method of claim 1, wherein the establishing an association between the trusted application in the first protected domain and the trusted application in the second protected domain comprises at least one of:
storing authorization information for a trusted application in the first protected domain in the second protected domain;
storing a root key for launching a trusted application in the first protected domain in the second protected domain.
3. The method of claim 1, wherein the controlling other applications in the first protected domain other than the trusted application to be locally authorized by the trusted application in the first protected domain comprises:
controlling the other application to obtain credentials for local authorization from a trusted application in the first protected domain;
and locally authorizing the other applications according to the certificate.
4. The method of claim 3, wherein the controlling the other application to obtain credentials for local authorization from a trusted application in the first protected domain comprises:
and acquiring the certificate through an interprocess communication socket and a two-way secure transport layer protocol.
5. The method of any of claims 1 to 4, further comprising:
And the ARM trusted equipment runs encrypted and signed firmware.
6. The method of claim 5, wherein prior to the establishing an association between the trusted application in the first protected domain and the trusted application in the second protected domain, the method further comprises:
decrypting the firmware by using a preset private key and verifying whether the signature of the firmware is consistent with a preset signature;
and under the condition that the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature, triggering and establishing an association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain.
7. A trusted authority for an application, comprising:
the device comprises an establishing module, a judging module and a judging module, wherein the establishing module is set to establish an incidence relation between a trusted application in a first protection domain and a trusted application in a second protection domain, and the first protection domain and the second protection domain are two protection domains with different authorities, which are included in a processor layer of ARM trusted equipment;
a control module configured to control other applications in the first protected domain except the trusted application to perform local authorization through the trusted application in the first protected domain.
8. The apparatus of claim 7, wherein the establishing means comprises:
a first storage unit configured to store authorization information of a trusted application in the first protected domain in the second protected domain;
a second storage unit arranged to store a root key for launching a trusted application in the first protected domain in the second protected domain.
9. The apparatus of claim 7, wherein the control module comprises:
a control unit configured to control the other application to obtain a credential for local authorization from a trusted application in the first protected domain;
and the processing unit is arranged for carrying out local authorization on the other applications according to the certificate.
10. The apparatus of claim 9, wherein the control unit is further configured to obtain the credentials via an interprocess communication socket and a two-way secure transport layer protocol.
11. The apparatus of any of claims 7 to 10, the ARM trusted device running encrypted and signed firmware.
12. The apparatus of claim 11, wherein the apparatus further comprises:
the processing module is used for decrypting the firmware by using a preset private key and verifying whether the signature of the firmware is consistent with a preset signature or not;
And the triggering module is used for triggering and executing the establishment of the association relationship between the trusted application in the first protection domain and the trusted application in the second protection domain under the condition that the firmware is successfully decrypted and the signature of the firmware is consistent with the preset signature.
13. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a trusted authorization method for an application as claimed in any of claims 1-6.
14. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform a trusted authorization method of an application according to any one of claims 1-6.
15. A computer program product comprising a computer program which, when executed by a processor, implements a trusted authorization method for an application according to any one of claims 1-6.
CN202210270141.XA 2022-03-18 2022-03-18 Application trusted authorization method and device and electronic equipment Active CN114676392B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210270141.XA CN114676392B (en) 2022-03-18 2022-03-18 Application trusted authorization method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210270141.XA CN114676392B (en) 2022-03-18 2022-03-18 Application trusted authorization method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN114676392A true CN114676392A (en) 2022-06-28
CN114676392B CN114676392B (en) 2024-06-04

Family

ID=82074266

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210270141.XA Active CN114676392B (en) 2022-03-18 2022-03-18 Application trusted authorization method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN114676392B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024139616A1 (en) * 2022-12-26 2024-07-04 支付宝(杭州)信息技术有限公司 Signature authentication method and apparatus

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1993921A (en) * 2004-08-06 2007-07-04 摩托罗拉公司 Enhanced security using service provider authentication
CN101004776A (en) * 2006-01-09 2007-07-25 太阳微系统有限公司 Method and apparatus for protection domain based security
CN101223534A (en) * 2005-07-22 2008-07-16 英特尔公司 Quiescing a processor bus agent
US20140245013A1 (en) * 2011-11-04 2014-08-28 Sk Planet Co., Ltd. Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it
EP2827276A1 (en) * 2013-07-19 2015-01-21 Alcatel Lucent Secure data processing
CN106027257A (en) * 2016-05-05 2016-10-12 北京元心科技有限公司 Method and system for securely performing identity authentication
CN107251481A (en) * 2014-11-14 2017-10-13 英特尔公司 Credible platform module certification and proof are carried out using Anonymity Key system
US20170344407A1 (en) * 2016-05-30 2017-11-30 Samsung Electronics Co., Ltd. Electronic device for authenticating application and operating method thereof
EP3264710A1 (en) * 2016-06-28 2018-01-03 Alcatel Lucent Securely transferring the authorization of connected objects
CN111382445A (en) * 2020-03-03 2020-07-07 首都师范大学 A Method for Providing Trusted Service by Using Trusted Execution Environment System
CN113094764A (en) * 2019-12-23 2021-07-09 英特尔公司 Trusted local memory management in virtual GPU
CN113343212A (en) * 2021-06-25 2021-09-03 成都商汤科技有限公司 Device registration method and apparatus, electronic device, and storage medium

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1993921A (en) * 2004-08-06 2007-07-04 摩托罗拉公司 Enhanced security using service provider authentication
CN101223534A (en) * 2005-07-22 2008-07-16 英特尔公司 Quiescing a processor bus agent
CN101004776A (en) * 2006-01-09 2007-07-25 太阳微系统有限公司 Method and apparatus for protection domain based security
US20140245013A1 (en) * 2011-11-04 2014-08-28 Sk Planet Co., Ltd. Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it
EP2827276A1 (en) * 2013-07-19 2015-01-21 Alcatel Lucent Secure data processing
CN107251481A (en) * 2014-11-14 2017-10-13 英特尔公司 Credible platform module certification and proof are carried out using Anonymity Key system
CN106027257A (en) * 2016-05-05 2016-10-12 北京元心科技有限公司 Method and system for securely performing identity authentication
US20170344407A1 (en) * 2016-05-30 2017-11-30 Samsung Electronics Co., Ltd. Electronic device for authenticating application and operating method thereof
EP3264710A1 (en) * 2016-06-28 2018-01-03 Alcatel Lucent Securely transferring the authorization of connected objects
CN113094764A (en) * 2019-12-23 2021-07-09 英特尔公司 Trusted local memory management in virtual GPU
CN111382445A (en) * 2020-03-03 2020-07-07 首都师范大学 A Method for Providing Trusted Service by Using Trusted Execution Environment System
CN113343212A (en) * 2021-06-25 2021-09-03 成都商汤科技有限公司 Device registration method and apparatus, electronic device, and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张英骏;冯登国;秦宇;杨波;: "基于Trustzone的强安全需求环境下可信代码执行方案", 计算机研究与发展, no. 10, 15 October 2015 (2015-10-15), pages 2224 - 2238 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024139616A1 (en) * 2022-12-26 2024-07-04 支付宝(杭州)信息技术有限公司 Signature authentication method and apparatus

Also Published As

Publication number Publication date
CN114676392B (en) 2024-06-04

Similar Documents

Publication Publication Date Title
US20240098097A1 (en) Secure over-the-air updates
US10409978B2 (en) Hypervisor and virtual machine protection
KR101701664B1 (en) Secure virtual machine migration
US11768948B1 (en) Enclave-based cryptography services in edge computing environments
US12413557B2 (en) Trusted execution environment for service mesh
CN110492990A (en) Private key management method, apparatus and system under block chain scene
WO2023029447A1 (en) Model protection method, device, apparatus, system and storage medium
US9864853B2 (en) Enhanced security mechanism for authentication of users of a system
US20240323010A1 (en) Remote Controlled Hardware Security Module
US10567170B2 (en) Hardware-generated dynamic identifier
CN113672973B (en) Database system for embedded devices based on RISC-V architecture based on trusted execution environment
WO2025179988A1 (en) Password protection method and apparatus for data communication, device, and storage medium
CN114676392B (en) Application trusted authorization method and device and electronic equipment
Zareapoor et al. Establishing safe cloud: Ensuring data security and performance evaluation
Manaa Data encryption scheme for large data scale in cloud computing
CN114969711B (en) A security authentication method, electronic device and storage medium
US12158939B1 (en) Authentication artifact generation using single sign-on
CN116708435A (en) Cryptographic-based protocol-free cross-network access method and system
US10958666B1 (en) Systems and methods for verifying connection integrity
JP7643676B2 (en) Authentication Factor File
US12063316B2 (en) Establishing a trust relationship in a hybrid cloud management and management service environment
US20250226969A1 (en) Methods for trusted platform module based secure device enrollment in cloud services for managed devices
Litchfield et al. CORP: An algorithm to prevent unauthorised data modification using collaborative nodes
Ahmed et al. CORP: An algorithm to prevent unauthorized data modification using collaborative nodes
Ahmad et al. A Diffie-Hellman and two step verification based secure cloud computing paradigm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant