[go: up one dir, main page]

CN118921661A - High-security Bluetooth digital key storage management method based on mobile terminal TEE - Google Patents

High-security Bluetooth digital key storage management method based on mobile terminal TEE Download PDF

Info

Publication number
CN118921661A
CN118921661A CN202410967907.9A CN202410967907A CN118921661A CN 118921661 A CN118921661 A CN 118921661A CN 202410967907 A CN202410967907 A CN 202410967907A CN 118921661 A CN118921661 A CN 118921661A
Authority
CN
China
Prior art keywords
security
digital key
data
tee
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410967907.9A
Other languages
Chinese (zh)
Inventor
刘宏远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Lan You Technology Co Ltd
Original Assignee
Shenzhen Lan You Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Lan You Technology Co Ltd filed Critical Shenzhen Lan You Technology Co Ltd
Priority to CN202410967907.9A priority Critical patent/CN118921661A/en
Publication of CN118921661A publication Critical patent/CN118921661A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a mobile terminal TEE-based high-security Bluetooth digital key storage management method, and relates to the technical field of Bluetooth digital key security. The invention comprises the following steps: the Secure enclaspe is utilized on the iOS platform, the trust zone technology is utilized on the Android platform, and the asymmetric encryption, the Secure storage and the strict access control are combined, so that a high-security digital key management system and high-security key generation, storage and management are realized. The invention obviously improves the safety of the Bluetooth digital key through hardware-level safety isolation, a double encryption mechanism and strict access control, and simultaneously maintains good user experience and system performance. The method is not only suitable for the management of the Bluetooth digital key, but also can be expanded to other fields needing high security, such as financial transaction, identity authentication and the like, and effectively prevents unauthorized access and data leakage.

Description

基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法High-security Bluetooth digital key storage management method based on mobile TEE

技术领域Technical Field

本发明属于数字钥匙安全技术领域,特别是涉及基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法。The present invention belongs to the field of digital key security technology, and in particular to a high-security Bluetooth digital key storage management method based on mobile terminal TEE.

背景技术Background Art

随着物联网和智能设备的普及,蓝牙数字钥匙在移动应用中的使用日益广泛。然而,传统的数据存储方法存在诸多安全隐患:With the popularity of the Internet of Things and smart devices, Bluetooth digital keys are increasingly used in mobile applications. However, traditional data storage methods have many security risks:

A:普通的移动应用通常将敏感数据直接存储在设备的本地存储中,容易受到设备丢失、恶意软件攻击等安全威胁;A: Ordinary mobile applications usually store sensitive data directly in the local storage of the device, which is vulnerable to security threats such as device loss and malware attacks;

B:一些应用虽然使用了简单的加密方法,但密钥往往与加密数据一起存储,仍然存在被窃取的风险;B: Although some applications use simple encryption methods, the keys are often stored together with the encrypted data, which still poses a risk of being stolen.

C:传统存储方法难以抵抗高级的逆向工程和内存攻击,使得敏感数据面临被非法访问的危险;C: Traditional storage methods are difficult to resist advanced reverse engineering and memory attacks, which puts sensitive data at risk of illegal access;

D:缺乏硬件级别的安全保护,软件层面的安全措施容易被绕过或破解。D: Lack of hardware-level security protection, and software-level security measures can be easily bypassed or cracked.

如中国专利CN112396735A提供一种网联汽车数字钥匙安全认证方法及装置,包括远距离解锁和近距离解锁两种形式,基于PKI技术,在双方验证过程中,采用签名算法对数字钥匙提取摘要,分别利用双方的密钥对加密解密摘要和数字钥匙,通过认证解密得到的摘要与数字钥匙的对应关系,并比对解密得到的数字钥匙与本方数据库中记载的数字钥匙会否一致,达到身份安全认证的目的。对数字钥匙进行双重强制认证,能够有效防止重放攻击、中间人攻击或口令攻击,即使第三方已知数字钥匙也需要能基于摘要与数字钥匙的对应关系检出非法对象,极大提高了认证的安全性。For example, Chinese patent CN112396735A provides a method and device for secure authentication of digital keys for connected cars, including two forms of remote unlocking and close unlocking. Based on PKI technology, during the verification process between the two parties, a signature algorithm is used to extract a summary of the digital key, and the summary and digital key are encrypted and decrypted using the key pairs of both parties, and the correspondence between the summary obtained through authentication and decryption and the digital key is compared with whether the decrypted digital key is consistent with the digital key recorded in the database of the party, so as to achieve the purpose of identity security authentication. Double mandatory authentication of digital keys can effectively prevent replay attacks, man-in-the-middle attacks or password attacks. Even if the digital key is known to a third party, it is necessary to detect illegal objects based on the correspondence between the summary and the digital key, which greatly improves the security of authentication.

还如中国专利CN115967920A公开一种汽车蓝牙密钥安全管理方法、系统、设备和介质,该方法包括:响应于用户终端的请求操作生成蓝牙钥匙启用请求并输出至云端;根据所述蓝牙钥匙启用请求获取云端对应车辆的数字钥匙,其中所述数字钥匙由云端根据预存储的车辆主密钥生成,所述车辆主密钥与车辆信息关联;根据所述数字钥匙生成会话密钥以与车端进行加密会话。For example, Chinese patent CN115967920A discloses a method, system, device and medium for secure management of automobile Bluetooth keys, the method comprising: generating a Bluetooth key activation request in response to a request operation of a user terminal and outputting it to the cloud; obtaining a digital key of the corresponding vehicle in the cloud according to the Bluetooth key activation request, wherein the digital key is generated by the cloud according to a pre-stored vehicle master key, and the vehicle master key is associated with vehicle information; generating a session key according to the digital key to conduct an encrypted session with the vehicle.

因此,亟需一种更安全、更可靠的蓝牙数字钥匙存储和管理方法。Therefore, there is an urgent need for a safer and more reliable method for storing and managing Bluetooth digital keys.

发明内容Summary of the invention

本发明的目的在于提供一种基于移动端TEE技术的蓝牙数字钥匙安全存储和管理方法,在iOS平台上,通过Secure Enclave生成并存储密钥对,并使用Keychain存储加密数据。在安卓平台上,通过Android Keystore生成并存储密钥对,并使用安全存储存储加密数据;以解决现有技术中存在的安全隐患。The purpose of the present invention is to provide a method for secure storage and management of Bluetooth digital keys based on mobile TEE technology. On the iOS platform, a key pair is generated and stored through Secure Enclave, and encrypted data is stored using Keychain. On the Android platform, a key pair is generated and stored through Android Keystore, and encrypted data is stored using secure storage, so as to solve the security risks existing in the prior art.

为解决上述技术问题,本发明是通过以下技术方案实现的:In order to solve the above technical problems, the present invention is achieved through the following technical solutions:

本发明为基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法,包括以下步骤:The present invention is a high-security Bluetooth digital key storage management method based on mobile terminal TEE, comprising the following steps:

步骤S01:利用移动设备的硬件安全模块作为可信执行环境TEE;在可信执行环境TEE中采用非对称加密技术生成密钥对;Step S01: Using the hardware security module of the mobile device as a trusted execution environment TEE; using asymmetric encryption technology to generate a key pair in the trusted execution environment TEE;

步骤S02:使用公钥对蓝牙数字钥匙数据进行加密;Step S02: Encrypting Bluetooth digital key data using a public key;

步骤S03:将加密后的数据存储在移动设备的安全存储区域;Step S03: storing the encrypted data in a secure storage area of the mobile device;

步骤S04:需要使用数据时,从安全存储区域读取加密数据;Step S04: when data needs to be used, the encrypted data is read from the secure storage area;

步骤S05:在可信执行环境TEE中使用私钥对加密数据进行解密。Step S05: Decrypt the encrypted data using the private key in the trusted execution environment TEE.

进一步地,所述硬件安全模块在iOS平台上为Secure Enclave,在Android平台上为基于TrustZone的KeyStore。Furthermore, the hardware security module is a Secure Enclave on the iOS platform and a KeyStore based on TrustZone on the Android platform.

进一步地,所述步骤S01中采用非对称加密技术生成密钥对为RSA密钥对,密钥长度为2048位;在加密蓝牙数字钥匙数据之前,对蓝牙数字钥匙数据进行OAEP填充;使用SHA256算法作为OAEP填充的哈希函数。Furthermore, in step S01, the key pair generated by using asymmetric encryption technology is an RSA key pair with a key length of 2048 bits; before encrypting the Bluetooth digital key data, the Bluetooth digital key data is OAEP-filled; and the SHA256 algorithm is used as the hash function for OAEP filling.

进一步地,还包括以下步骤:Furthermore, the method further comprises the following steps:

步骤B01:在可信执行环境TEE中部署一个安全随机数生成器;Step B01: Deploy a secure random number generator in the trusted execution environment TEE;

步骤B02:使用安全随机数生成器为每个蓝牙数字钥匙生成唯一标识符;Step B02: Generate a unique identifier for each Bluetooth digital key using a secure random number generator;

步骤B03:将唯一标识符与加密后的蓝牙数字钥匙数据一起存储;Step B03: storing the unique identifier together with the encrypted Bluetooth digital key data;

步骤B04:在检索和使用蓝牙数字钥匙时,先验证唯一标识符的有效性,如果唯一标识符无效,则拒绝访问对应的蓝牙数字钥匙数据。Step B04: When retrieving and using the Bluetooth digital key, first verify the validity of the unique identifier. If the unique identifier is invalid, access to the corresponding Bluetooth digital key data is denied.

进一步地,所述安全存储区域在iOS平台上为Keychain,在Android平台上为EncryptedSharedPreferences;在iOS平台上,将加密数据存储在Keychain时,设置kSecAttrAccessible属性为kSecAttrAccessibleWhenUnlockedThisDeviceOnly。Furthermore, the secure storage area is Keychain on the iOS platform and is EncryptedSharedPreferences on the Android platform; on the iOS platform, when the encrypted data is stored in the Keychain, the kSecAttrAccessible attribute is set to kSecAttrAccessibleWhenUnlockedThisDeviceOnly.

进一步地,还包括以下步骤:Furthermore, the method further comprises the following steps:

步骤G01:定期或基于设定条件触发密钥轮换;Step G01: triggering key rotation periodically or based on set conditions;

步骤G02:在可信执行环境TEE内部生成新的密钥对;Step G02: Generate a new key pair inside the trusted execution environment TEE;

步骤G03:使用新的公钥重新对蓝牙数字钥匙数据进行加密;Step G03: re-encrypt the Bluetooth digital key data using the new public key;

步骤G04:安全销毁旧的私钥。Step G04: Safely destroy the old private key.

进一步地,还包括以下步骤:Furthermore, the method further comprises the following steps:

步骤F01:在可信执行环境TEE外部部署一个访问控制模块,用于管理对加密的蓝牙数字钥匙数据的访问权限;Step F01: deploy an access control module outside the trusted execution environment TEE to manage access rights to the encrypted Bluetooth digital key data;

步骤F02:所述访问控制模块根据预定义的策略,决定是否允许应用程序请求解密数据。Step F02: The access control module determines whether to allow the application to request data decryption according to a predefined policy.

进一步地,所述步骤S03中:Furthermore, in step S03:

在加密数据存储时,同时存储一个与加密数据相关联的元数据;When the encrypted data is stored, metadata associated with the encrypted data is also stored;

元数据包含数据的创建时间、最后访问时间、访问次数等信息;Metadata includes information such as the creation time, last access time, and access count of the data;

基于元数据实现数据生命周期管理,包括自动删除过期数据。Implement data lifecycle management based on metadata, including automatic deletion of expired data.

进一步地,还包括以下步骤:Furthermore, the method further comprises the following steps:

通过安全日志系统记录所有关键操作,关键操作包括密钥生成、数据加解密、访问控制决策等;All key operations are recorded through the security log system, including key generation, data encryption and decryption, access control decisions, etc.

安全日志系统记录的安全日志存储在可信执行环境TEE保护的存储区域,防止被篡改或删除。The security logs recorded by the security log system are stored in the storage area protected by the trusted execution environment TEE to prevent tampering or deletion.

进一步地,还包括以下步骤:通过安全备份和恢复机制,允许用户在更换移动设备时安全地迁移加密的蓝牙数字钥匙数据;备份过程中,使用额外的加密层保护数据,并要求用户提供额外的认证信息。Furthermore, the following steps are also included: through a secure backup and recovery mechanism, the user is allowed to securely migrate the encrypted Bluetooth digital key data when changing the mobile device; during the backup process, an additional encryption layer is used to protect the data, and the user is required to provide additional authentication information.

其中本发明涉及的术语释义为:The definitions of the terms involved in the present invention are as follows:

·可信执行环境(TEE,Trusted Execution Environment):一种在设备主处理器内独立运行的安全区域,提供更高的安全性来处理敏感数据和执行关键代码。TEE防止未授权的访问和修改。Trusted Execution Environment (TEE): A secure area that runs independently within the device's main processor, providing greater security for processing sensitive data and executing critical code. TEE prevents unauthorized access and modification.

·Secure Enclave:苹果公司在iOS设备上引入的一种硬件安全模块,用于保护高度敏感的用户数据和加密密钥。Secure Enclave: A hardware security module introduced by Apple on iOS devices to protect highly sensitive user data and encryption keys.

·Keychain:iOS和macOS系统提供的一个安全存储服务,用于保存密码、密钥和其他敏感数据。Keychain: A secure storage service provided by iOS and macOS for storing passwords, keys, and other sensitive data.

·Android Keystore:安卓平台上的一个系统级服务,用于生成和存储加密密钥,确保密钥的安全性和不可导出性。Android Keystore: A system-level service on the Android platform that is used to generate and store cryptographic keys, ensuring that the keys are secure and non-exportable.

·TrustZone:由ARM开发的一种TEE技术,分隔标准操作系统(非安全世界)和安全操作系统(安全世界)来确保敏感数据和操作的安全性。TrustZone: A TEE technology developed by ARM that separates the standard operating system (non-secure world) and the secure operating system (secure world) to ensure the security of sensitive data and operations.

·公钥:非对称加密中公开的密钥,用于加密数据,任何人都可以获取。Public key: A public key in asymmetric encryption that is used to encrypt data and can be obtained by anyone.

·私钥:非对称加密中保密的密钥,用于解密数据,仅持有私钥的一方可以解密对应的加密数据。Private key: A secret key in asymmetric encryption, used to decrypt data. Only the party holding the private key can decrypt the corresponding encrypted data.

·蓝牙数字钥匙:一种利用蓝牙技术生成和管理的数字密钥,用于实现设备间的安全通信和认证。Bluetooth Digital Key: A digital key generated and managed using Bluetooth technology to enable secure communication and authentication between devices.

本发明具有以下有益效果:The present invention has the following beneficial effects:

本发明通过利用iOS和Android平台的硬件安全特性,结合非对称加密、安全存储和严格的访问控制,实现了高度安全的数字钥匙管理系统;显著提高了移动应用中敏感数据的安全性,同时保持了良好的用户体验和系统性能。该方法不仅适用于蓝牙数字钥匙的管理,还可扩展到其他需要高安全性的移动应用场景,如金融交易、身份认证等领域。The present invention realizes a highly secure digital key management system by utilizing the hardware security features of iOS and Android platforms, combining asymmetric encryption, secure storage and strict access control; significantly improving the security of sensitive data in mobile applications while maintaining a good user experience and system performance. This method is not only applicable to the management of Bluetooth digital keys, but can also be extended to other mobile application scenarios that require high security, such as financial transactions, identity authentication and other fields.

当然,实施本发明的任一产品并不一定需要同时达到以上所述的所有优点。Of course, any product implementing the present invention does not necessarily need to achieve all of the advantages described above at the same time.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings required for describing the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other accompanying drawings can be obtained based on these accompanying drawings without paying creative work.

图1为本发明基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法流程图的左半部分;FIG1 is the left half of a flow chart of a high-security Bluetooth digital key storage management method based on a mobile terminal TEE according to the present invention;

图2为本发明基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法流程图的右半部分。FIG. 2 is the right half of the flow chart of the high-security Bluetooth digital key storage management method based on mobile terminal TEE of the present invention.

具体实施方式DETAILED DESCRIPTION

以下描述中,为了说明而不是为了限定,提出了诸如特定系统结构、技术之类的具体细节,以便透彻理解本申请实施例。然而,本领域的技术人员应当清楚,在没有这些具体细节的其它实施例中也可以实现本申请。在其它情况中,省略对众所周知的系统、装置、电路以及方法的详细说明,以免不必要的细节妨碍本申请的描述。In the following description, specific details such as specific system structures, technologies, etc. are provided for the purpose of illustration rather than limitation, so as to provide a thorough understanding of the embodiments of the present application. However, it should be clear to those skilled in the art that the present application may also be implemented in other embodiments without these specific details. In other cases, detailed descriptions of well-known systems, devices, circuits, and methods are omitted to prevent unnecessary details from obstructing the description of the present application.

应当理解,当在本申请说明书和所附权利要求书中使用时,术语“包括”指示所描述特征、整体、步骤、操作、元素和/或组件的存在,但并不排除一个或多个其它特征、整体、步骤、操作、元素、组件和/或其集合的存在或添加。It should be understood that when used in the present specification and the appended claims, the term "comprising" indicates the presence of described features, wholes, steps, operations, elements and/or components, but does not exclude the presence or addition of one or more other features, wholes, steps, operations, elements, components and/or combinations thereof.

还应当理解,在本申请说明书和所附权利要求书中使用的术语“和/或”是指相关联列出的项中的一个或多个的任何组合以及所有可能组合,并且包括这些组合。It should also be understood that the term “and/or” used in the specification and appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes these combinations.

如在本申请说明书和所附权利要求书中所使用的那样,术语“如果”可以依据上下文被解释为“当...时”或“一旦”或“响应于确定”或“响应于检测到”。类似地,短语“如果确定”或“如果检测到[所描述条件或事件]”可以依据上下文被解释为意指“一旦确定”或“响应于确定”或“一旦检测到[所描述条件或事件]”或“响应于检测到[所描述条件或事件]”。As used in the specification and appended claims of this application, the term "if" can be interpreted as "when" or "uponce" or "in response to determining" or "in response to detecting", depending on the context. Similarly, the phrase "if it is determined" or "if [described condition or event] is detected" can be interpreted as meaning "uponce it is determined" or "in response to determining" or "uponce [described condition or event] is detected" or "in response to detecting [described condition or event]", depending on the context.

另外,在本申请说明书和所附权利要求书的描述中,术语“第一”、“第二”、“第三”等仅用于区分描述,而不能理解为指示或暗示相对重要性。In addition, in the description of the present application specification and the appended claims, the terms "first", "second", "third", etc. are only used to distinguish the descriptions and cannot be understood as indicating or implying relative importance.

在本申请说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此,在本说明书中的不同之处出现的语句“在一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例,而是意味着“一个或多个但不是所有的实施例”,除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”,除非是以其他方式另外特别强调。References to "one embodiment" or "some embodiments" etc. described in the specification of this application mean that one or more embodiments of the present application include specific features, structures or characteristics described in conjunction with the embodiment. Therefore, the statements "in one embodiment", "in some embodiments", "in some other embodiments", "in some other embodiments", etc. that appear in different places in this specification do not necessarily refer to the same embodiment, but mean "one or more but not all embodiments", unless otherwise specifically emphasized in other ways. The terms "including", "comprising", "having" and their variations all mean "including but not limited to", unless otherwise specifically emphasized in other ways.

实施例一:Embodiment 1:

请参阅图1-2所示,本发明为基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法,该方法在iOS平台上利用Secure Enclave,在Android平台上利用TrustZone技术,实现了高安全性的密钥生成、存储和管理。本发明通过硬件级安全隔离、双重加密机制、以及严格的访问控制,显著提高了蓝牙数字钥匙的安全性,有效防止了未经授权的访问和数据泄露;本发明包括以下步骤:Please refer to Figures 1-2. The present invention is a high-security Bluetooth digital key storage management method based on mobile TEE. The method uses Secure Enclave on the iOS platform and TrustZone technology on the Android platform to achieve high-security key generation, storage and management. The present invention significantly improves the security of Bluetooth digital keys through hardware-level security isolation, dual encryption mechanism, and strict access control, and effectively prevents unauthorized access and data leakage; the present invention includes the following steps:

步骤S01:利用移动设备的硬件安全模块作为可信执行环境TEE;在可信执行环境TEE中采用非对称加密技术生成密钥对;通过利用移动设备的硬件安全模块(如iOS的Secure Enclave和Android的TrustZone)作为可信执行环境(TEE),实现密钥的安全生成和存储;作为本发明提供的一个实施例,优选的,所述硬件安全模块在iOS平台上为SecureEnclave,在Android平台上为基于TrustZone的KeyStore;Step S01: using the hardware security module of the mobile device as a trusted execution environment TEE; using asymmetric encryption technology to generate a key pair in the trusted execution environment TEE; by using the hardware security module of the mobile device (such as iOS's Secure Enclave and Android's TrustZone) as a trusted execution environment (TEE), the secure generation and storage of keys is achieved; as an embodiment provided by the present invention, preferably, the hardware security module is SecureEnclave on the iOS platform and is a KeyStore based on TrustZone on the Android platform;

步骤S02:使用公钥对蓝牙数字钥匙数据进行加密;采用非对称加密技术,在TEE中生成密钥对,私钥永不离开TEE,确保最高级别的安全性;Step S02: Use the public key to encrypt the Bluetooth digital key data; use asymmetric encryption technology to generate a key pair in TEE, and the private key never leaves TEE, ensuring the highest level of security;

步骤S03:将加密后的数据存储在移动设备的安全存储区域,使用公钥对蓝牙数字钥匙数据进行加密,加密后的数据存储在设备的安全存储区域(如iOS的Keychain或Android的EncryptedSharedPreferences);Step S03: storing the encrypted data in a secure storage area of the mobile device, encrypting the Bluetooth digital key data using a public key, and storing the encrypted data in a secure storage area of the device (such as Keychain of iOS or EncryptedSharedPreferences of Android);

步骤S04:需要使用数据时,从安全存储区域读取加密数据,所有的加密和解密操作都在TEE内部完成,加密数据在TEE外无法被解密;Step S04: When data needs to be used, the encrypted data is read from the secure storage area. All encryption and decryption operations are completed inside the TEE, and the encrypted data cannot be decrypted outside the TEE.

步骤S05:在可信执行环境TEE中使用私钥对加密数据进行解密,实现双重加密机制,即使加密数据被窃取,没有TEE内部的私钥也无法解密。Step S05: Use the private key in the trusted execution environment TEE to decrypt the encrypted data to implement a double encryption mechanism. Even if the encrypted data is stolen, it cannot be decrypted without the private key inside the TEE.

基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法,显著提高了蓝牙数字钥匙的安全性,有效防止未经授权的访问和数据泄露。利用硬件级安全隔离,增强了对高级攻击的抵抗能力。简化了开发者实现高安全性存储的复杂度,提高了应用的安全性和可靠性。适用于各种需要高安全性的移动应用场景,如智能家居、汽车共享等领域。The high-security Bluetooth digital key storage management method based on mobile TEE significantly improves the security of Bluetooth digital keys and effectively prevents unauthorized access and data leakage. By using hardware-level security isolation, the resistance to advanced attacks is enhanced. It simplifies the complexity of developers to achieve high-security storage and improves the security and reliability of applications. It is suitable for various mobile application scenarios that require high security, such as smart home, car sharing and other fields.

作为本发明提供的一个实施例,优选的,所述安全存储区域在iOS平台上为Keychain,在Android平台上为EncryptedSharedPreferences;在iOS平台上,将加密数据存储在Keychain时,设置kSecAttrAccessible属性为kSecAttrAccessibleWhenUnlockedThisDeviceOnly。As an embodiment provided by the present invention, preferably, the secure storage area is Keychain on the iOS platform and is EncryptedSharedPreferences on the Android platform; on the iOS platform, when the encrypted data is stored in the Keychain, the kSecAttrAccessible attribute is set to kSecAttrAccessibleWhenUnlockedThisDeviceOnly.

基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法,具有独创性的技术:A highly secure Bluetooth digital key storage management method based on mobile TEE, with original technology:

提供跨平台统一安全架构:本发明首次提出了一种在iOS和Android平台上统一的TEE安全架构,实现了高度一致的安全存储和管理方法,大大简化了跨平台应用的开发和维护;Providing a unified cross-platform security architecture: This invention proposes a unified TEE security architecture on iOS and Android platforms for the first time, achieving a highly consistent security storage and management method, greatly simplifying the development and maintenance of cross-platform applications;

多层次安全防护:通过结合硬件TEE、非对称加密、安全存储和访问控制等多重安全机制,构建了一个全方位的安全防护体系,显著提高了抵御各类攻击的能力;Multi-layer security protection: By combining multiple security mechanisms such as hardware TEE, asymmetric encryption, secure storage and access control, a comprehensive security protection system is built, which significantly improves the ability to resist various attacks;

动态密钥管理:引入了基于TEE的动态密钥生成和管理机制,避免了静态密钥存储的风险,增强了系统的长期安全性;Dynamic key management: The introduction of a dynamic key generation and management mechanism based on TEE avoids the risk of static key storage and enhances the long-term security of the system.

性能优化的加密方案:采用了OAEP填充的RSA加密,在保证安全性的同时,优化了加密性能,适合移动设备的资源限制;Performance-optimized encryption scheme: RSA encryption with OAEP padding is used to optimize encryption performance while ensuring security, which is suitable for the resource limitations of mobile devices;

灵活的数据隔离策略:通过精细的访问控制策略,实现了应用级别的数据隔离,有效防止了跨应用的数据泄露。Flexible data isolation strategy: Through sophisticated access control strategies, application-level data isolation is achieved, effectively preventing cross-application data leakage.

实施例二:Embodiment 2:

基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法,在iOS平台实现方法:High-security Bluetooth digital key storage management method based on mobile TEE, implementation method on iOS platform:

步骤1:生成密钥对Step 1: Generate a key pair

a.创建密钥生成参数字典:a. Create a dictionary of key generation parameters:

b.使用SecKeyCreateRandomKey函数生成密钥对:b. Use the SecKeyCreateRandomKey function to generate a key pair:

c.从私钥获取公钥:c. Get the public key from the private key:

guard let publicKey=SecKeyCopyPublicKey(privateKey)else{guard let publicKey=SecKeyCopyPublicKey(privateKey)else{

throw SomeError.failedToGetPublicKeythrow SomeError.failedToGetPublicKey

};};

步骤2:使用公钥加密数据Step 2: Encrypt data using the public key

a.准备加密参数:a. Prepare encryption parameters:

b.执行加密操作:b. Perform encryption operations:

步骤3:将加密数据存储在Keychain中Step 3: Store the encrypted data in the Keychain

a.准备Keychain查询字典:a. Prepare the Keychain query dictionary:

b.将数据添加到Keychain:b. Add data to Keychain:

步骤4:从Keychain中读取加密数据a.准备Keychain查询字典:Step 4: Read encrypted data from the Keychain a. Prepare the Keychain query dictionary:

b.从Keychain检索数据:b. Retrieve data from Keychain:

步骤5:使用私钥解密数据a.获取私钥引用:Step 5: Decrypt data using private key a. Get private key reference:

b.执行解密操作:b. Perform decryption operation:

实施例三:Embodiment three:

基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法,在Android平台实现方法:A high-security Bluetooth digital key storage management method based on mobile TEE, implemented on the Android platform:

步骤1:生成密钥对Step 1: Generate a key pair

a.创建KeyGenParameterSpec:a. Create KeyGenParameterSpec:

b.初始化KeyPairGenerator并生成密钥对:b. Initialize KeyPairGenerator and generate a key pair:

步骤2:使用公钥加密数据Step 2: Encrypt data using the public key

a.获取公钥:a. Get the public key:

KeyStore keyStore=KeyStore.getInstance("AndroidKeyStore");KeyStore keyStore=KeyStore.getInstance("AndroidKeyStore");

keyStore.load(null);keyStore.load(null);

PublicKey publicKey=keyStore.getCertificate("bluetooth_key_alias").getPublicKey();PublicKey publicKey=keyStore.getCertificate("bluetooth_key_alias").getPublicKey();

b.初始化Cipher并加密数据:b. Initialize Cipher and encrypt data:

Cipher cipher=Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");Cipher cipher=Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");

cipher.init(Cipher.ENCRYPT_MODE,publicKey);cipher.init(Cipher.ENCRYPT_MODE,publicKey);

byte[]encryptedData=cipher.doFinal(dataToEncrypt);byte[]encryptedData=cipher.doFinal(dataToEncrypt);

步骤3:将加密数据存储在安全位置Step 3: Store the encrypted data in a secure location

a.使用EncryptedSharedPreferences:a. Use EncryptedSharedPreferences:

步骤4:从安全位置读取加密数据a.从EncryptedSharedPreferences读取数据:Step 4: Read encrypted data from a secure location a. Read data from EncryptedSharedPreferences:

步骤5:使用私钥解密数据Step 5: Decrypt the data using the private key

a.获取私钥:a. Get the private key:

KeyStore keyStore=KeyStore.getInstance("AndroidKeyStore");KeyStore keyStore=KeyStore.getInstance("AndroidKeyStore");

keyStore.load(null);keyStore.load(null);

PrivateKey privateKey=(PrivateKey)keyStore.getKey("bluetooth_key_alias",null);PrivateKey privateKey=(PrivateKey)keyStore.getKey("bluetooth_key_alias",null);

b.初始化Cipher并解密数据:b. Initialize Cipher and decrypt data:

Cipher cipher=Cipher cipher=

Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");

cipher.init(Cipher.DECRYPT_MODE,privateKey);cipher.init(Cipher.DECRYPT_MODE,privateKey);

byte[]decryptedData=cipher.doFinal(encryptedData)。byte[]decryptedData=cipher.doFinal(encryptedData).

实施例四:Embodiment 4:

作为本发明提供的一个实施例,优选的,基于实施例一,步骤S01中采用非对称加密技术生成密钥对为RSA密钥对,密钥长度为2048位;在加密蓝牙数字钥匙数据之前,对蓝牙数字钥匙数据进行OAEP填充;使用SHA256算法作为OAEP填充的哈希函数。As an embodiment provided by the present invention, preferably, based on Embodiment 1, in step S01, asymmetric encryption technology is used to generate a key pair as an RSA key pair with a key length of 2048 bits; before encrypting the Bluetooth digital key data, OAEP padding is performed on the Bluetooth digital key data; and the SHA256 algorithm is used as the hash function for OAEP padding.

作为本发明提供的一个实施例,优选的,基于实施例一,还包括以下步骤:As an embodiment provided by the present invention, preferably, based on Embodiment 1, the following steps are further included:

步骤B01:在可信执行环境TEE中部署一个安全随机数生成器;Step B01: Deploy a secure random number generator in the trusted execution environment TEE;

步骤B02:使用安全随机数生成器为每个蓝牙数字钥匙生成唯一标识符;Step B02: Generate a unique identifier for each Bluetooth digital key using a secure random number generator;

步骤B03:将唯一标识符与加密后的蓝牙数字钥匙数据一起存储;Step B03: storing the unique identifier together with the encrypted Bluetooth digital key data;

步骤B04:在检索和使用蓝牙数字钥匙时,先验证唯一标识符的有效性,如果唯一标识符无效,则拒绝访问对应的蓝牙数字钥匙数据。Step B04: When retrieving and using the Bluetooth digital key, first verify the validity of the unique identifier. If the unique identifier is invalid, access to the corresponding Bluetooth digital key data is denied.

作为本发明提供的一个实施例,优选的,基于实施例一,还包括以下步骤:As an embodiment provided by the present invention, preferably, based on Embodiment 1, the following steps are further included:

步骤G01:定期或基于设定条件触发密钥轮换;Step G01: triggering key rotation periodically or based on set conditions;

步骤G02:在可信执行环境TEE内部生成新的密钥对;Step G02: Generate a new key pair inside the trusted execution environment TEE;

步骤G03:使用新的公钥重新对蓝牙数字钥匙数据进行加密;Step G03: re-encrypt the Bluetooth digital key data using the new public key;

步骤G04:安全销毁旧的私钥。Step G04: Safely destroy the old private key.

作为本发明提供的一个实施例,优选的,基于实施例一,还包括以下步骤:As an embodiment provided by the present invention, preferably, based on Embodiment 1, the following steps are further included:

步骤F01:在可信执行环境TEE外部部署一个访问控制模块,用于管理对加密的蓝牙数字钥匙数据的访问权限;Step F01: deploy an access control module outside the trusted execution environment TEE to manage access rights to the encrypted Bluetooth digital key data;

步骤F02:所述访问控制模块根据预定义的策略,决定是否允许应用程序请求解密数据。Step F02: The access control module determines whether to allow the application to request data decryption according to a predefined policy.

作为本发明提供的一个实施例,优选的,基于实施例一,所述步骤S03中:As an embodiment provided by the present invention, preferably, based on Embodiment 1, in step S03:

在加密数据存储时,同时存储一个与加密数据相关联的元数据;When the encrypted data is stored, metadata associated with the encrypted data is also stored;

元数据包含数据的创建时间、最后访问时间、访问次数等信息;Metadata includes information such as the creation time, last access time, and access count of the data;

基于元数据实现数据生命周期管理,包括自动删除过期数据。Implement data lifecycle management based on metadata, including automatic deletion of expired data.

作为本发明提供的一个实施例,优选的,基于实施例一,还包括以下步骤:As an embodiment provided by the present invention, preferably, based on Embodiment 1, the following steps are further included:

通过安全日志系统记录所有关键操作,关键操作包括密钥生成、数据加解密、访问控制决策等;All key operations are recorded through the security log system, including key generation, data encryption and decryption, access control decisions, etc.

安全日志系统记录的安全日志存储在可信执行环境TEE保护的存储区域,防止被篡改或删除。The security logs recorded by the security log system are stored in the storage area protected by the trusted execution environment TEE to prevent tampering or deletion.

作为本发明提供的一个实施例,优选的,基于实施例一,还包括以下步骤:通过安全备份和恢复机制,允许用户在更换移动设备时安全地迁移加密的蓝牙数字钥匙数据;备份过程中,使用额外的加密层保护数据,并要求用户提供额外的认证信息。As an embodiment provided by the present invention, preferably, based on Embodiment 1, the following steps are also included: through a secure backup and recovery mechanism, the user is allowed to securely migrate the encrypted Bluetooth digital key data when changing the mobile device; during the backup process, an additional encryption layer is used to protect the data, and the user is required to provide additional authentication information.

实施例五:Embodiment five:

作为本发明提供的一个实施例,优选的,基于实施例一,还包括以下步骤:As an embodiment provided by the present invention, preferably, based on Embodiment 1, the following steps are further included:

在TEE外部实现一个密钥管理模块,用于协调密钥的生成、使用和轮换;Implement a key management module outside the TEE to coordinate the generation, use, and rotation of keys;

该密钥管理模块通过安全通道与TEE进行通信,但不直接访问TEE内部的私钥。The key management module communicates with TEE through a secure channel but does not directly access the private key inside TEE.

实施例六:Embodiment six:

还包括一种基于实施例一的移动设备,包括:Also included is a mobile device based on the first embodiment, including:

a)处理器;a) Processor;

b)存储器;b) memory;

c)通信接口;c) Communication interface;

d)可信执行环境TEE;d) Trusted Execution Environment TEE;

其中,所述存储器存储有计算机程序,所述计算机程序被所述处理器执行时实现所述的方法。The memory stores a computer program, and when the computer program is executed by the processor, the method described is implemented.

还包括一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现实施例一至五所述的方法。Also included is a computer-readable storage medium storing a computer program, which implements the methods described in embodiments 1 to 5 when executed by a processor.

本发明的实施为开发者提供了一个强大而灵活的安全框架,大大简化了实现高安全性应用的复杂度。随着物联网和智能设备的进一步普及,本发明将在保护用户隐私和数据安全方面发挥重要作用。The implementation of the present invention provides developers with a powerful and flexible security framework, greatly simplifying the complexity of implementing high-security applications. With the further popularization of the Internet of Things and smart devices, the present invention will play an important role in protecting user privacy and data security.

本发明显著提高了移动应用中敏感数据的安全性,同时保持了良好的用户体验和系统性能。该方法不仅适用于蓝牙数字钥匙的管理,还可扩展到其他需要高安全性的移动应用场景,如金融交易、身份认证等领域。The present invention significantly improves the security of sensitive data in mobile applications while maintaining a good user experience and system performance. The method is not only applicable to the management of Bluetooth digital keys, but can also be extended to other mobile application scenarios that require high security, such as financial transactions, identity authentication and other fields.

基于移动端TEE的高安全性蓝牙数字钥匙存储管理方法,通过利用iOS和Android平台的硬件安全特性,结合非对称加密、安全存储和严格的访问控制,实现了高度安全的数字钥匙管理系统;显著提高了移动应用中敏感数据的安全性,同时保持了良好的用户体验和系统性能。该方法不仅适用于蓝牙数字钥匙的管理,还可扩展到其他需要高安全性的移动应用场景,如金融交易、身份认证等领域:The high-security Bluetooth digital key storage management method based on mobile TEE realizes a highly secure digital key management system by utilizing the hardware security features of iOS and Android platforms, combining asymmetric encryption, secure storage and strict access control; it significantly improves the security of sensitive data in mobile applications while maintaining a good user experience and system performance. This method is not only applicable to the management of Bluetooth digital keys, but can also be extended to other mobile application scenarios that require high security, such as financial transactions, identity authentication and other fields:

在本说明书的描述中,参考术语“一个实施例”、“示例”、“具体示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, the description with reference to the terms "one embodiment", "example", "specific example", etc. means that the specific features, structures, materials or characteristics described in conjunction with the embodiment or example are included in at least one embodiment or example of the present invention. In this specification, the schematic representation of the above terms does not necessarily refer to the same embodiment or example. Moreover, the specific features, structures, materials or characteristics described can be combined in any one or more embodiments or examples in a suitable manner.

以上公开的本发明优选实施例只是用于帮助阐述本发明。优选实施例并没有详尽叙述所有的细节,也不限制该发明仅为所述的具体实施方式。显然,根据本说明书的内容,可作很多的修改和变化。本说明书选取并具体描述这些实施例,是为了更好地解释本发明的原理和实际应用,从而使所属技术领域技术人员能很好地理解和利用本发明。本发明仅受权利要求书及其全部范围和等效物的限制。The preferred embodiments of the present invention disclosed above are only used to help illustrate the present invention. The preferred embodiments do not describe all the details in detail, nor do they limit the invention to the specific implementation methods described. Obviously, many modifications and changes can be made according to the content of this specification. This specification selects and specifically describes these embodiments in order to better explain the principles and practical applications of the present invention, so that those skilled in the art can understand and use the present invention well. The present invention is limited only by the claims and their full scope and equivalents.

Claims (10)

1. The high-security Bluetooth digital key storage management method based on mobile terminal TEE is characterized by comprising the following steps:
step S01: utilizing a hardware security module of the mobile device as a Trusted Execution Environment (TEE); generating a key pair in the trusted execution environment TEE by adopting an asymmetric encryption technology;
step S02: encrypting the Bluetooth digital key data by using the public key;
Step S03: storing the encrypted data in a secure storage area of the mobile device;
step S04: when the data is needed to be used, the encrypted data is read from the safe storage area;
step S05: the encrypted data is decrypted in the trusted execution environment TEE using the private key.
2. The mobile terminal TEE-based high-security bluetooth digital key storage management method according to claim 1, wherein the hardware security module is Secure enclaspe on an iOS platform and is trust zone-based KeyStore on an Android platform.
3. The mobile terminal TEE-based high security bluetooth digital key storage management method according to claim 1, wherein in the step S01, an asymmetric encryption technology is adopted to generate a key pair as an RSA key pair, and the key length is 2048 bits; performing OAEP population on bluetooth digital key data prior to encrypting the bluetooth digital key data; the SHA256 algorithm is used as a hash function for OAEP padding.
4. The mobile-TEE-based high security bluetooth digital key storage management method of claim 1, further comprising the steps of:
step B01: deploying a secure random number generator in the trusted execution environment TEE;
Step B02: generating a unique identifier for each bluetooth digital key using a secure random number generator;
step B03: storing the unique identifier with the encrypted Bluetooth digital key data;
Step B04: when the Bluetooth digital key is searched and used, the validity of the unique identifier is verified, and if the unique identifier is invalid, the corresponding Bluetooth digital key data is refused to be accessed.
5. The mobile terminal TEE-based high-security bluetooth digital key storage management method according to claim 1, wherein the secure storage area is Keychain on an iOS platform and is ENCRYPTEDSHAREDPREFERENCES on an Android platform; when storing the encrypted data in Keychain on the iOS platform, the kSecAttrAccessible attribute is set to kSecAttrAccessibleWhenUnlockedThisDeviceOnly.
6. The mobile-TEE-based high security bluetooth digital key storage management method of claim 1, further comprising the steps of:
Step G01: triggering key rotation periodically or based on a set condition;
Step G02: generating a new key pair inside the trusted execution environment TEE;
step G03: encrypting the Bluetooth digital key data again by using the new public key;
step G04: the old private key is destroyed securely.
7. The mobile-TEE-based high security bluetooth digital key storage management method of claim 1, further comprising the steps of:
step F01: an access control module is deployed outside the trusted execution environment TEE and used for managing access rights to encrypted Bluetooth digital key data;
Step F02: the access control module decides whether to allow the application program to request decryption data according to a predefined policy.
8. The mobile terminal TEE-based high security bluetooth digital key storage management method according to claim 1, wherein in step S03:
Storing metadata associated with the encrypted data at the same time when the encrypted data is stored;
the metadata comprises the creation time, the last access time and the access times of the data;
Data lifecycle management is implemented based on the metadata.
9. The mobile-TEE-based high security bluetooth digital key storage management method of claim 1, further comprising the steps of:
Recording all key operations through a security log system, wherein the key operations comprise key generation, data encryption and decryption and access control decision;
The security log recorded by the security log system is stored in a storage area protected by a Trusted Execution Environment (TEE) to prevent the security log from being tampered or deleted.
10. The mobile-TEE-based high security bluetooth digital key storage management method of claim 1, further comprising the steps of: allowing a user to safely migrate encrypted Bluetooth digital key data when replacing the mobile device through a safe backup and recovery mechanism; during the backup process, the data is protected using an additional encryption layer and requires the user to provide additional authentication information.
CN202410967907.9A 2024-07-18 2024-07-18 High-security Bluetooth digital key storage management method based on mobile terminal TEE Pending CN118921661A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410967907.9A CN118921661A (en) 2024-07-18 2024-07-18 High-security Bluetooth digital key storage management method based on mobile terminal TEE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410967907.9A CN118921661A (en) 2024-07-18 2024-07-18 High-security Bluetooth digital key storage management method based on mobile terminal TEE

Publications (1)

Publication Number Publication Date
CN118921661A true CN118921661A (en) 2024-11-08

Family

ID=93313135

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410967907.9A Pending CN118921661A (en) 2024-07-18 2024-07-18 High-security Bluetooth digital key storage management method based on mobile terminal TEE

Country Status (1)

Country Link
CN (1) CN118921661A (en)

Similar Documents

Publication Publication Date Title
CN105260663B (en) A kind of safe storage service system and method based on TrustZone technologies
CN109923548B (en) Method, system and computer program product for implementing data protection by supervising process access to encrypted data
US8281135B2 (en) Enforcing use of chipset key management services for encrypted storage devices
KR100996784B1 (en) One or more computer readable media storing a method, system and a plurality of instructions implemented in a computing device for storage and retrieval of data based on public key encryption.
KR101067399B1 (en) One or more computer readable media storing a method, system and a plurality of instructions implemented in a computing device for storage and retrieval of data based on symmetric key encryption.
US7849514B2 (en) Transparent encryption and access control for mass-storage devices
JP4089171B2 (en) Computer system
JP6275653B2 (en) Data protection method and system
CN109412812B (en) Data security processing system, method, device and storage medium
US20040098591A1 (en) Secure hardware device authentication method
CN101452514A (en) User data protection method for safety computer
WO2022184456A1 (en) Authorized encryption
CN113098697B (en) Block chain data writing and accessing method and device
CN106022154A (en) Method for encrypting database and database server
WO2015117523A1 (en) Access control method and device
CN118821243B (en) Data processing method, electronic device, storage medium and computer program product
CN111538973A (en) Personal authorization access control system based on state cryptographic algorithm
CN114942729A (en) Data safety storage and reading method for computer system
CN118427882B (en) Massive data privacy protection system and method
CN109474431B (en) Client authentication method and computer readable storage medium
CN111523129A (en) TPM-based data leakage protection method
CN116305330B (en) Safety management method for CPU hardware
Lee et al. A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services
US12174988B2 (en) System and method for managing transparent data encryption of database
CN117579267A (en) Key protection mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination