CN111625829A - Application activation method and device based on trusted execution environment - Google Patents
Application activation method and device based on trusted execution environment Download PDFInfo
- Publication number
- CN111625829A CN111625829A CN201910145498.3A CN201910145498A CN111625829A CN 111625829 A CN111625829 A CN 111625829A CN 201910145498 A CN201910145498 A CN 201910145498A CN 111625829 A CN111625829 A CN 111625829A
- Authority
- CN
- China
- Prior art keywords
- trusted
- activation
- key
- code
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种可信执行环境的激活方法,可信执行环境部署于终端设备中,该方法包括:将终端设备标识发送至服务端;接收服务端返回的激活信息,激活信息包括加密后的可信身份标识、可信密钥和激活码,可信身份标识、可信密钥与终端设备标识相对应,激活码根据终端设备标识生成;对激活信息进行解密,以得到可信身份标识、可信密钥和激活码;将可信身份标识、可信密钥和激活码加密存储至安全存储空间。本发明一并公开了可信执行环境的激活验证方法、基于可信执行环境的应用激活及激活验证方法、以及相应的装置。
The invention discloses a method for activating a trusted execution environment. The trusted execution environment is deployed in a terminal device. The method includes: sending an identification of the terminal device to a server; and receiving activation information returned by the server, where the activation information includes encrypted The trusted identity, trusted key and activation code are corresponding to the terminal equipment identification, and the activation code is generated according to the terminal equipment identification; the activation information is decrypted to obtain the trusted identification , trusted keys and activation codes; encrypted storage of trusted identities, trusted keys and activation codes in a secure storage space. The invention also discloses an activation verification method of a trusted execution environment, an application activation and activation verification method based on the trusted execution environment, and a corresponding device.
Description
技术领域technical field
本发明涉及应用安全技术领域,尤其涉及一种基于可信执行环境的应用激活方法及装置。The present invention relates to the technical field of application security, and in particular, to an application activation method and device based on a trusted execution environment.
背景技术Background technique
软件发布后,需要一种方式来防止软件被破解和盗用,以保证软件开发商自身的利益。目前,通常采用注册码的方式来对软件进行保护,即,用户先下载安装试用版软件,然后通过向服务器申请注册码的方式来激活软件。之后,当用户使用该软件时,软件会读取注册码文件,根据注册码文件来判断该软件是否可用。After the software is released, there needs to be a way to prevent the software from being cracked and misappropriated, so as to protect the interests of the software developers. At present, the software is usually protected by means of a registration code, that is, a user first downloads and installs a trial version of the software, and then activates the software by applying for a registration code to the server. After that, when the user uses the software, the software will read the registration code file, and judge whether the software is available according to the registration code file.
上述软件激活方案存在一些问题:There are some problems with the above software activation scheme:
1、注册码文件在设备中未加密存储,导致其可以被明文拷贝至其他设备,使其他设备上安装的软件被非法破解。此外,注册码文件的内容可能被用户篡改,以非法延长软件的使用次数或有效期。1. The registration code file is not encrypted and stored in the device, so that it can be copied to other devices in plain text, so that the software installed on other devices can be illegally cracked. In addition, the content of the registration code file may be tampered with by the user to illegally extend the number of times or the validity period of the software.
2、注册码文件未与设备绑定,导致注册码文件可以在不同的设备中使用,使其他设备上安装的软件被非法破解。2. The registration code file is not bound to the device, so the registration code file can be used in different devices, and the software installed on other devices can be illegally cracked.
3、服务器在向设备传输注册码的过程中,注册码文件的内容未加密,导致注册码文件容易被监听或伪造。3. When the server transmits the registration code to the device, the content of the registration code file is not encrypted, which makes the registration code file easy to be monitored or forged.
因此,需要提供一种更加安全的软件激活方法。Therefore, there is a need to provide a more secure software activation method.
发明内容SUMMARY OF THE INVENTION
为此,本发明提供一种基于可信执行环境的应用激活方法及装置,以力图解决或至少缓解上面存在的问题。Therefore, the present invention provides an application activation method and device based on a trusted execution environment, so as to try to solve or at least alleviate the above problems.
根据本发明的第一个方面,提供一种可信执行环境的激活方法,所述可信执行环境部署于终端设备中,所述方法包括:将终端设备标识发送至服务端;接收服务端返回的激活信息,所述激活信息包括加密后的可信身份标识、可信密钥和激活码,所述可信身份标识、可信密钥与所述终端设备标识相对应,所述激活码根据所述终端设备标识生成;对所述激活信息进行解密,以得到可信身份标识、可信密钥和激活码;将所述可信身份标识、可信密钥和激活码加密存储至安全存储空间。According to a first aspect of the present invention, a method for activating a trusted execution environment is provided, where the trusted execution environment is deployed in a terminal device, and the method includes: sending an identifier of the terminal device to a server; The activation information includes the encrypted trusted identity identifier, trusted key and activation code, the trusted identity identifier and trusted key correspond to the terminal device identifier, and the activation code is based on the The terminal device identification is generated; the activation information is decrypted to obtain a trusted identification, a trusted key and an activation code; the trusted identification, trusted key and activation code are encrypted and stored in a secure storage space.
根据本发明的第二个方面,提供一种可信执行环境的激活方法,所述可信执行环境部署于终端设备中,所述方法包括:接收终端设备发送的终端设备标识;生成与所述终端设备标识相对应的可信身份标识和可信密钥,以及根据所述终端设备标识生成激活码;对所述可信身份标识、可信密钥和激活码进行加密以生成激活信息;将所述激活信息发送至所述终端设备,以便所述终端设备:对所述激活信息进行解密以得到可信身份标识、可信密钥和激活码,以及将所述可信身份标识、可信密钥和激活码加密存储至安全存储空间。According to a second aspect of the present invention, there is provided a method for activating a trusted execution environment, where the trusted execution environment is deployed in a terminal device, and the method includes: receiving a terminal device identifier sent by the terminal device; a trusted identity identifier and a trusted key corresponding to the terminal device identifier, and generating an activation code according to the terminal device identifier; encrypting the trusted identity identifier, the trusted key and the activation code to generate activation information; The activation information is sent to the terminal device, so that the terminal device: decrypts the activation information to obtain a trusted identity, a trusted key and an activation code, and converts the trusted identity, trusted Keys and activation codes are encrypted and stored in a secure storage space.
根据本发明的第三个方面,提供一种可信执行环境的激活验证方法,在终端设备的可信执行环境中执行,所述方法包括:获取可信身份标识、可信密钥和可信执行环境的激活码,所述激活码包括可信执行环境的使用权限信息和校验信息,所述校验信息包括采用所述可信密钥对所述可信身份标识、使用权限信息、终端设备标识进行加密所生成的密文;获取终端设备标识,采用可信密钥对所述可信身份标识、使用权限信息、终端设备标识进行加密,生成第一密文;若所述第一密文与所述校验信息一致,且终端设备当前的使用环境与所述使用权限信息匹配,则所述可信执行环境激活成功。According to a third aspect of the present invention, a method for activation verification of a trusted execution environment is provided, which is executed in a trusted execution environment of a terminal device, the method comprising: obtaining a trusted identity, a trusted key and a trusted The activation code of the execution environment, the activation code includes the use authority information and verification information of the trusted execution environment, and the verification information includes the use of the trusted key to the trusted identity, use authority information, terminal The ciphertext generated by encrypting the device ID; obtaining the terminal device ID, encrypting the trusted ID, usage authority information, and terminal device ID with a trusted key to generate the first ciphertext; If the text is consistent with the verification information, and the current use environment of the terminal device matches the use permission information, the trusted execution environment is successfully activated.
根据本发明的第四个方面,提供一种基于可信执行环境的应用激活方法,所述可信执行环境部署于终端设备中,所述方法包括:将终端设备的可信身份标识发送至服务端:接收服务端返回的注册信息,所述注册信息包括采用所述可信身份标识所对应的可信密钥加密后的注册码,所述注册码根据所述可信身份标识生成;采用可信密钥对所述注册信息进行解密,以得到注册码;将所述注册码加密存储至安全存储空间。According to a fourth aspect of the present invention, there is provided an application activation method based on a trusted execution environment, where the trusted execution environment is deployed in a terminal device, and the method includes: sending a trusted identity of the terminal device to a service Terminal: receive the registration information returned by the server, where the registration information includes a registration code encrypted with the trusted key corresponding to the trusted identity, and the registration code is generated according to the trusted identity; Decrypt the registration information with the trust key to obtain a registration code; encrypt and store the registration code in a secure storage space.
根据本发明的第五个方面,提供一种基于可信执行环境的应用激活方法,所述可信执行环境部署于终端设备中,所述方法包括:接收终端设备发送的可信身份标识;根据所述可信身份标识生成注册码;采用所述可信身份标识所对应的可信密钥来加密所述注册码,以生成注册信息;将所述注册信息发送至所述终端设备,以便所述终端设备:采用可信密钥对所述注册信息进行解密,以得到注册码;以及将所述注册码加密存储至安全存储空间。According to a fifth aspect of the present invention, there is provided an application activation method based on a trusted execution environment, where the trusted execution environment is deployed in a terminal device, and the method includes: receiving a trusted identity sent by the terminal device; The trusted identity identifier generates a registration code; the trusted key corresponding to the trusted identity identifier is used to encrypt the registration code to generate registration information; and the registration information is sent to the terminal device so that all The terminal device: decrypts the registration information with a trusted key to obtain a registration code; and encrypts and stores the registration code in a secure storage space.
根据本发明的第六个方面,提供一种基于可信执行环境的应用激活验证方法,在终端设备的可信执行环境中执行,所述方法包括:获取可信身份标识、可信密钥和待验证的应用的注册码,所述注册码包括使用权限信息和校验信息,所述校验信息为采用所述可信密钥对所述可信身份标识、使用权限信息进行加密所生成的密文;采用所述可信密钥对所述可信身份标识、使用权限信息进行加密,生成第一密文;若所述第一密文与所述校验信息一致,则将所述注册码发送至待验证的应用,以便所述应用根据当前使用环境与所述使用权限信息是否匹配来确定其是否激活成功。According to a sixth aspect of the present invention, there is provided an application activation verification method based on a trusted execution environment, executed in a trusted execution environment of a terminal device, the method comprising: acquiring a trusted identity identifier, a trusted key and The registration code of the application to be verified, the registration code includes use authority information and verification information, and the verification information is generated by encrypting the trusted identity identifier and the use authority information with the trusted key ciphertext; use the trusted key to encrypt the trusted identity identifier and use authority information to generate a first ciphertext; if the first ciphertext is consistent with the verification information, register the The code is sent to the application to be verified, so that the application determines whether the activation is successful according to whether the current usage environment matches the usage permission information.
根据本发明的第七个方面,提供一种终端设备,所述终端设备上部署有可信执行环境,所述可信执行环境包括激活管理应用,所述激活管理应用适于执行如上所述的可信执行环境的激活方法、可信执行环境的激活验证方法、基于可信执行环境的应用激活方法以及基于可信执行环境的应用激活验证方法。According to a seventh aspect of the present invention, there is provided a terminal device on which a trusted execution environment is deployed, the trusted execution environment including an activation management application, and the activation management application is adapted to execute the above-mentioned A trusted execution environment activation method, a trusted execution environment activation verification method, an application activation method based on a trusted execution environment, and an application activation verification method based on a trusted execution environment.
根据本发明的第八个方面,提供一种服务器,包括:至少一个处理器;和存储有程序指令的存储器,其中,所述程序指令被配置为适于由所述至少一个处理器执行,所述程序指令包括用于执行如上所述的可信执行环境的激活方法、基于可信执行环境的应用激活方法的指令。According to an eighth aspect of the present invention, there is provided a server comprising: at least one processor; and a memory storing program instructions, wherein the program instructions are configured to be adapted to be executed by the at least one processor, the The program instructions include instructions for executing the above-mentioned trusted execution environment activation method and application activation method based on the trusted execution environment.
根据本发明的第九个方面,提供一种基于可信执行环境的应用激活系统,包括:如上所述的终端设备;以及如上所述的服务器。According to a ninth aspect of the present invention, there is provided an application activation system based on a trusted execution environment, comprising: the above terminal device; and the above server.
本发明提供一种基于可信执行环境的应用激活方案。可信执行环境是一个独立、可信的环境,其具有隔离的硬件环境和独立的操作系统,可用于存储、处理和保护敏感数据。在本发明的技术方案中,首先,对终端设备中的可信执行环境进行激活,在可信执行环境已激活的基础上,可信执行环境可以向终端设备的其他应用提供可信的应用激活及激活验证服务,从而保证其他应用的安全。可信执行环境的激活码、应用的注册码均通过可信执行环境加密存储至安全存储空间中,安全存储空间中的数据只能被可信执行环境中的激活管理应用读取,保证了其不会被非法获取以及篡改。The present invention provides an application activation scheme based on a trusted execution environment. A Trusted Execution Environment is an independent, trusted environment with an isolated hardware environment and an independent operating system that can be used to store, process, and protect sensitive data. In the technical solution of the present invention, first, the trusted execution environment in the terminal device is activated, and on the basis that the trusted execution environment has been activated, the trusted execution environment can provide trusted application activation to other applications of the terminal device and activate the authentication service to keep other applications safe. The activation code of the trusted execution environment and the registration code of the application are encrypted and stored in the secure storage space through the trusted execution environment, and the data in the secure storage space can only be read by the activation management application in the trusted execution environment, ensuring its It will not be illegally obtained and tampered with.
在激活可信执行环境的过程中,服务端生成终端设备的可信身份标识和可信密钥。随后,将可信密钥应用于可信执行环境的激活码、以及应用的注册码的加密传输过程。可信密钥在终端设备与服务端中仅传输一次,即,在且仅在激活可信执行环境的过程中,服务端将生成的可信密钥加密传输至终端设备,在后续基于可信执行环境对应用进行激活的过程中,可信密钥不再进行传输。因此,可信密钥仅存储于终端设备和服务端,即使其他设备监听到终端设备与服务端之间传输的注册信息,由于无法获取到可信密钥,其也无法对注册信息进行解密以获取注册码,从而进一步提高了应用注册码的传输安全性。In the process of activating the trusted execution environment, the server generates a trusted identity and a trusted key of the terminal device. Then, the trusted key is applied to the activation code of the trusted execution environment and the encrypted transmission process of the registration code of the application. The trusted key is only transmitted once between the terminal device and the server, that is, during and only in the process of activating the trusted execution environment, the server encrypts and transmits the generated trusted key to the terminal device, and then encrypts and transmits the generated trusted key to the terminal device. During the activation of the application by the execution environment, the trusted key is no longer transmitted. Therefore, the trusted key is only stored in the terminal device and the server. Even if other devices monitor the registration information transmitted between the terminal device and the server, since the trusted key cannot be obtained, it cannot decrypt the registration information to Obtain the registration code, thereby further improving the transmission security of the application registration code.
可信执行环境的激活码以及应用的注册码中均嵌入了终端设备的可信身份标识,从而保证了每台终端设备的激活码、注册码的唯一性和不可复制性。若激活码、注册码被恶意篡改,则终端设备的可信执行环境、应用的激活验证会失败。此外,即使激活码、注册码被拷贝至其他终端设备中,也无法用于激活其他终端设备的可信执行环境或应用。Both the activation code of the trusted execution environment and the registration code of the application are embedded with the trusted identity of the terminal device, thereby ensuring the uniqueness and non-replicability of the activation code and registration code of each terminal device. If the activation code and registration code are maliciously tampered with, the trusted execution environment of the terminal device and the activation verification of the application will fail. In addition, even if the activation code and registration code are copied to other terminal devices, they cannot be used to activate the trusted execution environment or applications of other terminal devices.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.
附图说明Description of drawings
为了实现上述以及相关目的,本文结合下面的描述和附图来描述某些说明性方面,这些方面指示了可以实践本文所公开的原理的各种方式,并且所有方面及其等效方面旨在落入所要求保护的主题的范围内。通过结合附图阅读下面的详细描述,本公开的上述以及其它目的、特征和优势将变得更加明显。遍及本公开,相同的附图标记通常指代相同的部件或元素。To achieve the above and related objects, certain illustrative aspects are described herein in conjunction with the following description and drawings, which are indicative of the various ways in which the principles disclosed herein may be practiced, and all aspects and their equivalents are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent by reading the following detailed description in conjunction with the accompanying drawings. Throughout this disclosure, the same reference numbers generally refer to the same parts or elements.
图1示出了根据本发明一个实施例的可信执行环境的激活系统100的示意图;FIG. 1 shows a schematic diagram of a trusted execution environment activation system 100 according to an embodiment of the present invention;
图2示出了根据本发明一个实施例的基于可信执行环境的应用激活系统200的示意图;FIG. 2 shows a schematic diagram of an application activation system 200 based on a trusted execution environment according to an embodiment of the present invention;
图3示出了根据本发明一个实施例的可信执行环境的激活方法300(终端设备侧)的流程图;3 shows a flowchart of a method 300 (terminal device side) for activating a trusted execution environment according to an embodiment of the present invention;
图4示出了根据本发明一个实施例的可信执行环境的激活过程的示意图;FIG. 4 shows a schematic diagram of an activation process of a trusted execution environment according to an embodiment of the present invention;
图5示出了根据本发明一个实施例的可信执行环境的激活方法500(服务端侧)的流程图;FIG. 5 shows a flowchart of a trusted execution environment activation method 500 (server side) according to an embodiment of the present invention;
图6示出了根据本发明一个实施例的可信执行环境的激活验证方法600的流程图;FIG. 6 shows a flowchart of a
图7示出了根据本发明一个实施例的可信执行环境的激活验证过程的示意图;7 shows a schematic diagram of an activation verification process of a trusted execution environment according to an embodiment of the present invention;
图8示出了根据本发明一个实施例的基于可信执行环境的应用激活方法800(终端设备侧)的流程图;FIG. 8 shows a flowchart of a trusted execution environment-based application activation method 800 (terminal device side) according to an embodiment of the present invention;
图9示出了根据本发明一个实施例的基于可信执行环境的应用激活过程的示意图;FIG. 9 shows a schematic diagram of an application activation process based on a trusted execution environment according to an embodiment of the present invention;
图10示出了根据本发明一个实施例的基于可信执行环境的应用激活方法1000(服务端侧)的流程图;10 shows a flowchart of a trusted execution environment-based application activation method 1000 (server side) according to an embodiment of the present invention;
图11示出了根据本发明一个实施例的基于可信执行环境的应用激活验证方法1100的流程图;以及FIG. 11 shows a flowchart of a
图12示出了根据本发明一个实施例的基于可信执行环境的应用激活验证过程的示意图。FIG. 12 shows a schematic diagram of an application activation verification process based on a trusted execution environment according to an embodiment of the present invention.
具体实施方式Detailed ways
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present disclosure will be more thoroughly understood, and will fully convey the scope of the present disclosure to those skilled in the art.
本发明提供一种基于可信执行环境的应用激活方案。在本发明的技术方案中,首先,对终端设备中的可信执行环境进行激活,在可信执行环境已激活的基础上,可信执行环境可以向终端设备的其他应用提供可信的应用激活及激活验证服务,从而保证其他应用的安全。The present invention provides an application activation scheme based on a trusted execution environment. In the technical solution of the present invention, first, the trusted execution environment in the terminal device is activated, and on the basis that the trusted execution environment has been activated, the trusted execution environment can provide trusted application activation to other applications of the terminal device and activate the authentication service to keep other applications safe.
图1示出了根据本发明一个实施例的可信执行环境的激活系统100的示意图。如图1所示,系统100包括终端设备110和服务端120。应当指出,虽然图1所示的系统100仅包括一个终端设备110和一个服务端120,但是,本领域技术人员可以理解,在实践中,系统100可以包括任意数量的终端设备110和服务端120,本发明对系统100所包括的终端设备110、服务端120的数量均不做限制。FIG. 1 shows a schematic diagram of a trusted execution environment activation system 100 according to an embodiment of the present invention. As shown in FIG. 1 , the system 100 includes a terminal device 110 and a
终端设备110具体可以实现为任意设备,例如手机、平板电脑、智能可穿戴设备、智能家电、车机、无人机等,但不限于此。如图1所示,终端设备110中部署有可信执行环境(Trusted Execution Environment,简称TEE)和富执行环境(Rich ExecutionEnvironment,简称REE)。可信执行环境与富执行环境具有相互隔离的硬件、以及独立的操作系统,用于满足不同安全级别的应用的运行要求。可信执行环境与富执行环境的硬件隔离例如可以通过ARM TrustZone或C-SKY的安全扩展技术来实现,但不限于此。The terminal device 110 can be specifically implemented as any device, such as a mobile phone, a tablet computer, a smart wearable device, a smart home appliance, a car machine, a drone, etc., but is not limited thereto. As shown in FIG. 1 , the terminal device 110 is deployed with a Trusted Execution Environment (Trusted Execution Environment, TEE for short) and a Rich Execution Environment (Rich Execution Environment, REE for short). The trusted execution environment and the rich execution environment have mutually isolated hardware and independent operating systems, and are used to meet the running requirements of applications with different security levels. The hardware isolation of the trusted execution environment and the rich execution environment can be implemented by, for example, the security extension technology of ARM TrustZone or C-SKY, but is not limited thereto.
富执行环境的操作系统可以是Android、iOS、RTOS实时操作系统等通用操作系统,该操作系统上可以运行对安全性要求不高的普通应用,例如即时通讯、拍照、天气查询等。可信执行环境的操作系统通常为一个封闭的、功能相对简单的安全操作系统,在该操作系统上运行对安全性要求较高的可信应用,例如指纹识别、身份认证、电子支付、智能锁等。可信执行环境中的可信应用可以被富执行环境中的普通应用调用以实现相应功能。可信应用不可直接与外部(例如服务器、其他终端设备、用户等)进行通信,而需要以富执行环境中的普通应用为通信中转,即,可信执行环境中的可信应用经由富执行环境中的普通应用来与外部进行通信。The operating system of the rich execution environment can be general-purpose operating systems such as Android, iOS, and RTOS real-time operating systems. Common applications that do not require high security, such as instant messaging, photography, and weather queries, can run on the operating system. The operating system of the trusted execution environment is usually a closed and relatively simple security operating system, on which trusted applications with high security requirements are run, such as fingerprint recognition, identity authentication, electronic payment, and smart locks. Wait. Trusted applications in the trusted execution environment can be invoked by ordinary applications in the rich execution environment to implement corresponding functions. Trusted applications cannot directly communicate with the outside world (such as servers, other terminal devices, users, etc.), but need to use ordinary applications in the rich execution environment as communication relays, that is, trusted applications in the trusted execution environment pass through the rich execution environment. Common applications in to communicate with the outside world.
服务端120可以是任意用于向终端设备110提供可信执行环境在线激活服务的设备,例如物理服务器、或部署于物理服务器中的计算实例等,但不限于此。服务端120用于向终端设备110提供可信执行环境的在线激活服务。在可信执行环境被激活后,终端设备110才可以使用可信执行环境来处理和保护敏感数据。The
在本发明的实施例中,可信执行环境包括激活管理应用112,激活管理应用112经由部署于富执行环境中的接口应用113与服务端120通信,用于对可信执行环境进行激活。具体地,激活管理应用112读取终端设备标识,将终端设备标识经由接口应用113发送至服务端120。服务端120根据终端设备标识生成激活码,并且生成终端设备的可信身份标识和可信密钥,将可信身份标识和可信密钥与终端设备标识关联存储。可信身份标识是一个可以代表设备唯一性的字符串,其用于唯一标识终端设备110,且具备不可篡改、不可伪造、全球唯一的安全属性。可信密钥为根据可信身份标识通过特定算法派生出来的字符串,其用于对与终端设备110相关的关键信息进行加密。服务端120将可信身份标识、可信密钥和激活码加密后生成激活信息,经由接口应用113将激活信息发送至激活管理应用112。激活管理应用112对激活信息进行解密,得出可信身份标识、可信密钥和激活码后,将可信身份标识、可信密钥和激活码加密存储至安全存储空间111。安全存储空间111为用于存储文件的指定空间,文件采用可信密钥加密后存储到该位置。在本发明的实施例中,安全存储空间111能且仅能被激活管理应用112访问。在将可信身份标识、可信密钥和激活码加密存储至安全存储空间111后,终端设备110的可信执行环境激活完成。In the embodiment of the present invention, the trusted execution environment includes an
富执行环境中的普通应用可以调用可信执行环境中的可信应用。当可信应用被调用时,该被调用的可信应用将进一步调用激活管理应用112,以触发可信执行环境的激活验证。激活管理应用112从安全存储空间111中读取可信身份标识、可信密钥和激活码,根据可信身份标识、可信密钥和激活码来验证可信执行环境是否激活成功,随后,将验证结果返回给被普通应用调用的可信应用。若验证激活成功,则被调用的可信应用执行普通应用的调用,并将调用结果返回给普通应用。Common applications in the rich execution environment can call trusted applications in the trusted execution environment. When the trusted application is invoked, the invoked trusted application will further invoke the
例如,如图1所示,富执行环境中的第一普通应用114为购物应用,第一可信应用115为电子支付应用。当用户在第一普通应用114中选中某些商品,需要付款进行购买时,第一普通应用114调用第一可信应用115来实现电子支付功能。第一可信应用115被调用后,触发激活管理应用112进行可信执行环境的激活验证。激活管理应用112从安全存储空间111中读取可信身份标识、可信密钥和激活码,根据可信身份标识、可信密钥和激活码来验证可信执行环境是否激活成功,并将验证结果返回给第一可信应用。若验证激活成功,则第一可信应用115执行第一普通应用114的调用以实现电子支付功能,并将调用结果(是否支付成功)返回给第一普通应用114。For example, as shown in FIG. 1 , the first common application 114 in the rich execution environment is a shopping application, and the first
在可信执行环境已激活的基础上,可信执行环境可以向终端设备110的其他应用提供应用激活及激活验证服务,从而保证其他应用的安全。图2示出了根据本发明一个实施例的基于可信执行环境的应用激活系统200的示意图。如图2所示,系统200包括终端设备110和服务端120,终端设备110中部署有可信执行环境和富执行环境,富执行环境中部署有第二普通应用116。在终端设备110的可信执行环境已激活的基础上,可以基于可信执行环境来激活第二普通应用116。On the basis that the trusted execution environment has been activated, the trusted execution environment may provide application activation and activation verification services to other applications of the terminal device 110, thereby ensuring the security of other applications. FIG. 2 shows a schematic diagram of an application activation system 200 based on a trusted execution environment according to an embodiment of the present invention. As shown in FIG. 2 , the system 200 includes a terminal device 110 and a
服务端120进一步包括应用服务端122和认证服务端124。应用服务端122为向第二普通应用116提供方法及数据调用的服务端,其可以生成用于激活第二普通应用116的使用权限信息(例如生效时间、失效时间、可用次数等)。认证服务端124用于验证终端设备110的身份,根据使用权限信息来生成校验信息,以及对使用权限信息、校验信息进行加密等。The
具体地,第二普通应用116触发激活管理应用112来验证可信执行环境是否激活成功,在可信执行环境激活成功的情况下,将终端设备的可信身份标识发送至应用服务端122。应用服务端122将可信身份标识发送至认证服务端124。认证服务端124对终端设备110的身份进行验证,并将验证结果返回给应用服务端122。在认证服务端124验证通过的情况下,应用服务端122生成第二普通应用116的使用权限信息,并将使用权限信息发送至认证服务端124。认证服务端124根据使用权限信息和可信身份标识来生成校验信息,将使用权限信息和校验信息组合成注册码,获取可信身份标识所对应的可信密钥,采用可信密钥对注册码进行加密,生成注册信息,并将加密后的注册信息依次经由应用服务端122、第二普通应用116发送至激活管理应用112。激活管理应用112从安全存储空间111中获取可信密钥,采用可信密钥对注册信息进行解密以得到注册码,并将注册码加密存储至安全存储空间111。在将注册码加密存储至安全存储空间111后,第二普通应用116激活完成。Specifically, the second
图3示出了根据本发明一个实施例的可信执行环境的激活方法300的流程图。方法300在终端设备(例如前述终端设备110)的可信执行环境中执行,例如,由可信执行环境中的激活管理应用112来执行。如图3所示,方法300始于步骤S310。FIG. 3 shows a flowchart of a
在步骤S310中,将终端设备标识发送至服务端。In step S310, the terminal device identification is sent to the server.
终端设备标识用于唯一标识一个终端设备。由于终端设备标识具有唯一性,因此,也可将其称为设备指纹。终端设备标识例如可以是终端设备的MAC(Media AccessControl)地址、CPU序列号、硬盘序列号等信息,或者是对终端设备的MAC地址、CPU序列号等信息进行加工处理所得到的计算结果等,但不限于此。本发明对终端设备标识的具体内容不做限制。根据一种实施例,通过调用相应的数据接口来获取终端设备标识,该数据接口通常由终端设备的生产厂商提供。The terminal device identifier is used to uniquely identify a terminal device. Because the terminal device identification is unique, it can also be called device fingerprint. The terminal device identifier can be, for example, information such as the MAC (Media Access Control) address, CPU serial number, and hard disk serial number of the terminal device, or a calculation result obtained by processing information such as the terminal device's MAC address and CPU serial number, etc., But not limited to this. The present invention does not limit the specific content of the terminal device identification. According to an embodiment, the terminal device identifier is acquired by invoking a corresponding data interface, where the data interface is usually provided by the manufacturer of the terminal device.
具体地,步骤S310由可信执行环境中的激活管理应用来执行。激活管理应用112不可直接与服务端进行通信,而是经由富执行环境中的接口应用113来将终端设备标识发送至服务端。Specifically, step S310 is performed by an activation management application in a trusted execution environment. The
根据一种实施例,除了将终端设备标识发送至服务端之外,还可以根据终端设备标识来生成认证码,将认证码一并发送至服务端,以便服务端对认证码进行验证,在认证码验证通过后,再根据终端设备标识来生成激活码。According to an embodiment, in addition to sending the terminal device identification to the server, an authentication code can also be generated according to the terminal device identification, and the authentication code can be sent to the server together, so that the server can verify the authentication code. After the code verification is passed, the activation code is generated according to the terminal device identification.
根据一种实施例,认证码包括预置密钥、第一密文和第一映射值,其中,第一密文为采用预置密钥对会话密钥和终端设备标识进行加密所生成的密文,第一映射值为采用预设的映射函数对会话密钥和终端设备标识进行映射所得到的值。根据一种实施例,预置密钥是激活管理应用112的配置信息之一,相应地,预置密钥的值可以从激活管理应用的配置信息中读取。会话密钥由终端设备生成,例如,由激活管理应用112来生成。根据一种实施例,当激活管理应用112与服务端通信时,激活管理应用112将生成用于本次通信的令牌(Token),该令牌包括从配置信息中读取的预置密钥和生成的会话密钥。根据令牌中的预置密钥和会话密钥,可以确定第一密文,进而生成认证码。本领域技术人员可以理解,除预置密钥和会话密钥之外,令牌中还可以包括其他信息,例如激活管理应用112的应用标识、激活管理应用112的版本号、预置密钥用途、预置密钥类型等,本发明对令牌中所包括的具体信息不做限制。According to an embodiment, the authentication code includes a preset key, a first ciphertext, and a first mapping value, wherein the first ciphertext is a cipher generated by encrypting the session key and the terminal device identifier with the preset key. In the text, the first mapping value is a value obtained by using a preset mapping function to map the session key and the terminal device identifier. According to an embodiment, the preset key is one of the configuration information of the
另外,需要说明的是,生成第一密文所采用的加密算法,以及生成第一映射值所采用的映射函数均可以由本领域技术人员自行设置,本发明对此不做限制。例如,生成第一密文所采用的加密算法可以是AES加密算法,生成第一映射值所采用的映射函数可以是哈希算法,但不限于此。In addition, it should be noted that the encryption algorithm used to generate the first ciphertext and the mapping function used to generate the first mapping value can be set by those skilled in the art, which is not limited in the present invention. For example, the encryption algorithm used to generate the first ciphertext may be an AES encryption algorithm, and the mapping function used to generate the first mapping value may be a hash algorithm, but is not limited thereto.
在生成认证码后,将认证码和终端设备标识一并发送至服务端,以便服务端对认证码进行验证,从中恢复出会话密钥,并保证认证码和终端设备标识在传输过程中没有被截获或恶意篡改。根据一种实施例,服务端可以按照以下方法来对认证码进行验证:After the authentication code is generated, the authentication code and the terminal device identification are sent to the server together, so that the server can verify the authentication code, recover the session key from it, and ensure that the authentication code and the terminal device identification are not changed during the transmission process. interception or malicious tampering. According to an embodiment, the server can verify the authentication code according to the following method:
从认证码中读取预置密钥,采用预置密钥来对认证码中的第一密文进行解密,以得到会话密钥和终端设备标识。随后,采用预设的映射函数来计算会话密钥和终端设备标识的第二映射值,若第二映射值与认证码中的第一映射值一致,则认证码验证通过。Read the preset key from the authentication code, and use the preset key to decrypt the first ciphertext in the authentication code to obtain the session key and the terminal device identification. Then, a preset mapping function is used to calculate the second mapping value of the session key and the terminal device identification. If the second mapping value is consistent with the first mapping value in the authentication code, the authentication code verification is passed.
本领域技术人员可以理解,为了使服务端能够对认证码进行验证,需要在终端设备与服务端之间公开某些算法参数,例如生成第一密文所采用的加密算法、生成第一映射值所采用的映射函数等。这些参数可以在终端设备向服务端传输终端设备标识与认证码之前,由终端设备与服务端事先达成一致;也可以将这些参数作为认证码的字段,随认证码一同传输至服务端;等。本发明对终端设备与服务端同步算法参数的具体方法不做限制。Those skilled in the art can understand that in order to enable the server to verify the authentication code, certain algorithm parameters need to be disclosed between the terminal device and the server, such as the encryption algorithm used to generate the first ciphertext, and the first mapping value to be generated. The mapping function used, etc. These parameters can be agreed by the terminal device and the server before the terminal device transmits the terminal device identification and authentication code to the server; these parameters can also be used as the fields of the authentication code and transmitted to the server together with the authentication code; and so on. The present invention does not limit the specific method for synchronizing the algorithm parameters between the terminal device and the server.
表1示出了可信执行环境激活过程中的认证码AuthCode1的一个示例:Table 1 shows an example of the authentication code AuthCode1 in the trusted execution environment activation process:
表1Table 1
表1中,预置密钥为Provisioning Key1,第一密文为Provisioning_Key_Encrypt(Session Key+Dev_FP),即,第一密文为采用预置密钥Provisioning Key1来对会话密钥Session Key和终端设备标识Dev_FP进行加密所得到的密文。第一映射值为Hash_Sha256(Session Key+Dev_FP),即,第一映射值为采用SHA256算法计算出的会话密钥Session Key和终端设备标识Dev_FP的哈希值。In Table 1, the preset key is Provisioning Key1, and the first ciphertext is Provisioning_Key_Encrypt(Session Key+Dev_FP), that is, the first ciphertext is the use of the preset key Provisioning Key1 to identify the session key Session Key and the terminal device identification The ciphertext obtained by Dev_FP encryption. The first mapping value is Hash_Sha256 (Session Key+Dev_FP), that is, the first mapping value is the hash value of the session key Session Key calculated by using the SHA256 algorithm and the terminal device identifier Dev_FP.
本领域技术人员可以理解,在实践中,除表1中所列的字段外,认证码AuthCode1还可以包括其他字段,例如激活管理应用112的应用标识、激活管理应用112的版本号、预置密钥用途、预置密钥类型等,本发明对认证码中所包括的字段的数量及种类均不做限制。Those skilled in the art can understand that, in practice, in addition to the fields listed in Table 1, the authentication code AuthCode1 may also include other fields, such as the application identifier of the
在将表1所示的认证码AuthCode1和终端设备标识Dev_FP发送至服务端后,服务端将对该认证码进行验证:首先,从认证码AuthCode1中读取预置密钥Provisioning Key1。随后,采用Provisioning Key1对第一密文Provisioning_Key_Encrypt(Session Key+Dev_FP)进行解密,以恢复出会话密钥Session Key。最后,采用SHA256算法来计算恢复出的会话密钥Session Key和终端设备标识Dev_FP的哈希值,若该哈希值与AuthCode1中的第一映射值一致,则AuthCode1验证成功。After sending the authentication code AuthCode1 and the terminal device identifier Dev_FP shown in Table 1 to the server, the server will verify the authentication code: first, read the provisioning key Provisioning Key1 from the authentication code AuthCode1. Subsequently, the first ciphertext Provisioning_Key_Encrypt (Session Key+Dev_FP) is decrypted by using Provisioning Key1 to recover the session key Session Key. Finally, the SHA256 algorithm is used to calculate the hash value of the recovered session key Session Key and the terminal device identifier Dev_FP. If the hash value is consistent with the first mapping value in AuthCode1, then AuthCode1 is verified successfully.
随后,在步骤S320中,接收服务端返回的激活信息,激活信息包括加密后的可信身份标识、可信密钥和激活码,其中,可信身份标识、可信密钥与终端设备标识相对应,激活码根据终端设备标识生成。Subsequently, in step S320, the activation information returned by the server is received, and the activation information includes an encrypted trusted identity identifier, a trusted key and an activation code, wherein the trusted identity identifier, the trusted key and the terminal device identifier are the same. Correspondingly, the activation code is generated according to the terminal device identification.
可信身份标识和可信密钥由服务端生成。服务端生成可信身份标识和可信密钥,并将可信身份标识和可信密钥与终端设备标识关联存储。可信身份标识是一个可以代表设备唯一性的字符串,用于唯一标识一个终端设备,且其具备不可篡改、不可伪造、全球唯一的安全属性。可信密钥为根据可信身份标识通过特定算法派生出来的字符串,其用于对与可信身份标识所对应的终端设备相关的关键信息进行加密。Trusted identities and trusted keys are generated by the server. The server generates a trusted ID and a trusted key, and stores the trusted ID and trusted key in association with the terminal device ID. A trusted identity identifier is a string that can represent the uniqueness of a device and is used to uniquely identify a terminal device, and it has the security attributes of untamperable, unforgeable, and globally unique. The trusted key is a character string derived by a specific algorithm according to the trusted identity, and is used to encrypt key information related to the terminal device corresponding to the trusted identity.
激活码根据终端设备标识生成,用于对终端设备的可信执行环境进行激活。根据一种实施例,激活码包括可信执行环境的使用权限信息和校验信息。The activation code is generated according to the terminal device identification, and is used to activate the trusted execution environment of the terminal device. According to an embodiment, the activation code includes usage authority information and verification information of the trusted execution environment.
可信执行环境的使用权限信息用于标记可信执行环境的使用权限。使用权限信息例如可以包括生效时间、失效时间、可用次数等,但不限于此。当使用权限信息包括生效时间、失效时间时,终端设备仅在生效时间~失效时间的时间范围内能够正常使用可信执行环境,在生效时间~失效时间的时间范围之外,终端设备的可信执行环境处于未激活状态,可信执行环境不可用。当使用权限信息包括可用次数时,终端设备仅可以在可用次数以内来调用可信执行环境,若终端设备调用可信执行环境的次数达到可用次数后,可信执行环境将处于未激活状态,可信执行环境不可用。本领域技术人员可以理解,使用权限信息可以进行配置,其可以包括生效时间、失效时间、可用次数中的至少一项,也可以包括除生效时间、失效时间、可用次数之外的其他信息,本发明对使用权限信息所包括的具体内容不做限制。The usage permission information of the trusted execution environment is used to mark the usage permission of the trusted execution environment. The usage authority information may include, for example, an effective time, an expiry time, and available times, etc., but is not limited thereto. When the use authority information includes the effective time and the expiry time, the terminal device can normally use the trusted execution environment only within the time range from the effective time to the expiry time. The execution environment is inactive and the trusted execution environment is not available. When the usage authority information includes the available times, the terminal device can only call the TEE within the available times. If the terminal device calls the TEE for the available times, the TEE will be in an inactive state and can The letter execution environment is not available. Those skilled in the art can understand that the use permission information can be configured, which can include at least one of the effective time, the expiry time, and the available times, and can also include other information except the effective time, the expiry time, and the available times. The invention does not limit the specific content included in the use authority information.
校验信息用于对激活码进行校验,以保证激活码没有被非法篡改。根据一种实施例,校验信息包括采用可信密钥对可信身份标识、使用权限信息、终端设备标识进行加密所生成的密文。本发明对生成校验信息所采用的具体加密算法不做限制,例如,生成校验信息所采用的加密算法例如可以是HMAC(Hash-based Message Authentication Code)算法,但不限于此。The verification information is used to verify the activation code to ensure that the activation code has not been illegally tampered with. According to an embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity identifier, use authority information, and terminal device identifier with a trusted key. The present invention does not limit the specific encryption algorithm used to generate the verification information. For example, the encryption algorithm used to generate the verification information may be, for example, HMAC (Hash-based Message Authentication Code) algorithm, but is not limited thereto.
表2示出了激活码ActiCode的一个示例:Table 2 shows an example of the activation code ActiCode:
表2Table 2
表2中,使用权限信息包括生效时间Stime1、失效时间Etime1和可用次数Times1。校验信息为HMAC(IDkey,Dev_FP+ID+Stime1+Etime1+Times1),即,校验信息为基于HMAC算法,采用可信密钥IDkey对终端设备标识Dev_FP、可信身份标识ID、生效时间Stime1、失效时间Etime1和可用次数Times1进行加密所生成的消息摘要。In Table 2, the use right information includes the effective time Stime1, the expiry time Etime1 and the available times Times1. The verification information is HMAC(IDkey,Dev_FP+ID+Stime1+Etime1+Times1), that is, the verification information is based on the HMAC algorithm, using the trusted key IDkey to identify the terminal equipment Dev_FP, trusted identity ID, effective time Stime1 , the expiration time Etime1 and the available times Times1 to encrypt the message digest generated.
本领域技术人员可以理解,在实践中,除表2中所列的字段外,激活码ActiCode还可以包括其他字段,例如采用可信密钥IDkey对激活码ActiCode进行加密所采用的算法、用于验证可信密钥IDkey是否被篡改的密钥校验值KCV(Key Checksum Value)、以及生成密钥校验值KCV的算法,等等,本发明对激活码中所包括的字段的数量及种类均不做限制。Those skilled in the art can understand that, in practice, in addition to the fields listed in Table 2, the activation code ActiCode may also include other fields, such as the algorithm used to encrypt the activation code ActiCode using the trusted key IDkey, for The key check value KCV (Key Checksum Value) for verifying whether the trusted key IDkey has been tampered with, and the algorithm for generating the key check value KCV, etc. are not restricted.
在步骤S320中,激活信息包括加密后的可信身份标识、可信密钥和激活码。根据一种实施例,激活信息可以按照以下步骤生成:采用可信密钥对激活码进行加密,以生成激活码密文;采用会话密钥对可信身份标识、可信密钥、激活码密文进行加密,以生成激活信息。会话密钥由终端设备与服务端事先确定,例如,会话密钥可以在终端设备向服务端传输终端设备标识与认证码之前,由终端设备与服务端事先达成一致;又例如,参见表1,会话密钥Session Key可以隐含于认证码AuthCode1中,传递至服务端;等。本发明对会话密钥的生成及会话密钥在终端设备与服务端之间的传递方法均不做限制。此外,生成激活码密文以及生成激活信息所采用的加密算法可以是任意加密算法,本发明对此亦不做限制。In step S320, the activation information includes an encrypted trusted identity identifier, a trusted key and an activation code. According to an embodiment, the activation information may be generated according to the following steps: encrypting the activation code with a trusted key to generate an activation code ciphertext; The text is encrypted to generate activation information. The session key is determined in advance by the terminal device and the server. For example, the session key can be agreed upon by the terminal device and the server before the terminal device transmits the terminal device identification and authentication code to the server; for another example, see Table 1, The session key Session Key can be implied in the authentication code AuthCode1 and passed to the server; etc. The present invention does not limit the generation of the session key and the transmission method of the session key between the terminal device and the server. In addition, the encryption algorithm used to generate the activation code ciphertext and the activation information may be any encryption algorithm, which is not limited in the present invention.
以表1、表2为例,激活信息的生成步骤如下:首先,采用可信密钥IDkey对激活码ActiCode进行加密,生成激活码密文ActiCode’。随后,采用从认证码AuthCode1中确定的会话密钥Session Key来对可信身份标识ID、可信密钥IDkey、激活码密文ActiCode’进行加密,生成激活信息。Taking Table 1 and Table 2 as examples, the generation steps of the activation information are as follows: first, use the trusted key IDkey to encrypt the activation code ActiCode, and generate the activation code ciphertext ActiCode'. Then, use the session key Session Key determined from the authentication code AuthCode1 to encrypt the trusted identity ID, trusted key IDkey, and activation code ciphertext ActiCode' to generate activation information.
在步骤S320接收到激活信息后,执行步骤S330。After the activation information is received in step S320, step S330 is executed.
在步骤S330中,对激活信息进行解密,以得到可信身份标识、可信密钥和激活码。In step S330, the activation information is decrypted to obtain a trusted identity identifier, a trusted key and an activation code.
对激活信息进行解密的过程与服务端加密生成激活信息的过程相反。根据一种实施例,按照以下步骤对激活信息进行解密:首先,采用会话密钥对激活信息进行解密,以得到可信身份标识、可信密钥和激活码密文;随后,采用可信密钥对激活码密文进行解密,以得到激活码。The process of decrypting the activation information is opposite to the process of encrypting and generating the activation information by the server. According to an embodiment, the activation information is decrypted according to the following steps: first, the activation information is decrypted by using the session key to obtain the trusted identity identifier, the trusted key and the activation code ciphertext; then, the trusted encryption is used to decrypt the activation information. The key decrypts the activation code ciphertext to obtain the activation code.
以表2为例,激活信息的解密过程如下:首先,采用会话密钥Session Key来对激活信息进行解密,以得到可信身份标识ID、可信密钥IDkey、激活码密文ActiCode’。随后,采用可信密钥IDkey来对激活码密文ActiCode’进行解密,以得到激活码ActiCode。Taking Table 2 as an example, the decryption process of the activation information is as follows: First, use the session key Session Key to decrypt the activation information to obtain the trusted identity ID, trusted key IDkey, and activation code ciphertext ActiCode'. Then, use the trusted key IDkey to decrypt the activation code ciphertext ActiCode' to obtain the activation code ActiCode.
在步骤S330得到可信身份标识、可信密钥和激活码后,执行步骤S340。After obtaining the trusted identity identifier, trusted key and activation code in step S330, step S340 is executed.
在步骤340中,将可信身份标识、可信密钥和激活码加密存储至安全存储空间。安全存储空间中的数据只能被可信执行环境中的激活管理应用112读取,保证了其中的数据不会被非法获取以及篡改。In step 340, the trusted identity identifier, the trusted key and the activation code are encrypted and stored in a secure storage space. The data in the secure storage space can only be read by the
根据一种实施例,在步骤S330中得到可信身份标识、可信密钥和激活码后,不是直接将可信身份标识、可信密钥和激活码直接加密存储至安全存储空间,而是先根据终端设备标识来验证激活码,以保证激活信息在服务端与终端设备的传输过程中没有被非法篡改。在激活码验证通过后,再将可信身份标识、可信密钥和激活码加密存储至安全存储空间。According to an embodiment, after obtaining the trusted ID, trusted key and activation code in step S330, instead of directly encrypting and storing the trusted ID, trusted key and activation code in the secure storage space, The activation code is first verified according to the terminal device identification to ensure that the activation information has not been illegally tampered with during the transmission process between the server and the terminal device. After the activation code verification is passed, the trusted identity identifier, the trusted key and the activation code are encrypted and stored in a secure storage space.
根据一种实施例,可以按照以下步骤来验证激活码:采用可信密钥对可信身份标识、使用权限信息、终端设备标识进行加密,生成第二密文;若第二密文与激活码中的校验信息一致,则激活码验证通过。According to an embodiment, the activation code can be verified according to the following steps: using a trusted key to encrypt the trusted identity identifier, use authority information, and terminal device identifier to generate a second ciphertext; if the second ciphertext and the activation code If the verification information is consistent, the activation code verification is passed.
以表2为例,激活码ActiCode的验证过程如下:获取终端设备标识Dev_FP(例如通过终端设备的生产厂商所提供的数据接口获取)。基于HMAC算法,采用可信密钥IDkey对终端设备标识Dev_FP、可信身份标识ID、生效时间Stime1、失效时间Etime1和可用次数Times1进行加密,生成第二密文。若第二密文与激活码中的校验信息一致,则激活码验证通过。否则,则验证未通过。Taking Table 2 as an example, the verification process of the activation code ActiCode is as follows: Obtain the terminal device identifier Dev_FP (for example, through the data interface provided by the manufacturer of the terminal device). Based on the HMAC algorithm, the trusted key IDkey is used to encrypt the terminal device identifier Dev_FP, the trusted identity identifier ID, the valid time Stime1, the invalidation time Etime1 and the available times Times1 to generate the second ciphertext. If the second ciphertext is consistent with the verification information in the activation code, the activation code verification is passed. Otherwise, the verification fails.
在将可信身份标识、可信密钥和激活码加密存储至安全存储空间111后,终端设备的可信执行环境激活完成。安全存储空间111中的可信身份标识、可信密钥、激活码均仅能由可信执行环境中的激活管理应用112读取。After the trusted identity identifier, trusted key and activation code are encrypted and stored in the
图4示出了根据本发明一个实施例的可信执行环境的激活过程的示意图。图4中,安全存储空间111、激活管理应用112、接口应用113均位于终端设备110中,激活管理应用112为可信执行环境中的可信应用,接口应用113为富执行环境中的普通应用。FIG. 4 shows a schematic diagram of an activation process of a trusted execution environment according to an embodiment of the present invention. In FIG. 4, the
在步骤S401中,用户通过接口应用113来触发激活管理应用112进行可信执行环境的激活验证。In step S401, the user triggers the
在步骤S402和S403中,激活管理应用112从安全存储空间111中读取可信执行环境的激活码ActiCode,对ActiCode进行验证,并在步骤S404中将验证结果发送给接口应用113。若安全存储空间111中未存储有ActiCode或激活管理应用112对ActiCode验证失败,则在步骤S404中,激活管理应用112将向接口应用113返回可信执行环境未激活的结果。随后,执行步骤S405。In steps S402 and S403, the
在步骤S405中,接口应用113触发激活管理应用112来对可信执行环境进行激活。In step S405, the
在步骤S406中,激活管理应用112通过终端设备厂商提供的接口获取终端设备标识Dev_FP,获取预置密钥Provisioning Key1,并生成会话密钥Session Key。In step S406, the
在步骤S407中,激活管理应用112根据终端设备标识Dev_FP来生成认证码AuthCode1,如前述表1所示,AuthCode1包括预置密钥Provisioning Key1、第一密文Provisioning_Key_Encrypt(Session Key+Dev_FP)、以及第一映射值Hash_Sha256(Session Key+Dev_FP)。In step S407, the
在步骤S408中,激活管理应用112将终端设备标识Dev_FP和认证码AuthCode1发送至接口应用113。In step S408 , the
在步骤S409中,接口应用113将终端设备标识Dev_FP和认证码AuthCode1发送至服务端120。In step S409 , the
在步骤S410中,服务端120对认证码AuthCode1进行验证:首先,从认证码AuthCode1中读取预置密钥Provisioning Key1。随后,采用Provisioning Key1对第一密文Provisioning_Key_Encrypt(Session Key+Dev_FP)进行解密,以恢复出会话密钥SessionKey。最后,采用SHA256算法来计算恢复出的会话密钥Session Key和终端设备标识Dev_FP的哈希值,若该哈希值与AuthCode1中的第一映射值一致,则AuthCode1验证成功。随后,执行步骤S411。In step S410, the
在步骤S411中,服务端120生成可信身份标识ID和可信密钥IDkey,并将可信身份标识ID和可信密钥IDkey与终端设备标识Dev_FP关联存储。In step S411, the
在步骤S412中,服务端120根据终端设备标识Dev_FP生成激活码ActiCode,如表2所示,ActiCode包括生效时间Stime1、失效时间Etime1、可用次数Times1和校验信息HMAC(IDkey,Dev_FP+ID+Stime1+Etime1+Times1)。采用可信密钥IDkey对激活码ActiCode进行加密,生成激活码密文ActiCode’;采用会话密钥Session Key来对可信身份标识ID、可信密钥IDkey、激活码密文ActiCode’进行加密,生成激活信息。In step S412, the
在步骤S413中,服务端120将激活信息发送至接口应用113。In step S413 , the
在步骤S414中,接口应用113将激活信息发送至激活管理应用112。In step S414, the
在步骤S415中,激活管理应用112采用会话密钥Session Key来对激活信息进行解密,以得到可信身份标识ID、可信密钥IDkey、激活码密文ActiCode’。随后,采用可信密钥IDkey来对激活码密文ActiCode’进行解密,以得到激活码ActiCode。In step S415, the
在步骤S416中,激活管理应用112通过终端设备的生产厂商所提供的数据接口获取终端设备标识Dev_FP。基于HMAC算法,采用可信密钥IDkey对终端设备标识Dev_FP、可信身份标识ID、生效时间Stime1、失效时间Etime1和可用次数Times1进行加密,生成第二密文。若第二密文与激活码中的校验信息一致,则激活码验证通过,执行步骤S417。In step S416, the
在步骤S417和S418中,激活管理应用112将可信身份标识ID、可信密钥IDkey和激活码ActiCode加密存储至安全存储空间111,可信执行环境激活成功。In steps S417 and S418, the
在步骤S419中,激活管理应用112将可信执行环境激活成功的结果反馈至接口应用113。In step S419 , the
图5示出了根据本发明一个实施例的可信执行环境的激活方法500的流程图。方法500在服务端(例如图1所示的服务端120)中执行,与前述在终端设备中执行的方法300相对应。如图5所示,方法500始于步骤S510。FIG. 5 shows a flowchart of a
在步骤S510中,接收终端设备发送的终端设备标识。In step S510, the terminal device identifier sent by the terminal device is received.
由于激活管理应用112不可直接与服务端进行通信,而需要经由富执行环境中的接口应用113来与服务端进行通信,因此,在步骤S510中,服务端从接口应用113处接收终端设备标识。Since the
根据一种实施例,在步骤S510中,除了接收终端设备标识之外,还接收终端设备发送的认证码,认证码根据终端设备标识生成。对认证码进行验证,在认证码验证通过后,再执行步骤S520,根据终端设备标识生成激活码。According to an embodiment, in step S510, in addition to receiving the terminal device identification, an authentication code sent by the terminal device is also received, and the authentication code is generated according to the terminal device identification. The authentication code is verified, and after the verification of the authentication code is passed, step S520 is performed to generate an activation code according to the terminal device identifier.
根据一种实施例,认证码包括预置密钥、第一密文和第一映射值,其中,第一密文为采用预置密钥对会话密钥和终端设备标识进行加密所生成的密文,第一映射值为采用预设的映射函数对会话密钥和终端设备标识进行映射所得到的值。相应地,服务端可以按照以下方法来对认证码进行验证:从认证码中读取预置密钥,采用预置密钥来对认证码中的第一密文进行解密,以得到会话密钥和终端设备标识。随后,采用预设的映射函数来计算会话密钥和终端设备标识的第二映射值,若第二映射值与认证码中的第一映射值一致,则认证码验证通过。According to an embodiment, the authentication code includes a preset key, a first ciphertext, and a first mapping value, wherein the first ciphertext is a cipher generated by encrypting the session key and the terminal device identifier with the preset key. In the text, the first mapping value is a value obtained by using a preset mapping function to map the session key and the terminal device identifier. Correspondingly, the server can verify the authentication code according to the following method: read the preset key from the authentication code, and use the preset key to decrypt the first ciphertext in the authentication code to obtain the session key and terminal equipment identification. Then, a preset mapping function is used to calculate the second mapping value of the session key and the terminal device identification. If the second mapping value is consistent with the first mapping value in the authentication code, the authentication code verification is passed.
认证码的生成及验证的具体实施步骤可以参考前述步骤S310的相关描述,此处不再赘述。For the specific implementation steps of the generation and verification of the authentication code, reference may be made to the relevant description of the foregoing step S310, which will not be repeated here.
随后,在步骤S520中,生成与终端设备标识相对应的可信身份标识和可信密钥,以及根据终端设备标识生成激活码。Subsequently, in step S520, a trusted identity identifier and a trusted key corresponding to the terminal device identifier are generated, and an activation code is generated according to the terminal device identifier.
可信身份标识用于唯一标识一个终端设备,且其具备不可篡改、不可伪造、全球唯一的安全属性。可信密钥为与可信身份标识相对应的密钥,其用于对关键信息进行加密。服务端可以按照任意算法来生成可信身份标识和可信密钥,本发明对生成可信身份标识和可信密钥所采用的具体算法不做限制。在生成可信身份标识和可信密钥后,将可信身份标识和可信密钥关联存储。The trusted identity identifier is used to uniquely identify a terminal device, and it has the security properties of being untamperable, unforgeable, and globally unique. A trusted key is a key corresponding to a trusted identity, which is used to encrypt key information. The server can generate the trusted identity mark and the trusted key according to any algorithm, and the present invention does not limit the specific algorithm used to generate the trusted identity mark and the trusted key. After the trusted identity and the trusted key are generated, the trusted identity and the trusted key are stored in association.
激活码根据终端设备标识生成,用于对终端设备的可信执行环境进行激活。根据一种实施例,激活码包括可信执行环境的使用权限信息和校验信息。The activation code is generated according to the terminal device identification, and is used to activate the trusted execution environment of the terminal device. According to an embodiment, the activation code includes usage authority information and verification information of the trusted execution environment.
可信执行环境的使用权限信息用于标记可信执行环境的使用权限。使用权限信息例如可以包括生效时间、失效时间、可用次数等,但不限于此。The usage permission information of the trusted execution environment is used to mark the usage permission of the trusted execution environment. The usage authority information may include, for example, an effective time, an expiry time, and available times, etc., but is not limited thereto.
校验信息用于对激活码进行校验,以保证激活码没有被非法篡改。根据一种实施例,校验信息包括采用可信密钥对可信身份标识、使用权限信息、终端设备标识进行加密所生成的密文。本发明对生成校验信息所采用的具体加密算法不做限制,例如,生成校验信息所采用的加密算法例如可以是HMAC算法,但不限于此。激活码ActiCode的一个示例可以参考前述表2,此处不再赘述。The verification information is used to verify the activation code to ensure that the activation code has not been illegally tampered with. According to an embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity identifier, use authority information, and terminal device identifier with a trusted key. The present invention does not limit the specific encryption algorithm used to generate the verification information. For example, the encryption algorithm used to generate the verification information may be, for example, an HMAC algorithm, but is not limited thereto. For an example of the activation code ActiCode, reference may be made to the foregoing Table 2, which will not be repeated here.
随后,在步骤S530中,对可信身份标识、可信密钥和激活码进行加密以生成激活信息。Then, in step S530, the trusted identity identifier, the trusted key and the activation code are encrypted to generate activation information.
根据一种实施例,采用可信密钥对激活码进行加密,以生成激活码密文;采用会话密钥对可信身份标识、可信密钥、激活码密文进行加密,以生成激活信息。激活信息的具体生成步骤可以参考前述对步骤S320的相关描述,此处不再赘述。According to an embodiment, the activation code is encrypted with a trusted key to generate the activation code ciphertext; the trusted identity identifier, the trusted key and the activation code ciphertext are encrypted with the session key to generate the activation information . For the specific steps of generating the activation information, reference may be made to the foregoing description of step S320, which is not repeated here.
随后,在步骤S540中,将激活信息发送至终端设备,以便终端设备:对激活信息进行解密以得到可信身份标识、可信密钥和激活码,以及将可信身份标识、可信密钥和激活码加密存储至安全存储空间。Subsequently, in step S540, the activation information is sent to the terminal device, so that the terminal device: decrypts the activation information to obtain the trusted identity identifier, trusted key and activation code, and sends the trusted identity identifier, trusted key And the activation code is encrypted and stored in a secure storage space.
步骤S540的具体实施过程可以参考前述步骤S330、340的相关描述,此处不再赘述。For the specific implementation process of step S540, reference may be made to the relevant descriptions of the foregoing steps S330 and 340, which will not be repeated here.
富执行环境中的普通应用可以调用可信执行环境中的可信应用。当可信应用被调用时,该被调用的可信应用将进一步调用激活管理应用112,以触发可信执行环境的激活验证。Common applications in the rich execution environment can call trusted applications in the trusted execution environment. When the trusted application is invoked, the invoked trusted application will further invoke the
图6示出了根据本发明一个实施例的可信执行环境的激活验证方法600的流程图。方法600在终端设备的可信执行环境中执行,例如,由可信执行环境中的激活管理应用112来执行。如图6所示,方法600始于步骤S610。FIG. 6 shows a flowchart of a
在步骤S610中,获取可信身份标识、可信密钥和可信执行环境的激活码,激活码包括可信执行环境的使用权限信息和校验信息,校验信息包括采用可信密钥对可信身份标识、使用权限信息、终端设备标识进行加密所生成的密文。In step S610, obtain a trusted identity identifier, a trusted key, and an activation code of the trusted execution environment, where the activation code includes the use authority information and verification information of the trusted execution environment, and the verification information includes the use of a trusted key pair The ciphertext generated by the encryption of the trusted identity identifier, use permission information, and terminal device identifier.
根据一种实施例,激活管理应用112从安全存储空间111中读取可信身份标识ID、可信密钥IDkey和可信执行环境的激活码ActiCode。激活码ActiCode进一步包括使用权限信息,例如,如表2所示,激活码ActiCode,包括生效时间Stime1、失效时间Etime1和可用次数Times1三项使用权限信息,以及校验信息HMAC(IDkey,Dev_FP+ID+Stime1+Etime1+Times1)。校验信息为基于HMAC算法,采用可信密钥IDkey对终端设备标识Dev_FP、可信身份标识ID、生效时间Stime1、失效时间Etime1和可用次数Times1进行加密所生成的消息摘要。According to an embodiment, the
随后,在步骤S620中,获取终端设备标识,采用可信密钥对可信身份标识、使用权限信息、终端设备标识进行加密,生成第三密文。Then, in step S620, the terminal device identification is obtained, and the trusted identification, usage authority information, and terminal device identification are encrypted with a trusted key to generate a third ciphertext.
根据一种实施例,通过终端设备的生产厂商所提供的数据接口获取终端设备标识Dev_FP,基于HMAC算法,采用可信密钥IDkey对可信身份标识ID、生效时间Stime1、失效时间Etime1、可用次数Times1和终端设备标识Dev_FP进行加密,生成第三密文。According to an embodiment, the terminal equipment identifier Dev_FP is obtained through the data interface provided by the manufacturer of the terminal equipment, and based on the HMAC algorithm, the trusted identifier ID, the effective time Stime1, the expiry time Etime1, and the available times are determined by using the trusted key IDkey. Times1 and the terminal device identifier Dev_FP are encrypted to generate the third ciphertext.
随后,在步骤S630中,若第三密文与校验信息一致,且终端设备当前的使用环境与使用权限信息匹配,则可信执行环境激活成功。Subsequently, in step S630, if the third ciphertext is consistent with the verification information, and the current use environment of the terminal device matches the use authority information, the trusted execution environment is successfully activated.
例如,使用权限信息包括生效时间、失效时间和可用次数,相应地,终端设备当前的使用环境包括时间、已用次数等信息。若终端设备当前的时间在生效时间~失效时间的范围内,且已用次数小于等于可用次数,则终端设备当前的使用环境与使用权限信息匹配。For example, the use right information includes the effective time, the expiry time, and the available times. Correspondingly, the current use environment of the terminal device includes information such as time, used times, and the like. If the current time of the terminal device is within the range from the effective time to the expiry time, and the used times is less than or equal to the available times, the current use environment of the terminal device matches the use permission information.
图7示出了根据本发明一个实施例的可信执行环境的激活验证过程的示意图。图7中,安全存储空间111、激活管理应用112、第一可信应用115、第一普通应用114均位于终端设备110中,激活管理应用112、第一可信应用115为可信执行环境中的可信应用,第一普通应用114为富执行环境中的普通应用。FIG. 7 shows a schematic diagram of an activation verification process of a trusted execution environment according to an embodiment of the present invention. In FIG. 7, the
在步骤S701中,第一普通应用114向第一可信应用115发起调用请求。In step S701 , the first common application 114 initiates a call request to the first
在步骤S702中,第一可信应用115触发激活管理应用112进行可信执行环境的激活验证。In step S702, the first
在步骤S703和S704中,激活管理应用112从安全存储空间111中读取可信身份标识ID、可信密钥IDkey和可信执行环境的激活码ActiCode。如表2所示,ActiCode包括生效时间Stime1、失效时间Etime1、可用次数Times1和校验信息HMAC(IDkey,Dev_FP+ID+Stime1+Etime1+Times1)。In steps S703 and S704 , the
在步骤S705中,激活管理应用112通过终端设备的生产厂商所提供的数据接口获取终端设备标识Dev_FP。基于HMAC算法,采用可信密钥IDkey对可信身份标识ID、生效时间Stime1、失效时间Etime1、可用次数Times1和终端设备标识Dev_FP进行加密,生成第三密文。若第三密文与激活码中的校验信息一致,则激活码验证通过,可信执行环境已激活。In step S705, the
在步骤S706中,激活管理应用112将可信执行环境已激活的结果发送至第一可信应用115。In step S706 , the
在步骤S707中,第一可信应用115执行第一普通应用114所请求的调用。In step S707 , the first
在步骤S708中,第一可信应用115将调用结果返回给第一普通应用114。In step S708 , the first
在可信执行环境已激活的基础上,可信执行环境可以向终端设备110的其他应用提供应用激活及激活验证服务,从而保证其他应用的安全。On the basis that the trusted execution environment has been activated, the trusted execution environment may provide application activation and activation verification services to other applications of the terminal device 110, thereby ensuring the security of other applications.
图8示出了根据本发明一个实施例的基于可信执行环境的应用激活方法800的流程图。方法800在终端设备的可信执行环境中执行,例如,由可信执行环境中的激活管理应用112来执行。方法200可用于激活富执行环境中的普通应用,例如图2中所示的第二普通应用116。如图8所示,方法800始于步骤S810。FIG. 8 shows a flowchart of a
在步骤S810中,将终端设备的可信身份标识发送至服务端。In step S810, the trusted identity of the terminal device is sent to the server.
可信身份标识存储于终端设备的安全存储空间111中,其仅能被可信执行环境中的特定可信应用,例如激活管理应用112读取。激活管理应用112获取可信身份标识后,通过富执行环境中的待激活的应用(例如图2中的第二普通应用116)将可信身份标识发送至服务端120。The trusted identity is stored in the
根据一种实施例,在将可信身份标识发送至服务端之前,需要先验证可信执行环境是否激活成功;在可信执行环境激活成功的情况下,再将终端设备的可信身份标识发送至服务端。According to an embodiment, before sending the trusted identity to the server, it is necessary to verify whether the trusted execution environment is successfully activated; if the trusted execution environment is successfully activated, the trusted identity of the terminal device is sent to the server. to the server.
具体地,可以按照前述方法600所示的步骤来验证可信执行环境是否激活成功。若可信执行环境激活成功,则可信执行环境可用,可以基于可信执行环境来对待激活的应用进行激活。若可信执行环境激活失败,则可信执行环境不可用,这时,需要先执行前述方法300来激活可信执行环境,在可信执行环境激活后,才可以执行本发明的方法800。Specifically, the steps shown in the foregoing
根据一种实施例,步骤S810除了将可信身份标识发送至服务端之外,还根据可信身份标识生成认证码,将认证码与可信身份标识一并发送至服务端,以便服务端对认证码进行验证,在认证码验证通过后,根据可信身份标识来生成注册码。According to an embodiment, in step S810, in addition to sending the trusted identity to the server, an authentication code is also generated according to the trusted identity, and the authentication code and the trusted identity are sent to the server, so that the server can verify the The authentication code is verified, and after the authentication code verification is passed, the registration code is generated according to the trusted identity identifier.
根据一种实施例,认证码包括预置密钥、第四密文和第三映射值,其中,第四密文为采用预置密钥对可信身份标识进行加密所生成的密文,第三映射值为采用预设的映射函数对可信身份标识进行映射所得到的值。根据一种实施例,预置密钥是激活管理应用112的配置信息之一,相应地,预置密钥的值可以从激活管理应用的配置信息中读取。根据一种实施例,当激活管理应用112与服务端通信时,激活管理应用112将生成用于本次通信的令牌(Token),该令牌包括从配置信息中读取的预置密钥。根据令牌中的预置密钥,可以确定第四密文,进而生成认证码。本领域技术人员可以理解,除预置密钥和会话密钥之外,令牌中还可以包括其他信息,例如激活管理应用112的应用标识、激活管理应用112的版本号、预置密钥用途、预置密钥类型等,本发明对令牌中所包括的具体信息不做限制。According to an embodiment, the authentication code includes a preset key, a fourth ciphertext, and a third mapping value, wherein the fourth ciphertext is a ciphertext generated by encrypting the trusted identity with the preset key, and the third The three mapping values are values obtained by using a preset mapping function to map the trusted identity identifier. According to an embodiment, the preset key is one of the configuration information of the
另外,需要说明的是,生成第四密文所采用的加密算法,以及生成第三映射值所采用的映射函数均可以由本领域技术人员自行设置,本发明对此不做限制。例如,生成第四密文所采用的加密算法可以是AES加密算法,生成第三映射值所采用的映射函数可以是哈希算法,但不限于此。In addition, it should be noted that the encryption algorithm used to generate the fourth ciphertext and the mapping function used to generate the third mapping value can be set by those skilled in the art, which is not limited in the present invention. For example, the encryption algorithm used to generate the fourth ciphertext may be the AES encryption algorithm, and the mapping function used to generate the third mapping value may be a hash algorithm, but is not limited thereto.
在生成认证码后,将认证码和可信身份标识一并发送至服务端,以便服务端对认证码进行验证,保证认证码和可信身份标识在传输过程中没有被篡改。根据一种实施例,服务端可以按照以下方法来对认证码进行验证:After the authentication code is generated, the authentication code and the trusted identity identifier are sent to the server together, so that the server can verify the authentication code and ensure that the authentication code and the trusted identity identifier have not been tampered with during the transmission process. According to an embodiment, the server can verify the authentication code according to the following method:
从认证码中读取预置密钥,采用预置密钥对第四密文进行解密以得到可信身份标识,采用预设的映射函数来计算可信身份标识的第四映射值,若第四映射值与认证码中的第三映射值一致,则认证码验证通过。Read the preset key from the authentication code, use the preset key to decrypt the fourth ciphertext to obtain the trusted identity, and use the preset mapping function to calculate the fourth mapping value of the trusted identity. The four mapping values are consistent with the third mapping value in the authentication code, and the authentication code verification is passed.
表3示出了基于可信执行环境的应用激活过程中的认证码AuthCode2的一个示例:Table 3 shows an example of the authentication code AuthCode2 in the application activation process based on the trusted execution environment:
表3table 3
表3中,预置密钥为Provisioning Key2,第四密文为Provisioning_Key_Encrypt(ID),即,第四密文为采用预置密钥Provisioning Key2来对可信身份标识ID进行加密所得到的密文。第三映射值为Hash_Sha256(ID),即,第三映射值为采用SHA256算法计算出的可信身份标识ID的哈希值。In Table 3, the preset key is Provisioning Key2, and the fourth ciphertext is Provisioning_Key_Encrypt(ID), that is, the fourth ciphertext is the ciphertext obtained by encrypting the trusted identity ID by using the preset key Provisioning Key2 . The third mapping value is Hash_Sha256(ID), that is, the third mapping value is the hash value of the trusted identity ID calculated by using the SHA256 algorithm.
本领域技术人员可以理解,在实践中,除表3中所列的字段外,认证码AuthCode2还可以包括其他字段,例如激活管理应用112的应用标识、激活管理应用112的版本号、预置密钥用途、预置密钥类型等,本发明对认证码中所包括的字段的数量及种类均不做限制。Those skilled in the art can understand that, in practice, in addition to the fields listed in Table 3, the authentication code AuthCode2 may also include other fields, such as the application ID of the
在将表3中所示的认证码AuthCode2发送至服务端后,服务端将对该认证码进行验证:首先,从认证码AuthCode2中读取预置密钥Provisioning Key2。随后,采用Provisioning Key2对第四密文Provisioning_Key_Encrypt(ID)进行解密,以得到可信身份标识ID。最后,采用SHA256算法来计算可信身份标识ID的哈希值,若该哈希值与AuthCode2中的第三映射值一致,则AuthCode2验证成功。After sending the authentication code AuthCode2 shown in Table 3 to the server, the server will verify the authentication code: first, read the provisioning key Provisioning Key2 from the authentication code AuthCode2. Then, use Provisioning Key2 to decrypt the fourth ciphertext Provisioning_Key_Encrypt(ID) to obtain a trusted identity ID. Finally, the SHA256 algorithm is used to calculate the hash value of the trusted identity ID. If the hash value is consistent with the third mapping value in AuthCode2, the verification of AuthCode2 is successful.
随后,在步骤S820中,接收服务端返回的注册信息,注册信息包括采用可信身份标识所对应的可信密钥加密后的注册码,注册码根据可信身份标识生成。Subsequently, in step S820, the registration information returned by the server is received, where the registration information includes a registration code encrypted with a trusted key corresponding to the trusted identity, and the registration code is generated according to the trusted identity.
注册码根据可信身份标识生成,用于对待激活的应用进行激活。根据一种实施例,注册码包括待激活的应用的使用权限信息和校验信息。The registration code is generated according to the trusted identity, and is used to activate the application to be activated. According to an embodiment, the registration code includes usage permission information and verification information of the application to be activated.
应用的使用权限信息用于标记该应用的使用权限。使用权限信息例如可以包括生效时间、失效时间、可用次数等,但不限于此。当使用权限信息包括生效时间、失效时间时,用户仅在生效时间~失效时间的时间范围内能够正常使用该应用,在生效时间~失效时间的时间范围之外,该应用不可用。当使用权限信息包括可用次数时,用户仅可以在可用次数以内来使用该应用,若用户使用该应用的次数达到可用次数后,该应用不再可用。本领域技术人员可以理解,使用权限信息可以进行配置,其可以包括生效时间、失效时间、可用次数中的至少一项,也可以包括除生效时间、失效时间、可用次数之外的其他信息,本发明对应用的使用权限信息所包括的具体内容不做限制。The usage permission information of the application is used to mark the usage permission of the application. The usage authority information may include, for example, an effective time, an expiry time, and available times, etc., but is not limited thereto. When the use permission information includes the effective time and the expiry time, the user can use the application normally only within the time range from the effective time to the expiry time, and the application is unavailable outside the time range from the effective time to the expiry time. When the usage permission information includes the available times, the user can only use the application within the available times, and if the user uses the application for the available times, the application is no longer available. Those skilled in the art can understand that the use permission information can be configured, which can include at least one of the effective time, the expiry time, and the available times, and can also include other information except the effective time, the expiry time, and the available times. The invention does not limit the specific content included in the usage authority information of the application.
校验信息用于对注册码进行校验,以保证注册码没有被非法篡改。根据一种实施例,校验信息包括采用可信密钥对可信身份标识和使用权限信息进行加密所生成的密文。本发明对生成校验信息所采用的具体加密算法不做限制,例如,生成校验信息所采用的加密算法例如可以是HMAC(Hash-based Message Authentication Code)算法,但不限于此。The verification information is used to verify the registration code to ensure that the registration code has not been illegally tampered with. According to an embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity identifier and the usage authority information with a trusted key. The present invention does not limit the specific encryption algorithm used to generate the verification information. For example, the encryption algorithm used to generate the verification information may be, for example, HMAC (Hash-based Message Authentication Code) algorithm, but is not limited thereto.
表4示出了注册码License的一个示例:Table 4 shows an example of the registration code License:
表4Table 4
表4中,应用的使用权限信息包括生效时间Stime2、失效时间Etime2和可用次数Times2。校验信息为HMAC(IDkey,ID+Stime2+Etime2+Times2),即,校验信息为基于HMAC算法,采用可信密钥IDkey对可信身份标识ID、生效时间Stime2、失效时间Etime2和可用次数Times2进行加密所生成的消息摘要。In Table 4, the usage permission information of the application includes the effective time Stime2, the expiry time Etime2 and the available times Times2. The verification information is HMAC (IDkey, ID+Stime2+Etime2+Times2), that is, the verification information is based on the HMAC algorithm, using the trusted key IDkey to identify the trusted identity ID, valid time Stime2, invalidation time Etime2 and available times The message digest generated by Times2 encryption.
在步骤S820中,注册信息包括采用可信身份标识所对应的可信密钥加密后的注册码。即,服务端首先确定可信身份标识所对应的可信密钥,随后,采用可信密钥对注册码进行加密,生成注册信息。In step S820, the registration information includes the registration code encrypted with the trusted key corresponding to the trusted identity identifier. That is, the server first determines the trusted key corresponding to the trusted identity, and then uses the trusted key to encrypt the registration code to generate registration information.
需要说明的是,方法800中将注册码加密生成注册信息的过程与方法300中将激活码加密生成激活信息的过程略有不同。在方法300中,激活码经过了可信密钥、会话密钥的双重加密;在方法800中,注册码仅经过可信密钥的单重加密。这是因为,在方法300中,可信密钥为初次生成,需要将可信密钥随激活码一同发送至终端设备。而为了保证可信密钥不被截获、篡改,在采用可信密钥对激活码进行加密后,还需要采用会话密钥来对可信密钥加密,使可信密钥对外部不可见。在方法800中,可信密钥未进行传输,而仅分别存储于终端设备和服务端,即使其他设备监听到终端设备与服务端之间传输的注册信息,由于无法获取到可信密钥,其也无法对注册信息进行解密以获取注册码。因此,在方法800中,仅采用可信密钥对注册码进行单重加密即可保证注册码的安全,无需再用会话密钥进行二次加密。It should be noted that the process of encrypting the registration code to generate registration information in the
随后,在步骤S830中,采用可信密钥对注册信息进行解密,以得到注册码。Subsequently, in step S830, the registration information is decrypted by using the trusted key to obtain the registration code.
随后,在步骤S840中,将注册码加密存储至安全存储空间。安全存储空间中的数据只能被可信执行环境中的激活管理应用112读取,保证了其中的数据不会被非法获取以及篡改。Then, in step S840, the registration code is encrypted and stored in a secure storage space. The data in the secure storage space can only be read by the
根据一种实施例,在步骤S830中得到注册码后,不是直接将注册码加密存储至安全存储空间,而是先根据可信身份标识来验证注册码,以保证注册信息在服务端与终端设备的传输过程中没有被非法篡改。在注册码验证通过后,再将注册码加密存储至安全存储空间。According to an embodiment, after obtaining the registration code in step S830, instead of directly encrypting the registration code and storing it in the secure storage space, the registration code is first verified according to the trusted identity identifier, so as to ensure that the registration information is stored on the server and the terminal device. The transmission process has not been illegally tampered with. After the registration code is verified, the registration code is encrypted and stored in a safe storage space.
根据一种实施例,可以按照以下步骤来验证注册码:采用可信密钥对可信身份标识、使用权限信息进行加密,生成第五密文;若第五密文与注册码中的校验信息一致,则注册码验证通过。According to an embodiment, the registration code can be verified according to the following steps: using a trusted key to encrypt the trusted identity identifier and use authority information to generate a fifth ciphertext; if the verification between the fifth ciphertext and the registration code If the information is consistent, the registration code verification is passed.
以表4为例,注册码License的验证过程如下:获取可信密钥IDkey,基于HMAC算法,采用可信密钥IDkey对可信身份标识ID、生效时间Stime2、失效时间Etime2和可用次数Times2进行加密,生成第五密文。若第五密文与注册码中的校验信息一致,则注册码验证通过。否则,则验证未通过。Taking Table 4 as an example, the verification process of the registration code License is as follows: Obtain the trusted key IDkey, and use the trusted key IDkey to verify the trusted identity ID, valid time Stime2, invalidation time Etime2 and available times Times2 based on the HMAC algorithm. Encrypt to generate the fifth ciphertext. If the fifth ciphertext is consistent with the verification information in the registration code, the registration code verification is passed. Otherwise, the verification fails.
在将待激活的应用的注册码加密存储至安全存储空间111后,待激活的应用激活完成。安全存储空间111中的注册码仅能由可信执行环境中的激活管理应用112读取。After the registration code of the application to be activated is encrypted and stored in the
图9示出了根据本发明一个实施例的基于可信执行环境的应用激活过程的示意图。图9中,安全存储空间111、激活管理应用112、第二普通应用116位于终端设备中,激活管理应用112为可信执行环境中的可信应用,第二普通应用116为富执行环境中的待激活的应用。应用服务端122、认证服务端124位于服务端。应用服务端122用于向第二普通应用116提供方法及数据调用,生成第二普通应用116的使用权限信息(例如生效时间、失效时间、可用次数等)。认证服务端124用于验证终端设备110的身份,以及对相关数据进行加密等。FIG. 9 shows a schematic diagram of an application activation process based on a trusted execution environment according to an embodiment of the present invention. In FIG. 9, the
在步骤S901中,第二普通应用116向激活管理应用112发起初始化可信执行环境的请求。激活管理应用112基于该请求,对可信执行环境进行激活验证。若可信执行环境激活验证成功,则执行步骤S902。In step S901, the second
在步骤S902和S903中,激活管理应用112从安全存储空间111中读取可信身份标识ID和可信密钥IDkey。In steps S902 and S903, the
在步骤S904中,激活管理应用112根据可信身份标识ID来生成认证码AuthCode2,如前述表3所示,AuthCode2包括预置密钥Provisioning Key2,第四密文Provisioning_Key_Encrypt(ID)和第三映射值Hash_Sha256(ID)。In step S904, the
在步骤S905中,激活管理应用112将可信身份标识ID和认证码AuthCode2发送至第二普通应用116。In step S905 , the
在步骤S906中,第二普通应用116将可信身份标识ID和认证码AuthCode2发送至应用服务端122。In step S906 , the second
在步骤S907中,应用服务端122将可信身份标识ID和认证码AuthCode2发送至认证服务端124。In step S907 , the
在步骤S908中,认证服务端124对认证码AuthCode2进行验证:首先,从认证码AuthCode2中读取预置密钥Provisioning Key2。随后,采用Provisioning Key2对第四密文Provisioning_Key_Encrypt(ID)进行解密,以得到可信身份标识ID。最后,采用SHA256算法来计算可信身份标识ID的哈希值,若该哈希值与AuthCode2中的第三映射值一致,则AuthCode2验证成功。In step S908, the
在步骤S909中,认证服务端124将认证码AuthCode2验证成功的结果返回给应用服务端122。In step S909 , the
在步骤S910中,应用服务端122生成第二普通应用116的使用权限信息,参见表4,使用权限信息包括生效时间Stime2、失效时间Etime2和可用次数Times2。In step S910, the
在步骤S911中,应用服务端122将生成的使用权限信息发送至认证服务端124。In step S911 , the
在步骤S912中,认证服务端124生成校验信息,参见表4,校验信息为HMAC(IDkey,ID+Stime2+Etime2+Times2)。随后,将使用权限信息和校验信息组合形成注册码License。查找可信身份标识ID所对应的可信密钥IDkey,采用IDkey对License进行加密,生成注册信息。In step S912, the
在步骤S913~S915中,认证服务端124依次经过应用服务端122、第二普通应用116,将注册信息发送至激活管理应用112。In steps S913 to S915, the
在步骤S916中,激活管理应用112采用可信密钥IDkey对注册信息进行解密,得到注册码License。采用可信密钥IDkey对可信身份标识ID、生效时间Stime2、失效时间Etime2和可用次数Times2进行加密,生成第五密文。若第五密文与License中的校验信息一致,则注册码验证通过,执行步骤S917。In step S916, the
在步骤S917和S918中,激活管理应用112将注册码License加密存储至安全存储空间111,第二普通应用116激活成功。In steps S917 and S918, the
在步骤S919中,激活管理应用112将第二普通应用116激活成功的结果反馈至第二普通应用116。In step S919 , the
图10示出了根据本发明一个实施例的基于可信执行环境的应用激活方法1000的流程图。方法100在服务端(例如图2所示的服务端120)中执行,与前述在终端设备中执行的方法800相对应,适于对待激活的应用(例如图2所示的第二普通应用116)进行激活。FIG. 10 shows a flowchart of an
根据一种实施例,服务端进一步包括应用服务端(例如图2所示的应用服务端122)和认证服务端(例如图2所示的认证服务端124),应用服务端和认证服务端分工协作,以实现基于可信执行环境的应用激活。应用服务端可与待激活的应用直接通信,用于向待激活的应用提供方法及数据调用,生成待激活的应用的使用权限信息(例如生效时间、失效时间、可用次数等)。认证服务端通常不与待激活的应用直接通信,用于验证终端设备110的身份,以及对相关数据进行加密等。According to an embodiment, the server further includes an application server (such as the
如图10所示,方法1000始于步骤S1010。As shown in FIG. 10, the
在步骤S1010中,接收终端设备发送的可信身份标识。In step S1010, the trusted identity identifier sent by the terminal device is received.
可信身份标识存储于终端设备的安全存储空间111中,其仅能被可信执行环境中的特定可信应用,例如激活管理应用112读取。激活管理应用112获取可信身份标识后,通过待激活的应用发送至应用服务端。相应地,应用服务端接收待激活的应用发来的可信身份标识。The trusted identity is stored in the
根据一种实施例,在步骤S1010中,除了接收可信身份标识之外,还接受终端设备发送的认证码,认证码根据可信身份标识生成。对认证码进行验证,在认证码验证通过后,再执行步骤S520,根据可信身份标识生成注册码。According to an embodiment, in step S1010, in addition to receiving the trusted identity identifier, an authentication code sent by the terminal device is also accepted, and the authentication code is generated according to the trusted identity identifier. The authentication code is verified, and after the verification of the authentication code is passed, step S520 is executed to generate a registration code according to the trusted identity identifier.
根据一种实施例,应用服务端122在接收到第二普通应用116发来的可信身份标识和认证码后,将可信身份标识和认证码转发至认证服务端124,由认证服务端124来对认证码进行验证。认证码的具体验证过程可以参考前述步骤S810的相关描述,此处不再赘述。According to an embodiment, after receiving the trusted identity identifier and authentication code sent by the second
随后,在步骤S1020中,根据可信身份标识生成注册码。Subsequently, in step S1020, a registration code is generated according to the trusted identity identifier.
根据一种实施例,注册码包括待激活的应用的使用权限信息和校验信息,其中,使用权限信息用于标记该应用的使用权限,其例如可以包括生效时间、失效时间、可用次数等,但不限于此。校验信息用于对注册码进行校验,以保证注册码没有被非法篡改。根据一种实施例,校验信息包括采用可信密钥对可信身份标识和使用权限信息进行加密所生成的密文。According to an embodiment, the registration code includes usage permission information and verification information of the application to be activated, wherein the usage permission information is used to mark the usage permission of the application, which may include, for example, an effective time, an expiry time, the number of times of availability, etc., But not limited to this. The verification information is used to verify the registration code to ensure that the registration code has not been illegally tampered with. According to an embodiment, the verification information includes a ciphertext generated by encrypting the trusted identity identifier and the usage authority information with a trusted key.
根据一种实施例,注册码中的使用权限信息由应用服务端122生成。应用服务端122生成使用权限信息后,将使用权限信息发送至认证服务端124,由认证服务端124来生成校验信息。使用权限信息、校验信息的具体生成过程可以参考前述步骤S820的相关描述,此处不再赘述。According to an embodiment, the use permission information in the registration code is generated by the
随后,在步骤S1030中,采用可信身份标识所对应的可信密钥来加密注册码,以生成注册信息。Then, in step S1030, the registration code is encrypted by using the trusted key corresponding to the trusted identity identifier to generate registration information.
根据一种实施例,步骤S1030由认证服务端124执行。According to an embodiment, step S1030 is performed by the
随后,在步骤S1040中,将注册信息发送至终端设备,以便终端设备:采用可信密钥对注册信息进行解密,以得到注册码;以及将注册码加密存储至安全存储空间。Subsequently, in step S1040, the registration information is sent to the terminal device, so that the terminal device: uses a trusted key to decrypt the registration information to obtain a registration code; and encrypts and stores the registration code in a secure storage space.
在步骤S1040中,认证服务端124依次经过应用端122、待激活的应用,将注册信息发送至终端设备中的激活管理应用112。激活管理应用112采用可信密钥对注册信息进行解密,以得到注册码;以及将注册码加密存储至安全存储空间。In step S1040, the
步骤S1040的具体实施过程可以参考前述步骤S830、S840的相关描述,此处不再赘述。For the specific implementation process of step S1040, reference may be made to the relevant descriptions of the foregoing steps S830 and S840, which will not be repeated here.
当用户使用某一应用时,将会触发该应用的激活验证。只有当验证该应用激活成功时,用户才可以使用该应用;若验证该应用激活失败,则该应用对用户不可用。When the user uses an application, the activation verification of the application will be triggered. The user can use the application only when it is verified that the activation of the application is successful; if the verification of the activation of the application fails, the application is unavailable to the user.
图11示出了根据本发明一个实施例的基于可信执行环境的应用激活验证方法1100的流程图。方法1100在终端设备的可信执行环境中执行,例如,由可信执行环境中的激活管理应用112来执行。如图11所示,方法1100始于步骤S1110。FIG. 11 shows a flowchart of a
在步骤S1110中,获取可信身份标识、可信密钥和待验证的应用的注册码,注册码包括使用权限信息和校验信息,校验信息为采用可信密钥对可信身份标识、使用权限信息进行加密所生成的密文。In step S1110, a trusted identity identifier, a trusted key, and a registration code of an application to be verified are obtained, where the registration code includes use authority information and verification information, and the verification information is to use a trusted key to pair the trusted identifier, The ciphertext generated by encryption with permission information.
根据一种实施例,激活验证应用112从安全存储空间111中获取可信身份标识、可信密钥和待验证的应用的注册码。According to an embodiment, the
随后,在步骤S1120中,采用可信密钥对可信身份标识、使用权限信息进行加密,生成第六密文。Subsequently, in step S1120, the trusted identity identifier and the use authority information are encrypted by using the trusted key to generate a sixth ciphertext.
随后,在步骤S1130中,若第六密文与校验信息一致,则将注册码发送至待验证的应用,以便该应用根据当前使用环境与使用权限信息是否匹配来确定其是否激活成功。Subsequently, in step S1130, if the sixth ciphertext is consistent with the verification information, the registration code is sent to the application to be verified, so that the application can determine whether it is successfully activated according to whether the current usage environment matches the usage permission information.
例如,使用权限信息包括生效时间、失效时间和可用次数,相应地,该应用当前的使用环境包括时间、已用次数等信息。若当前的时间在生效时间~失效时间的范围内,且该应用的已用次数小于等于可用次数,则当前的使用环境与使用权限信息匹配,该应用激活成功。For example, the use permission information includes the effective time, the expiry time, and the available times, and accordingly, the current use environment of the application includes information such as time, used times, and the like. If the current time is within the range from the effective time to the expiry time, and the number of times the application has been used is less than or equal to the number of times the application is available, the current usage environment matches the usage permission information, and the application is successfully activated.
图12示出了根据本发明一个实施例的基于可信执行环境的应用激活验证过程的示意图。图12中,安全存储空间111、激活管理应用112、第二普通应用116均位于终端设备110中,激活管理应用112为可信执行环境中的可信应用,第二普通应用116为富执行环境中的普通应用。FIG. 12 shows a schematic diagram of an application activation verification process based on a trusted execution environment according to an embodiment of the present invention. In FIG. 12, the
在步骤S1201中,当用户使用第二普通应用116时,第二普通应用116向激活管理应用112发起激活验证请求。In step S1201, when the user uses the second
在步骤S1202和S1203中,激活管理应用112从安全存储空间111中获取可信身份标识ID、可信密钥IDkey和可信执行环境的激活码ActiCode。In steps S1202 and S1203 , the
在步骤S1204中,激活管理应用112根据可信身份标识ID、可信密钥IDkey和激活码ActiCode来验证可信执行环境是否激活成功。在可信执行环境激活成功的情况下,继续执行步骤S1205。In step S1204, the
在步骤S1205和S1206中,激活管理应用112从安全存储空间111中获取注册码License。参见表4,License包括生效时间Stime2、失效时间Etime2、可用次数Times2和校验信息HMAC(IDkey,ID+Stime2+Etime2+Times2)。In steps S1205 and S1206 , the
在步骤S1207中,激活管理应用112采用可信密钥IDkey对可信身份标识ID、生效时间Stime2、失效时间Etime2和可用次数Times2进行加密,生成第六密文。若第六密文与License中的校验信息一致,则执行步骤S1208。In step S1207, the
在步骤S1208中,激活管理应用112将注册码发送至第二普通应用116。In step S1208 , the
在步骤S1209中,第二普通应用116获取当前使用环境,当前使用环境包括当前时间和第二普通应用116的已用次数。读取注册码中的生效时间Stime2、失效时间Etime2、可用次数Times2。判断当前时间是否在生效时间Stime2~失效时间Etime2的时间范围内,以及已用次数是否小于等于可用次数Times2。若当前时间在生效时间Stime2~失效时间Etime2的时间范围内,且已用次数小于等于可用次数Times2,则第二普通应用116激活成功。In step S1209, the second
这里描述的各种技术可结合硬件或软件,或者它们的组合一起实现。从而,本发明的方法和设备,或者本发明的方法和设备的某些方面或部分可采取嵌入有形媒介,例如可移动硬盘、U盘、软盘、CD-ROM或者其它任意机器可读的存储介质中的程序代码(即指令)的形式,其中当程序被载入诸如计算机之类的机器,并被所述机器执行时,所述机器变成实践本发明的设备。The various techniques described herein can be implemented in conjunction with hardware or software, or a combination thereof. Thus, the method and apparatus of the present invention, or certain aspects or portions of the method and apparatus of the present invention, may take the form of an embedded tangible medium, such as a removable hard disk, a USB stick, a floppy disk, a CD-ROM, or any other machine-readable storage medium. in the form of program code (ie, instructions) that, when the program is loaded into a machine, such as a computer, and executed by the machine, the machine becomes an apparatus for practicing the invention.
在程序代码在可编程计算机上执行的情况下,计算设备一般包括处理器、处理器可读的存储介质(包括易失性和非易失性存储器和/或存储元件),至少一个输入装置,和至少一个输出装置。其中,存储器被配置用于存储程序代码;处理器被配置用于根据该存储器中存储的所述程序代码中的指令,执行本发明的基于可信执行环境的应用激活方法。Where the program code is executed on a programmable computer, the computing device typically includes a processor, a storage medium readable by the processor (including volatile and nonvolatile memory and/or storage elements), at least one input device, and at least one output device. The memory is configured to store program codes; the processor is configured to execute the trusted execution environment-based application activation method of the present invention according to the instructions in the program codes stored in the memory.
以示例而非限制的方式,可读介质包括可读存储介质和通信介质。可读存储介质存储诸如计算机可读指令、数据结构、程序模块或其它数据等信息。通信介质一般以诸如载波或其它传输机制等已调制数据信号来体现计算机可读指令、数据结构、程序模块或其它数据,并且包括任何信息传递介质。以上的任一种的组合也包括在可读介质的范围之内。By way of example and not limitation, readable media include readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
在此处所提供的说明书中,算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与本发明的示例一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。In the specification provided herein, the algorithms and displays are not inherently related to any particular computer, virtual system, or other device. Various general purpose systems may also be used with examples of the present invention. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not directed to any particular programming language. It is to be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下被实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be interpreted as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
本领域那些技术人员应当理解在本文所公开的示例中的设备的模块或单元或组件可以布置在如该实施例中所描述的设备中,或者可替换地可以定位在与该示例中的设备不同的一个或多个设备中。前述示例中的模块可以组合为一个模块或者此外可以分成多个子模块。Those skilled in the art will appreciate that the modules or units or components of the apparatus in the examples disclosed herein may be arranged in the apparatus as described in this embodiment, or alternatively may be positioned differently from the apparatus in this example in one or more devices. The modules in the preceding examples may be combined into one module or further divided into sub-modules.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will appreciate that although some of the embodiments described herein include certain features, but not others, included in other embodiments, that combinations of features of different embodiments are intended to be within the scope of the invention within and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
此外,所述实施例中的一些在此被描述成可以由计算机系统的处理器或者由执行所述功能的其它装置实施的方法或方法元素的组合。因此,具有用于实施所述方法或方法元素的必要指令的处理器形成用于实施该方法或方法元素的装置。此外,装置实施例的在此所述的元素是如下装置的例子:该装置用于实施由为了实施该发明的目的的元素所执行的功能。Furthermore, some of the described embodiments are described herein as methods or combinations of method elements that can be implemented by a processor of a computer system or by other means for performing the described functions. Thus, a processor having the necessary instructions for implementing the method or method element forms means for implementing the method or method element. Furthermore, an element of an apparatus embodiment described herein is an example of a means for carrying out the function performed by the element for the purpose of carrying out the invention.
如在此所使用的那样,除非另行规定,使用序数词“第一”、“第二”、“第三”等等来描述普通对象仅仅表示涉及类似对象的不同实例,并且并不意图暗示这样被描述的对象必须具有时间上、空间上、排序方面或者以任意其它方式的给定顺序。As used herein, unless otherwise specified, the use of the ordinal numbers "first," "second," "third," etc. to describe common objects merely refers to different instances of similar objects, and is not intended to imply such The objects being described must have a given order in time, space, ordinal, or in any other way.
尽管根据有限数量的实施例描述了本发明,但是受益于上面的描述,本技术领域内的技术人员明白,在由此描述的本发明的范围内,可以设想其它实施例。此外,应当注意,本说明书中使用的语言主要是为了可读性和教导的目的而选择的,而不是为了解释或者限定本发明的主题而选择的。因此,在不偏离所附权利要求书的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。对于本发明的范围,对本发明所做的公开是说明性的而非限制性的,本发明的范围由所附权利要求书限定。While the invention has been described in terms of a limited number of embodiments, those skilled in the art will appreciate, having the benefit of the above description, that other embodiments are conceivable within the scope of the invention thus described. Furthermore, it should be noted that the language used in this specification has been principally selected for readability and teaching purposes, rather than to explain or define the subject matter of the invention. Accordingly, many modifications and variations will be apparent to those skilled in the art without departing from the scope and spirit of the appended claims. This disclosure is intended to be illustrative and not restrictive with regard to the scope of the present invention, which is defined by the appended claims.
Claims (36)
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910145498.3A CN111625829B (en) | 2019-02-27 | 2019-02-27 | Application activation method and device based on trusted execution environment |
| TW108142942A TW202109320A (en) | 2019-02-27 | 2019-11-26 | Trusted execution environment-based application activation method and apparatus |
| PCT/CN2020/075688 WO2020173332A1 (en) | 2019-02-27 | 2020-02-18 | Trusted execution environment-based application activation method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910145498.3A CN111625829B (en) | 2019-02-27 | 2019-02-27 | Application activation method and device based on trusted execution environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111625829A true CN111625829A (en) | 2020-09-04 |
| CN111625829B CN111625829B (en) | 2025-05-27 |
Family
ID=72240190
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910145498.3A Active CN111625829B (en) | 2019-02-27 | 2019-02-27 | Application activation method and device based on trusted execution environment |
Country Status (3)
| Country | Link |
|---|---|
| CN (1) | CN111625829B (en) |
| TW (1) | TW202109320A (en) |
| WO (1) | WO2020173332A1 (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112349149A (en) * | 2020-11-05 | 2021-02-09 | 中国联合网络通信集团有限公司 | Internet unmanned aerial vehicle monitoring method, client, internet unmanned aerial vehicle and monitoring platform |
| CN112398818A (en) * | 2020-11-02 | 2021-02-23 | 深圳数联天下智能科技有限公司 | Software activation method and related device thereof |
| CN112507325A (en) * | 2020-12-03 | 2021-03-16 | 深圳天地宽视信息科技有限公司 | Method, device, equipment and storage medium for managing equipment access authority |
| CN112635038A (en) * | 2020-12-24 | 2021-04-09 | 赛诺联合医疗科技(北京)有限公司 | Activation method of PET-CT equipment |
| CN112632481A (en) * | 2020-12-11 | 2021-04-09 | 深圳市英威腾电气股份有限公司 | Method for authorizing software, terminal device and storage medium |
| CN112800436A (en) * | 2021-04-07 | 2021-05-14 | 支付宝(杭州)信息技术有限公司 | Data authorization method and device and electronic equipment |
| CN112953951A (en) * | 2021-03-02 | 2021-06-11 | 浪潮云信息技术股份公司 | User login verification and security detection method and system based on domestic CPU |
| CN115168816A (en) * | 2022-08-03 | 2022-10-11 | 明阳产业技术研究院(沈阳)有限公司 | Software anti-piracy method, device, equipment and medium |
| US20230409718A1 (en) * | 2022-06-17 | 2023-12-21 | Alipay (Hangzhou) Information Technology Co., Ltd. | Data processing methods, apparatuses, and devices |
| CN117353921A (en) * | 2023-12-06 | 2024-01-05 | 飞腾信息技术有限公司 | Key management method, device, computing equipment and computer readable storage medium |
| CN117375832A (en) * | 2023-12-06 | 2024-01-09 | 飞腾信息技术有限公司 | Key management method, device, computing equipment and computer readable storage medium |
| CN117556391A (en) * | 2023-12-28 | 2024-02-13 | 江苏万禾科技集团有限公司 | Activation code generation method, electronic equipment activation method and device |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114301590B (en) * | 2021-12-28 | 2023-11-10 | 西安电子科技大学 | Trusted startup method and system for UAV airborne control system based on TPM |
| CN114791834B (en) * | 2022-02-25 | 2024-04-26 | 数字广东网络建设有限公司 | Application program starting method and device, electronic equipment and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556943A (en) * | 2002-07-15 | 2004-12-22 | ������������ʽ���� | Client terminal, software control method and control program |
| CN102446251A (en) * | 2011-08-24 | 2012-05-09 | 杭州华三通信技术有限公司 | Device activation realizing method and equipment |
| CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
| CN105101169A (en) * | 2014-05-13 | 2015-11-25 | 中国移动通信集团公司 | Method, device, terminal and SIM card for trusted execution environment processing information |
| CN105574723A (en) * | 2015-12-14 | 2016-05-11 | 联想(北京)有限公司 | Information security processing method and security processing apparatus |
| CN106503492A (en) * | 2016-10-27 | 2017-03-15 | 厦门中控生物识别信息技术有限公司 | A kind of authorization management method, server, customer equipment and system |
| US20170169213A1 (en) * | 2015-12-14 | 2017-06-15 | Lenovo (Beijing) Limited | Electronic device and method for running applications in different security environments |
| CN107508791A (en) * | 2017-07-12 | 2017-12-22 | 武汉精伦电气有限公司 | A kind of terminal identity verification method and system based on distributed key encryption |
| CN107679371A (en) * | 2017-09-25 | 2018-02-09 | 用友网络科技股份有限公司 | Software license control method, device, computer equipment and readable storage medium storing program for executing |
| US20180254898A1 (en) * | 2017-03-06 | 2018-09-06 | Rivetz Corp. | Device enrollment protocol |
| CN108964922A (en) * | 2018-06-19 | 2018-12-07 | 深圳市文鼎创数据科技有限公司 | mobile terminal token activation method, terminal device and server |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7644442B2 (en) * | 2003-01-31 | 2010-01-05 | Microsoft Corporation | Systems and methods for using machine attributes to deter software piracy in an enterprise environment |
| CN101211394A (en) * | 2006-12-30 | 2008-07-02 | 智多微电子(上海)有限公司 | Software authorization method and device |
| CN105656898B (en) * | 2016-01-07 | 2018-11-20 | 广西英腾教育科技股份有限公司 | A kind of activation code data processing system and method based on various dimensions information |
| US10218696B2 (en) * | 2016-06-30 | 2019-02-26 | Microsoft Technology Licensing, Llc | Targeted secure software deployment |
| CN106446613A (en) * | 2016-08-29 | 2017-02-22 | 武汉启目科技有限公司 | Protection method for pre-installed application in terminal |
| CN107391971A (en) * | 2017-06-13 | 2017-11-24 | 北京航天发射技术研究所 | A kind of guard method of software license mandate |
| CN107784206A (en) * | 2017-11-10 | 2018-03-09 | 北京深思数盾科技股份有限公司 | Method for protecting software and device and software verification method and device |
| CN107832589B (en) * | 2017-11-29 | 2020-05-12 | 苏州科达科技股份有限公司 | Software copyright protection method and system |
| CN108376211B (en) * | 2018-02-07 | 2020-10-20 | 杭州矩视科技有限公司 | Software authorization management method, server and system |
| CN109271757B (en) * | 2018-08-10 | 2022-03-18 | 神州网信技术有限公司 | Off-line activation method and system for software |
-
2019
- 2019-02-27 CN CN201910145498.3A patent/CN111625829B/en active Active
- 2019-11-26 TW TW108142942A patent/TW202109320A/en unknown
-
2020
- 2020-02-18 WO PCT/CN2020/075688 patent/WO2020173332A1/en active Application Filing
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1556943A (en) * | 2002-07-15 | 2004-12-22 | ������������ʽ���� | Client terminal, software control method and control program |
| CN102446251A (en) * | 2011-08-24 | 2012-05-09 | 杭州华三通信技术有限公司 | Device activation realizing method and equipment |
| CN105101169A (en) * | 2014-05-13 | 2015-11-25 | 中国移动通信集团公司 | Method, device, terminal and SIM card for trusted execution environment processing information |
| CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
| CN105574723A (en) * | 2015-12-14 | 2016-05-11 | 联想(北京)有限公司 | Information security processing method and security processing apparatus |
| US20170169213A1 (en) * | 2015-12-14 | 2017-06-15 | Lenovo (Beijing) Limited | Electronic device and method for running applications in different security environments |
| CN106503492A (en) * | 2016-10-27 | 2017-03-15 | 厦门中控生物识别信息技术有限公司 | A kind of authorization management method, server, customer equipment and system |
| US20180254898A1 (en) * | 2017-03-06 | 2018-09-06 | Rivetz Corp. | Device enrollment protocol |
| CN107508791A (en) * | 2017-07-12 | 2017-12-22 | 武汉精伦电气有限公司 | A kind of terminal identity verification method and system based on distributed key encryption |
| CN107679371A (en) * | 2017-09-25 | 2018-02-09 | 用友网络科技股份有限公司 | Software license control method, device, computer equipment and readable storage medium storing program for executing |
| CN108964922A (en) * | 2018-06-19 | 2018-12-07 | 深圳市文鼎创数据科技有限公司 | mobile terminal token activation method, terminal device and server |
Non-Patent Citations (1)
| Title |
|---|
| 焦四辈;杨正军;国炜;: "智能终端可信执行环境安全性分析", 互联网天地, no. 08, 15 August 2016 (2016-08-15), pages 12 - 17 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112398818A (en) * | 2020-11-02 | 2021-02-23 | 深圳数联天下智能科技有限公司 | Software activation method and related device thereof |
| CN112398818B (en) * | 2020-11-02 | 2023-03-07 | 深圳数联天下智能科技有限公司 | Software activation method and related device thereof |
| CN112349149A (en) * | 2020-11-05 | 2021-02-09 | 中国联合网络通信集团有限公司 | Internet unmanned aerial vehicle monitoring method, client, internet unmanned aerial vehicle and monitoring platform |
| CN112507325B (en) * | 2020-12-03 | 2022-10-28 | 深圳天地宽视信息科技有限公司 | Method, device, equipment and storage medium for managing equipment access authority |
| CN112507325A (en) * | 2020-12-03 | 2021-03-16 | 深圳天地宽视信息科技有限公司 | Method, device, equipment and storage medium for managing equipment access authority |
| CN112632481A (en) * | 2020-12-11 | 2021-04-09 | 深圳市英威腾电气股份有限公司 | Method for authorizing software, terminal device and storage medium |
| CN112635038A (en) * | 2020-12-24 | 2021-04-09 | 赛诺联合医疗科技(北京)有限公司 | Activation method of PET-CT equipment |
| CN112953951A (en) * | 2021-03-02 | 2021-06-11 | 浪潮云信息技术股份公司 | User login verification and security detection method and system based on domestic CPU |
| CN112953951B (en) * | 2021-03-02 | 2022-04-12 | 浪潮云信息技术股份公司 | User login verification and security detection method and system based on domestic CPU |
| CN112800436A (en) * | 2021-04-07 | 2021-05-14 | 支付宝(杭州)信息技术有限公司 | Data authorization method and device and electronic equipment |
| CN112800436B (en) * | 2021-04-07 | 2021-06-29 | 支付宝(杭州)信息技术有限公司 | Data authorization method and device and electronic equipment |
| US20230409718A1 (en) * | 2022-06-17 | 2023-12-21 | Alipay (Hangzhou) Information Technology Co., Ltd. | Data processing methods, apparatuses, and devices |
| CN115168816A (en) * | 2022-08-03 | 2022-10-11 | 明阳产业技术研究院(沈阳)有限公司 | Software anti-piracy method, device, equipment and medium |
| CN115168816B (en) * | 2022-08-03 | 2023-08-04 | 明阳产业技术研究院(沈阳)有限公司 | Software anti-piracy method, device, equipment and medium |
| CN117353921A (en) * | 2023-12-06 | 2024-01-05 | 飞腾信息技术有限公司 | Key management method, device, computing equipment and computer readable storage medium |
| CN117375832A (en) * | 2023-12-06 | 2024-01-09 | 飞腾信息技术有限公司 | Key management method, device, computing equipment and computer readable storage medium |
| CN117353921B (en) * | 2023-12-06 | 2024-02-13 | 飞腾信息技术有限公司 | Key management method, device, computing equipment and computer readable storage medium |
| CN117375832B (en) * | 2023-12-06 | 2024-02-27 | 飞腾信息技术有限公司 | Key management method, device, computing equipment and computer readable storage medium |
| CN117556391A (en) * | 2023-12-28 | 2024-02-13 | 江苏万禾科技集团有限公司 | Activation code generation method, electronic equipment activation method and device |
| CN117556391B (en) * | 2023-12-28 | 2024-03-22 | 江苏万禾科技集团有限公司 | Activation code generation method, electronic equipment activation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| TW202109320A (en) | 2021-03-01 |
| CN111625829B (en) | 2025-05-27 |
| WO2020173332A1 (en) | 2020-09-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111625829B (en) | Application activation method and device based on trusted execution environment | |
| CN110677418B (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
| CN103136463B (en) | System and method for temporary secure boot process of electronic device | |
| US20150310427A1 (en) | Method, apparatus, and system for generating transaction-signing one-time password | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| JP2016520230A (en) | Secure approval system and method | |
| EP3206329B1 (en) | Security check method, device, terminal and server | |
| CN105975867B (en) | Data processing method | |
| CN115037480B (en) | Device authentication and verification method, device, equipment and storage medium | |
| US10902093B2 (en) | Digital rights management for anonymous digital content sharing | |
| CN107040520B (en) | Cloud computing data sharing system and method | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| WO2016173211A1 (en) | Application identifier management method and device | |
| CN115529591A (en) | Token-based authentication method, device, equipment and storage medium | |
| CN106992978B (en) | Network security management method and server | |
| CN111932261A (en) | Asset data management method and device based on verifiable statement | |
| US20180218363A1 (en) | Payment instrument management with key tokenization | |
| JP2015104020A (en) | Communication terminal device, communication terminal association system, communication terminal association method and computer program | |
| CN109936522B (en) | Equipment authentication method and equipment authentication system | |
| US7739500B2 (en) | Method and system for consistent recognition of ongoing digital relationships | |
| US20180218357A1 (en) | Export high value material based on ring 1 evidence of ownership | |
| CN108985079B (en) | Data verification method and verification system | |
| KR102445379B1 (en) | A method of operating a server device, a method of operating a terminal, and a server device | |
| HK40036384A (en) | Application activation method and device based on trusted execution environment | |
| KR102528051B1 (en) | Terminal for payment and operaing method of thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40036384 Country of ref document: HK |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |