Nothing Special   »   [go: up one dir, main page]

WO2021109655A1 - Procédé et appareil de traitement de tâche de sécurité, dispositif électronique et support de stockage - Google Patents

Procédé et appareil de traitement de tâche de sécurité, dispositif électronique et support de stockage Download PDF

Info

Publication number
WO2021109655A1
WO2021109655A1 PCT/CN2020/113477 CN2020113477W WO2021109655A1 WO 2021109655 A1 WO2021109655 A1 WO 2021109655A1 CN 2020113477 W CN2020113477 W CN 2020113477W WO 2021109655 A1 WO2021109655 A1 WO 2021109655A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
micro
architecture
operating system
task processing
Prior art date
Application number
PCT/CN2020/113477
Other languages
English (en)
Chinese (zh)
Inventor
朱丙营
辛知
孟飞
郑建旭
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2021109655A1 publication Critical patent/WO2021109655A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Definitions

  • This application relates to the field of computer communication, and in particular to a security task processing method, device, electronic equipment, and storage medium.
  • the electronic devices may include a secure operating system and a basic operating system.
  • the processor used to process security tasks on electronic devices runs the basic operating system by default.
  • the operating system can be switched from the basic operating system to the secure operating system. Security tasks are performed in the system environment of the operating system.
  • the present application provides a security task processing method, device, electronic equipment, and storage medium.
  • a security task processing method is provided, the method is applied to a processor in an electronic device, and the processor is equipped with a security operating system; wherein, the security operating system includes a micro security architecture , The micro security architecture includes at least one security application service; the method includes:
  • the micro security architecture is a general micro security architecture compatible with security operating systems that support multiple processors of different specifications.
  • the method further includes:
  • a micro-security architecture is created based on the configuration file of the pre-configured micro-security architecture.
  • the method before the operation of the micro-security architecture and the determination of a target security application service matching the security task processing request among multiple security application services included in the micro-security architecture, the method further include:
  • the micro security architecture includes Super TA.
  • a security task processing device is provided, the device is applied to a processor in an electronic device, and the processor is equipped with a security operating system; wherein, the security operating system includes a micro security architecture , The micro security architecture includes at least one security application service; the device includes:
  • the switching unit is configured to switch the operating system running on the processor to the security operating system in response to the monitored security task processing request;
  • the determining unit is configured to run the micro security architecture in the system environment of the security operating system, and determine a target security application matching the security task processing request among multiple security application services included in the micro security architecture service;
  • the calling unit is used to call the target security application service to complete the security task corresponding to the security task processing request.
  • the micro security architecture is a general micro security architecture compatible with security operating systems that support multiple processors of different specifications.
  • the device further includes:
  • the creation unit is used to create a micro-security architecture based on the configuration file of the pre-configured micro-security architecture during the initialization phase of the security operating system.
  • the device further includes:
  • the detection unit is configured to determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture;
  • the determining unit is configured to, if yes, run the micro security architecture, and determine a target security application service matching the security task processing request among multiple security application services included in the micro security architecture.
  • the micro security architecture includes Super TA.
  • an electronic device including:
  • a memory for storing processor executable instructions
  • the processor implements the above safety task processing method by running the executable instruction.
  • a machine-readable storage medium having computer instructions stored thereon, which when executed by a processor implements the above-mentioned security task processing method.
  • this application proposes a micro-security architecture, which includes at least one secure application service.
  • the micro security architecture can be deployed in a security operating system carried by the processor.
  • the micro-security architecture provided by this application can isolate the security application service from the security operating system of each processor, and facilitate the upgrade, maintenance, and transplantation of the security application service.
  • micro-security architecture provided by this application has strong compatibility and can be compatible with security operating systems that support multiple processors of different specifications. Developers only need to develop a micro-security architecture to realize the simultaneous deployment of secure application services in the secure operating systems of multiple processors, greatly improving the deployment efficiency of secure application services.
  • Fig. 1 is a schematic diagram of an electronic device shown in an exemplary embodiment of this specification
  • Fig. 2 is a flowchart of a security task processing method shown in an exemplary embodiment of the present application
  • Fig. 3 is a schematic diagram of an ARMv8 architecture shown in an exemplary embodiment of the present application.
  • Fig. 4 is a block diagram of a security task processing device shown in an exemplary embodiment of the present application.
  • first, second, third, etc. may be used in this specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.
  • this application proposes a micro security architecture, which includes at least one security application service.
  • the micro security architecture can be deployed in a security operating system carried by the processor.
  • the micro-security architecture provided by this application can isolate the security application service from the security operating system of each processor, and facilitate the upgrade, maintenance, and transplantation of the security application service.
  • micro-security architecture provided by this application has strong compatibility and can be compatible with security operating systems that support multiple processors of different specifications. Developers only need to develop a micro-security architecture to realize the simultaneous deployment of secure application services in the secure operating systems of multiple processors, greatly improving the deployment efficiency of secure application services.
  • this application also provides a method for processing security tasks based on a micro security architecture.
  • the processor may switch the operating system running by the processor to the safety operating system in response to the monitored safety task processing request.
  • the micro-security architecture In the system environment of the secure operating system, run the micro-security architecture, and among the multiple security application services included in the micro-security architecture, determine the target security application service that matches the security task processing request, and call all security application services.
  • the target safety application service is used to complete the safety task corresponding to the safety task processing request.
  • this application also provides a method for creating a micro-security architecture. In the initial process of a secure operating system, the creation of the micro-security architecture is completed.
  • Fig. 1 is a schematic diagram of an electronic device according to an exemplary embodiment of this specification.
  • the electronic device includes at least one processor, a network interface, a storage medium, and a bus.
  • the electronic device may also include other hardware, such as logic chips, input/output interfaces, and so on.
  • the hardware of the electronic device is only exemplarily described, and it is not specifically limited.
  • the processor, network interface, and storage medium can communicate with each other through the bus.
  • the above-mentioned processor may be an ARM (Advanced RISC Machines, advanced RISC processor chip) chip (such as ARMv8), or an Intel x86 (Intel x86) chip, etc.
  • ARM Advanced RISC Machines, advanced RISC processor chip
  • Intel x86 Intel x86
  • Each processor in the electronic device independently runs its own operating system, and performs its own tasks under the operating system it runs.
  • the operating system that the processor runs may include a basic operating system and a security operating system.
  • the processor runs a basic operating system by default, and when it needs to process a security task, the processor switches its running basic operating system to a secure operating system.
  • the security task is executed in the system environment of the security operating system. After the execution of the security task is completed, the operating system is switched from the security operating system to the basic operating system.
  • the aforementioned storage medium may be any electronic, magnetic, optical, or other physical storage device, and may contain storage information, such as executable instructions, data reading and writing, and so on.
  • the processor readable and writable storage medium may be: a volatile memory, a non-volatile memory, or a similar storage medium.
  • electronic devices may include: mobile terminal devices (such as mobile phones, IPAD, etc.), PCs, portable computers, and so on.
  • the electronic device is only exemplified here, and it is not specifically limited.
  • the micro-security architecture is a newly proposed architecture in this application. It is a micro-architecture with strong compatibility.
  • the micro-security architecture can be compatible with security operating systems that support multiple processors of different specifications.
  • the micro security architecture can be compatible with the security operating system of the Inter X86 processor and the security operating system of the ARM processor.
  • the micro security architecture has the authority to call the basic functions of the operating system. Such as: interrupt registration, process creation, process cancellation, memory management, file system management, Timer registration and other functions.
  • interrupt registration process creation, process cancellation, memory management, file system management, Timer registration and other functions.
  • process creation process creation
  • process cancellation memory management
  • file system management file system management
  • Timer registration timer registration and other functions.
  • function of the micro-security architecture is only exemplified, and the function of the micro-security architecture is not specifically limited.
  • the micro security architecture may include at least one security application service.
  • the micro security architecture may include: unlocking services, signature services in the payment process, and so on.
  • the security application service of the micro security architecture is only exemplified, and it is not specifically limited.
  • the micro security architecture can isolate the security application service from the security operating system of each processor, facilitating the upgrade, maintenance and transplantation of the security application service.
  • the micro-security architecture can be compatible with security operating systems that support a variety of processors with different specifications, developers only need to develop the micro-security architecture to deploy security application services in the security operating systems of multiple processors at the same time. Improved the deployment efficiency of security application services.
  • the micro-security architecture may be a Super TA (Advanced Authority Security Application Management) architecture.
  • the micro-security architecture may also be other architectures.
  • the micro-security architecture is only exemplified and not specifically limited.
  • the security task processing method provided in this application will be described in detail below from two aspects of security task processing based on micro security architecture and creation of micro security architecture.
  • FIG. 2 is a flowchart of a security task processing method shown in an exemplary embodiment of the present application.
  • the method can be applied to any processor in the electronic device shown in FIG. 1.
  • the processor is equipped with a secure operating system.
  • the secure operating system includes a micro-security architecture.
  • the micro security architecture includes at least one security application service.
  • the safety task processing method may include the following steps.
  • Step 202 In response to the monitored security task processing request, the processor switches the operating system running on the processor to the security operating system.
  • safety tasks refer to tasks with high safety requirements.
  • users complete tasks related to bill or order payment through security applications (such as payment apps, etc.).
  • security applications such as payment apps, etc.
  • users perform user information authentication tasks through security applications.
  • Another example is the screen unlocking task triggered when the user turns on the screen.
  • the safety task is only exemplified here, and it is not specifically limited.
  • Safety application service is a program used to complete safety tasks. Each safety task corresponds to a safety application service.
  • the security application service that handles the security task is a screen unlocking service.
  • the screen unlocking service can match the screen unlocking password entered by the user with the unlocking password preset by the user. If the match is successful, the screen will be unlocked. If the match fails, the prompt message of the wrong password will be displayed.
  • the safety task and safety application service are only exemplified here, and they are not specifically limited.
  • the driver of the security application client when the driver of the security application client (such as Alipay, etc.) detects that the user triggers the security task on the security application client, the driver of the security application client may initiate a security task processing request.
  • the processor When the processor monitors the safety task processing request, it can respond to the safety task processing request and switch the operating system running on the processor from the basic operating system to the safety operating system.
  • the processor may call the switching logic recorded in the switching firmware in the storage medium, and switch the operating system of the processor from a basic operating system to a secure operating system.
  • Secure monitor firmware is stored in the storage medium of the electronic device.
  • the processor can call the switching logic in the Secure monitor firmware to switch the operating system running on the processor from the basic operating system to the secure operating system.
  • the operating system switching mode is only exemplarily described, and it is not specifically limited.
  • Step 204 The processor runs the micro-security architecture in the system environment of the security operating system, and determines a target security application that matches the security task processing request among multiple security application services included in the micro-security architecture service.
  • the micro security architecture includes security application services for handling all security tasks supported by electronic devices.
  • the aforementioned security task processing request carries the service identifier of the requested target security application service.
  • the processor runs the micro security architecture in the system environment of the security operating system, and determines the target security application service indicated by the service identifier among multiple security application services included in the micro security architecture.
  • the micro security architecture includes security application services for processing part of the security tasks supported by electronic devices
  • the security operating system includes security application services for processing part of the security tasks supported by electronic devices. Security application service.
  • the processor may determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture.
  • the target security application service requested by the security task processing request is a security application service included in the micro security architecture, run the micro security architecture, and determine among the multiple security application services included in the micro security architecture The target security application service matching the security task processing request.
  • the target security application service requested by the security task processing request is not a security application service included in the micro security architecture, in the security application services configured in the security operating system, search for a target security application that matches the security task processing request service.
  • Method 1 The security task processing request carries the service identifier of the requested target security application service.
  • the storage medium of the electronic device maintains a list of service identities of all security application services included in the micro security architecture.
  • the processor may call the list of service identifications, and search the list of service identifications for whether there is a service identification carried in the security task processing request. If the service identifier carried in the security task processing request exists in the service identifier list, it is determined that the security application service requested by the security task processing request is the security application service included in the micro security architecture. If the service identifier carried by the security task processing request does not exist in the list of service identifiers, it is determined that the security application service requested by the security task processing request is not a security application service included in the micro security architecture.
  • the service identification list of the security application service included in the micro security architecture includes: security application service 1, security application service 2, and security application service 3.
  • the security task processing request carries the service identifier of the requested security application service as security application service 1.
  • the processor can determine that the security application service requested by the security task processing request is a security application service included in the micro security architecture.
  • the security task processing request carries the service identifier of the requested target security application service.
  • the service identifier may indicate whether the target security application service is a security application service of a security operating system or a security application service included in the micro security architecture.
  • a certain designated bit in the service identifier can be designated to indicate the location of the target security application service.
  • the processor may obtain the service identifier of the target security application service carried in the security task processing request, and if the value of the designated bit of the service identifier is the first preset value (for example, 1), it is determined that the target security application service is micro security Security application services included in the architecture. If the value of the designated bit of the service identifier is the second preset value (for example, 0), it is determined that the target secure application service is the secure application service included in the secure operating system.
  • determining whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture is only exemplified here, and it is not specifically limited.
  • the micro security architecture is run, and among multiple security application services included in the micro security architecture , To determine the target security application service indicated by the service identifier.
  • the target security application service requested by the security task processing request is not a security application service included in the micro-security architecture, in the security application service configured in the security operating system, search for the location corresponding to the service identification carried in the security task processing request.
  • the indicated target security application service is not a security application service included in the micro-security architecture, in the security application service configured in the security operating system, search for the location corresponding to the service identification carried in the security task processing request. The indicated target security application service.
  • Step 206 The processor invokes the target security application service to complete the security task corresponding to the security task processing request.
  • the processor may first obtain the safety task corresponding to the safety task processing request.
  • the safety task processing request carries the safety task
  • the processor may parse the safety task processing request to obtain the safety task carried in the safety task processing request.
  • the safety task processing request carries the identifier of the safety task.
  • the safety task can be recorded in the cache.
  • the processor may parse the safety task processing request, obtain the safety task identifier carried in the safety task processing request, and read the safety task in the cache based on the safety task identifier.
  • the processor may create a micro-security architecture based on a pre-configured configuration file of the micro-security architecture during the initialization phase of the security operating system.
  • FIG. 3 is a schematic diagram of an ARMv8 architecture shown in an exemplary embodiment of the present application.
  • EL0 represents the execution level 0 of the ARMv8 architecture, and the application program (ie Application in FIG. 3) is executed at the EL0 level.
  • the EL1 represents the execution level 1 of the ARMv8 architecture, and the kernel operating system is executed at the EL1 level.
  • the kernel operating system may include: a secure operating system (ie, Secure OS in Figure 3), and a basic operating system (ie, Normal OS in Figure 3).
  • EL3 represents the execution level 3 of the ARMv8 architecture, and the Secure Monitor firmware is executed at the EL3 level.
  • BL1 refers to the first start-up phase of electronic equipment.
  • BL2 refers to the second start-up phase of electronic equipment.
  • BL31 refers to the third start-up phase of electronic equipment.
  • the electronic device can enter the BL1 stage.
  • the processor of the electronic device can use the verification method in the BL1 stage to verify the firmware of the BL2 stage. If the BL2 stage firmware check passes, the BL2 stage start is executed based on the BL2 stage firmware.
  • the processor can use the verification method in the BL2 stage to verify the legitimacy of the firmware in the BL31 stage, use the verification method in the BL2 stage to verify the legitimacy of the Bootloader firmware, and use the verification method in the BL2 stage to verify The legitimacy given by the secure operating system.
  • the processor uses the firmware in the BL31 stage to execute the startup of the BL31 stage, and initializes the secure operating system in the BL31 stage.
  • a micro-security architecture is created based on the pre-configured configuration file of the micro-security architecture.
  • the creation of the micro-security architecture described in this application includes the creation of the micro-security architecture and the security application services included in the micro-security architecture.
  • the processor can also execute the Bootloader in the BL31 stage, so that the Bootloader completes the initialization of the basic operating system. After the basic operating system is initialized, the processor can run the basic operating system.
  • the processor can also be other types of processors (such as Inter X86 processors).
  • processors such as Inter X86 processors.
  • this application proposes a micro-security architecture, which can be deployed in a secure operating system carried by a processor, and can include at least one secure application service.
  • the micro security architecture can isolate the security application service from the security operating system of each processor, facilitating the upgrade, maintenance and transplantation of the security application service.
  • micro-security architecture has strong compatibility and can be compatible with security operating systems that support multiple processors of different specifications. Developers only need to develop a micro-security architecture to implement the simultaneous deployment of secure application services in secure operating systems of multiple processors, which greatly facilitates the deployment of secure application services.
  • this application also provides a method for security task processing based on a micro security architecture.
  • the processor may switch the operating system running by the processor to the safety operating system in response to the monitored safety task processing request.
  • the micro-security architecture In the system environment of the secure operating system, run the micro-security architecture, and among the multiple security application services included in the micro-security architecture, determine the target security application service that matches the security task processing request, and call all security application services.
  • the target safety application service is used to complete the safety task corresponding to the safety task processing request.
  • this application also provides a method for creating a micro-security architecture. In the initial process of a secure operating system, the creation of the micro-security architecture is completed.
  • the present application also provides a safety task processing device corresponding to the above-mentioned safety task processing method.
  • Fig. 4 is a block diagram of a security task processing apparatus according to an exemplary embodiment of the present application.
  • the device is applied to a processor in an electronic device, and the processor is equipped with a secure operating system; wherein, the secure operating system includes a micro-security architecture, and the micro-security architecture includes at least one secure application service; the device includes The unit is shown below.
  • the switching unit 401 is configured to switch the operating system running on the processor to a secure operating system in response to the monitored security task processing request;
  • the determining unit 402 is configured to run the micro security architecture in the system environment of the security operating system, and determine the target security that matches the security task processing request among multiple security application services included in the micro security architecture Application service
  • the calling unit 403 is used to call the target security application service to complete the security task corresponding to the security task processing request.
  • the micro security architecture is a general micro security architecture compatible with security operating systems that support multiple processors of different specifications.
  • the device further includes:
  • the creation unit is used to create a micro-security architecture based on the configuration file of the pre-configured micro-security architecture during the initialization phase of the security operating system.
  • the device further includes:
  • the detection unit is configured to determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture;
  • the determining unit 402 is configured to, if yes, run the micro security architecture, and determine a target security application service matching the security task processing request among multiple security application services included in the micro security architecture.
  • the micro security architecture includes Super TA.
  • this application also provides an electronic device, which includes: a processor;
  • a memory for storing executable instructions of the processor; wherein the processor executes by running the executable instructions in response to the monitored security task processing request, and switches the operating system running by the processor to a security operating system;
  • the micro security architecture is a general micro security architecture compatible with security operating systems that support multiple processors of different specifications.
  • the processor creates a micro-security architecture based on a pre-configured configuration file of the micro-security architecture in the initialization phase of the security operating system by running the executable instructions.
  • the processor runs the micro-security architecture by running the executable instruction, and determines the one that matches the security task processing request among multiple security application services included in the micro-security architecture.
  • execute Before the target security application service, execute to determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture; if so, execute the operation of the micro security architecture, and Among the multiple security application services included in the micro security architecture, a step of determining a target security application service matching the security task processing request.
  • the micro security architecture includes Super TA.
  • the present application also provides a machine-readable storage medium on which computer instructions are stored.
  • the operating system that the processor runs is switched to in response to the monitored security task processing request.
  • the micro security architecture is a general micro security architecture compatible with security operating systems that support multiple processors of different specifications.
  • the instruction when executed by the processor, it is implemented in the initialization phase of the security operating system, and a micro security architecture is created based on a pre-configured configuration file of the micro security architecture.
  • the instruction when executed by the processor, it is implemented to determine whether the target security application service requested by the security task processing request is a security application service included in the micro security architecture; if so, execute and run the micro security architecture , And among the multiple security application services included in the micro security architecture, a target security application service that matches the security task processing request is determined.
  • the micro security architecture includes Super TA.
  • a typical implementation device is a computer.
  • the specific form of the computer can be a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email receiving and sending device, and a game control A console, a tablet computer, a wearable device, or a combination of any of these devices.
  • the computer includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission media, can be used to store information that can be accessed by computing devices.
  • computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used to describe various information in one or more embodiments of this specification, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as second information, and similarly, the second information may also be referred to as first information.
  • word “if” as used herein can be interpreted as "when” or “when” or "in response to determination”.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

La présente description concerne un procédé et un appareil de traitement de tâche de sécurité, un dispositif électronique et un support de stockage. Le procédé est appliqué dans un processeur dans un dispositif électronique, et un système d'exploitation de sécurité est installé dans le processeur. Le système d'exploitation de sécurité comprend une micro-architecture de sécurité, et la micro-architecture de sécurité comprend au moins un service d'application de sécurité. Le procédé consiste : à passer du système d'exploitation exécuté sur le processeur au système d'exploitation de sécurité en réponse à une demande de traitement de tâche de sécurité détectée ; à exécuter la micro-architecture de sécurité dans l'environnement de système du système d'exploitation de sécurité, et à déterminer, parmi de multiples services d'application de sécurité compris dans la micro-architecture de sécurité, un service d'application de sécurité cible correspondant à la demande de traitement de tâche de sécurité ; et à appeler le service d'application de sécurité cible afin d'accomplir une tâche de sécurité correspondant à la demande de traitement de tâche de sécurité.
PCT/CN2020/113477 2019-12-03 2020-09-04 Procédé et appareil de traitement de tâche de sécurité, dispositif électronique et support de stockage WO2021109655A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911220041.0 2019-12-03
CN201911220041.0A CN111125711B (zh) 2019-12-03 2019-12-03 安全任务处理方法、装置、电子设备及存储介质

Publications (1)

Publication Number Publication Date
WO2021109655A1 true WO2021109655A1 (fr) 2021-06-10

Family

ID=70497200

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/113477 WO2021109655A1 (fr) 2019-12-03 2020-09-04 Procédé et appareil de traitement de tâche de sécurité, dispositif électronique et support de stockage

Country Status (3)

Country Link
CN (1) CN111125711B (fr)
TW (1) TWI716320B (fr)
WO (1) WO2021109655A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111125711B (zh) * 2019-12-03 2021-05-07 支付宝(杭州)信息技术有限公司 安全任务处理方法、装置、电子设备及存储介质

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118558A1 (en) * 2005-11-21 2007-05-24 Research In Motion Limited System and method for application program operation on a wireless device
US20140298026A1 (en) * 2013-03-26 2014-10-02 Kabushiki Kaisha Toshiba Information processing device and computer program product
CN104143065A (zh) * 2014-08-28 2014-11-12 北京握奇智能科技有限公司 安全智能终端设备、及信息处理方法
CN104216761A (zh) * 2013-06-04 2014-12-17 中国银联股份有限公司 一种在能够运行两种操作系统的装置中使用共享设备的方法
CN104252388A (zh) * 2013-06-27 2014-12-31 中国银联股份有限公司 移动设备中的非可信环境与可信环境之间的切换
CN109886662A (zh) * 2019-02-18 2019-06-14 北京正合链通科技有限公司 区块链钱包应用方法及系统、终端和计算机可读存储介质
CN111125711A (zh) * 2019-12-03 2020-05-08 支付宝(杭州)信息技术有限公司 安全任务处理方法、装置、电子设备及存储介质

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101226577A (zh) * 2008-01-28 2008-07-23 南京大学 基于可信硬件与虚拟机的微内核操作系统完整性保护方法
US8806620B2 (en) * 2009-12-26 2014-08-12 Intel Corporation Method and device for managing security events
CN103714459A (zh) * 2013-12-26 2014-04-09 电子科技大学 一种智能终端安全支付系统及方法
CN104102876A (zh) * 2014-07-17 2014-10-15 北京握奇智能科技有限公司 保障客户端运行安全的装置
EP3210153A4 (fr) * 2014-10-25 2018-05-30 McAfee, Inc. Procédés et appareil de sécurité de plateforme informatique
GB2539436B (en) * 2015-06-16 2019-02-06 Advanced Risc Mach Ltd Secure initialisation
US10320786B2 (en) * 2015-09-14 2019-06-11 Samsung Electronics Co., Ltd. Electronic apparatus and method for controlling the same
CN105405186B (zh) * 2015-10-30 2017-08-11 罗周 一种安防管理方法及装置
CN106330575A (zh) * 2016-11-08 2017-01-11 上海有云信息技术有限公司 一种安全服务平台及安全服务部署方法
CN107392055A (zh) * 2017-07-20 2017-11-24 深圳市金立通信设备有限公司 一种双系统安全芯片控制方法、终端、计算机可读存储介质及基于安全芯片的双系统架构

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118558A1 (en) * 2005-11-21 2007-05-24 Research In Motion Limited System and method for application program operation on a wireless device
US20140298026A1 (en) * 2013-03-26 2014-10-02 Kabushiki Kaisha Toshiba Information processing device and computer program product
CN104216761A (zh) * 2013-06-04 2014-12-17 中国银联股份有限公司 一种在能够运行两种操作系统的装置中使用共享设备的方法
CN104252388A (zh) * 2013-06-27 2014-12-31 中国银联股份有限公司 移动设备中的非可信环境与可信环境之间的切换
CN104143065A (zh) * 2014-08-28 2014-11-12 北京握奇智能科技有限公司 安全智能终端设备、及信息处理方法
CN109886662A (zh) * 2019-02-18 2019-06-14 北京正合链通科技有限公司 区块链钱包应用方法及系统、终端和计算机可读存储介质
CN111125711A (zh) * 2019-12-03 2020-05-08 支付宝(杭州)信息技术有限公司 安全任务处理方法、装置、电子设备及存储介质

Also Published As

Publication number Publication date
TW202123663A (zh) 2021-06-16
CN111125711B (zh) 2021-05-07
TWI716320B (zh) 2021-01-11
CN111125711A (zh) 2020-05-08

Similar Documents

Publication Publication Date Title
US11003780B2 (en) Method and apparatus for validating BIOS firmware using a baseboard management controller
US11385903B2 (en) Firmware update patch
CN105308612B (zh) 用于安全代码启动的动态加载测量环境
US10417427B2 (en) Method for authenticating firmware volume and system therefor
US20200250300A1 (en) Systems and methods of protecting data from injected malware
JP6319609B2 (ja) 信頼できるカーネル起動方法および装置
US9992024B2 (en) Establishing a chain of trust within a virtual machine
US9507604B2 (en) Boot method and boot system
US10146657B2 (en) Initialization trace of a computing device
US9325506B2 (en) Cryptographically enforcing strict separation of environments
EP3120238B1 (fr) Isolation d'accès pour dispositifs à systèmes d'exploitation multiples
US20090064274A1 (en) Dual non-volatile memories for a trusted hypervisor
US9697035B2 (en) Selecting a virtual basic input output system based on information about a software stack
US9734311B1 (en) Secure authentication of firmware configuration updates
US11379588B2 (en) System validation by hardware root of trust (HRoT) device and system management mode (SMM)
US20210344719A1 (en) Secure invocation of network security entities
US20170300692A1 (en) Hardware Hardened Advanced Threat Protection
WO2021109655A1 (fr) Procédé et appareil de traitement de tâche de sécurité, dispositif électronique et support de stockage
US10366016B2 (en) Access to persistent memory regions of computing devices
CN112784276B (zh) 可信度量的实现方法及装置
US12136092B1 (en) Secure management of execution of an application
US11989304B2 (en) Secure multi-BIOS-image system
US11960372B2 (en) Verified callback chain for bios security in an information handling system
US11809550B2 (en) Electronic device and control method therefor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20895985

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20895985

Country of ref document: EP

Kind code of ref document: A1