+

CN104392188B - A kind of secure data store method and system - Google Patents

A kind of secure data store method and system Download PDF

Info

Publication number
CN104392188B
CN104392188B CN201410619453.2A CN201410619453A CN104392188B CN 104392188 B CN104392188 B CN 104392188B CN 201410619453 A CN201410619453 A CN 201410619453A CN 104392188 B CN104392188 B CN 104392188B
Authority
CN
China
Prior art keywords
rpmb
untrusted
storage service
trusted
emmc
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410619453.2A
Other languages
Chinese (zh)
Other versions
CN104392188A (en
Inventor
成亮
叶建隆
张健康
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics China R&D Center
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics China R&D Center
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics China R&D Center, Samsung Electronics Co Ltd filed Critical Samsung Electronics China R&D Center
Priority to CN201410619453.2A priority Critical patent/CN104392188B/en
Publication of CN104392188A publication Critical patent/CN104392188A/en
Application granted granted Critical
Publication of CN104392188B publication Critical patent/CN104392188B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提出一种安全数据存储方法和系统,适用于支持ARM TrustZone技术的处理器,且使用支持RPMB分区的eMMC作为存储介质,其中方法包括:可信任应用程序,安全存储服务程序及其产生的安全数据对象被可信任执行环境保护;安全存储服务程序向可信任应用程序提供安全数据对象的建立和访问,并调用加解密模块对安全数据对象进行加密和解密处理;加密后的安全数据对象通过共享内存页面与非可信任执行环境中的eMMC RPMB驱动程序共享;非可信任执行环境中的eMMC RPMB驱动程序完成对eMMC RPMB分区的访问和存储。本发明能够保证安全数据对象的可靠存储。

The present invention proposes a secure data storage method and system, suitable for processors supporting ARM TrustZone technology, and using eMMC supporting RPMB partitions as a storage medium, wherein the method includes: a trusted application program, a secure storage service program and its generated The secure data object is protected by the trusted execution environment; the secure storage service program provides the trusted application with the establishment and access of the secure data object, and calls the encryption and decryption module to encrypt and decrypt the secure data object; the encrypted secure data object passes through The shared memory page is shared with the eMMC RPMB driver in the non-trusted execution environment; the eMMC RPMB driver in the non-trusted execution environment completes the access and storage of the eMMC RPMB partition. The invention can ensure reliable storage of safe data objects.

Description

一种安全数据存储方法和系统A secure data storage method and system

技术领域technical field

本发明涉及数据存储技术领域,尤其涉及一种安全数据存储方法和系统。The present invention relates to the technical field of data storage, in particular to a safe data storage method and system.

背景技术Background technique

嵌入式设备,包括手机,电视,平板电脑等,存在对敏感数据进行安全存储的需求,例如在非易失性存储介质上保存用户的账户信息,经过授权的密钥,以及各种多媒体版权信息和许可证书等等。Embedded devices, including mobile phones, TVs, tablet computers, etc., have a need for secure storage of sensitive data, such as saving user account information, authorized keys, and various multimedia copyright information on non-volatile storage media and licenses etc.

现有安全数据存储方法,一般是在非可信执行环境,如普通操作系统中进行加密处理。加解密程序和计算过程,以及明文数据和加解密密钥,均处于非可信环境中;数据存储方式一般使用操作系统提供的文件系统接口,把加密后的数据对象保存到非易失性存储介质,如嵌入式多媒体卡(eMMC,embedded Multi Media Card)或者闪存(Flash)上。The existing secure data storage methods generally perform encryption processing in a non-trusted execution environment, such as a common operating system. Encryption and decryption programs and calculation processes, as well as plaintext data and encryption and decryption keys, are all in an untrusted environment; data storage methods generally use the file system interface provided by the operating system to save encrypted data objects to non-volatile storage media, such as an embedded multimedia card (eMMC, embedded Multi Media Card) or a flash memory (Flash).

图1是现有安全数据存储系统的简要框图,主要包括四个功能实体:应用程序,加解密模块,普通操作系统,Flash存储介质。通常的流程是:应用程序调用加解密模块对安全数据对象进行加密处理,调用普通操作系统文件系统接口,把加密后的数据对象存储到eMMC分区上;当应用程序需要访问数据对象时,调用操作系统文件系统接口,从eMMC分区上重新读取数据对象,并调用加解密模块进行解密处理。在非易失性存储介质上,数据对象以加密的形态被保存,因此保证了基本的数据安全。Figure 1 is a brief block diagram of an existing secure data storage system, which mainly includes four functional entities: application program, encryption and decryption module, common operating system, and Flash storage medium. The usual process is: the application program calls the encryption and decryption module to encrypt the secure data object, calls the common operating system file system interface, and stores the encrypted data object on the eMMC partition; when the application program needs to access the data object, call the operation The system file system interface reads the data object from the eMMC partition and calls the encryption and decryption module for decryption. On the non-volatile storage medium, data objects are stored in an encrypted form, thus ensuring basic data security.

现有技术中对安全数据的存储方法,一般是通过普通文件系统接口保存到非易失性存储介质上,如eMMC或者Flash中。但是存储在Flash分区中的数据内容有可能会被黑客篡改,甚至是按物理块进行强制擦除。作为改进,eMMC规范提供针对回放保护存储块(RPMB,Replay Protect Memory Block)分区的授权写保护机制,使用预置密钥对数据对象按RPMB数据包格式进行哈希计算获得其消息认证码(MAC),eMMC卡进行重算和比对,以抵御非法写入。但是RPMB驱动程序需要先获取预置密钥,并存放在普通内存页面中,因此同样存在被截取的风险,而一旦预置密钥被泄露,那么就可以通过使用替换数据重新产生MAC,来骗过读取操作对MAC的检查。The storage method for security data in the prior art is generally to save it on a non-volatile storage medium, such as eMMC or Flash, through a common file system interface. However, the data content stored in the Flash partition may be tampered with by hackers, or even forcibly erased by physical block. As an improvement, the eMMC specification provides an authorized write protection mechanism for the Replay Protect Memory Block (RPMB, Replay Protect Memory Block) partition, using a preset key to hash the data object in the RPMB packet format to obtain its message authentication code (MAC ), the eMMC card is recalculated and compared to resist illegal writing. However, the RPMB driver needs to obtain the preset key first and store it in a normal memory page, so there is also a risk of being intercepted. Once the preset key is leaked, it can be cheated by regenerating the MAC with the replacement data. Checking of the MAC through a read operation.

现有技术中对安全数据进行加解密的过程,一般是在非可信的普通操作系统环境中进行,其计算过程有可能会被黑客截获,加解密使用的Key,或者运算使用的明文数据,有可能会被读取和替换。现有技术中一种改进的方法是,对于支持安谋公司的ARM信任区域(TrustZone)的设备,可以把密钥和加解密过程置于可信执行环境,然后把加密后的数据通过共享内存返还给非可信执行环境。这种计算过程可以使用Global Platform组织标准化的TEE API来实现通信和可信的交互过程,但是其加密后数据的后续存储,仍然需要通过普通操作系统的文件系统接口来完成,所以仍然存在被替换或者绕过的风险。In the prior art, the process of encrypting and decrypting security data is generally carried out in an untrusted common operating system environment. The calculation process may be intercepted by hackers. The Key used for encryption and decryption, or the plaintext data used for calculation, May be read and replaced. An improved method in the prior art is that, for devices supporting the ARM Trust Zone (TrustZone) of ARM, the key and the encryption and decryption process can be placed in a trusted execution environment, and then the encrypted data can be passed through the shared memory Returned to a non-trusted execution environment. This calculation process can use the TEE API standardized by the Global Platform organization to realize communication and trusted interaction process, but the subsequent storage of encrypted data still needs to be completed through the file system interface of the common operating system, so there is still a replacement Or bypass the risk.

发明内容Contents of the invention

本发明提供了一种安全数据存储方法,能够保证安全数据对象的可靠存储。The invention provides a safe data storage method, which can ensure reliable storage of safe data objects.

本发明还提供了一种安全数据存储系统,能够保证安全数据对象的可靠存储。The invention also provides a safe data storage system, which can ensure reliable storage of safe data objects.

本发明的技术方案是这样实现的:Technical scheme of the present invention is realized like this:

一种安全数据存储方法,适用于支持ARM TrustZone技术的处理器,且使用支持RPMB分区的eMMC作为存储介质,所述方法包括:A safe data storage method, applicable to processors supporting ARM TrustZone technology, and using eMMC supporting RPMB partitions as a storage medium, said method comprising:

可信任应用程序,安全存储服务程序及其产生的安全数据对象被可信任执行环境保护;Trusted applications, secure storage service programs and their generated secure data objects are protected by the trusted execution environment;

安全存储服务程序向可信任应用程序提供安全数据对象的建立和访问,并调用加解密模块对安全数据对象进行加密和解密处理;The secure storage service program provides trusted applications with the establishment and access of secure data objects, and calls the encryption and decryption module to encrypt and decrypt secure data objects;

加密后的安全数据对象通过共享内存页面与非可信任执行环境中的eMMC RPMB驱动程序共享;The encrypted secure data object is shared with the eMMC RPMB driver in the non-trusted execution environment through the shared memory page;

非可信任执行环境中的eMMC RPMB驱动程序完成对eMMC RPMB分区的访问和存储。The eMMC RPMB driver in the non-trusted execution environment completes the access and storage of the eMMC RPMB partition.

一种安全数据存储系统,运行在支持ARM信任区域(TrustZone)技术的处理器上,并且使用回放保护存储块(RPMB)分区的嵌入式多媒体卡(eMMC)作为存储介质,所述系统包括可信任应用程序,加解密模块,安全存储服务程序,通信模块,非可信任操作系统和eMMCRPMB驱动程序;A kind of safe data storage system, runs on the processor that supports ARM Trust Zone (TrustZone) technology, and uses the embedded multimedia card (eMMC) of Playback Protection Memory Block (RPMB) partition as storage medium, and described system includes trustworthy Application program, encryption and decryption module, secure storage service program, communication module, non-trusted operating system and eMMCRPMB driver;

所述可信任应用程序运行在可信任执行环境中,经过安全环境认证的用户程序,访问安全数据对象;The trusted application program runs in the trusted execution environment, and the user program authenticated by the secure environment accesses the secure data object;

所述加解密模块运行在可信任执行环境中,采用驱动硬件引擎或者软件算法实现加解密功能;The encryption and decryption module runs in a trusted execution environment, and uses a driving hardware engine or a software algorithm to realize the encryption and decryption functions;

所述安全存储服务程序运行在可信任执行环境中,向可信任应用程序提供安全数据对象的创建、读取、修改、删除或存储的功能;The secure storage service program runs in a trusted execution environment, and provides trusted applications with functions of creating, reading, modifying, deleting or storing secure data objects;

所述eMMC RPMB驱动程序运行在非可信任执行环境中,完成对eMMC RPMB分区的读写。The eMMC RPMB driver runs in a non-trusted execution environment to complete reading and writing of the eMMC RPMB partition.

可见,本发明提出的安全数据存储方法和系统,通过ARM TrustZone可信执行环境对明文安全数据对象的产生和访问进行控制,防止被非可信程序读取或篡改;加解密过程及其使用的密钥被隔离在可信任执行环境中,不能被非可信任执行环境获取;加密后的安全数据对象通过共享内存传递给非可信执行环境中的eMMC RPMB驱动程序,由eMMC RPMB驱动程完成对eMMC RPMB分区的访问和存储,从而保证数据对象的安全。It can be seen that the secure data storage method and system proposed by the present invention control the generation and access of plaintext secure data objects through the ARM TrustZone trusted execution environment to prevent reading or tampering by untrusted programs; the encryption and decryption process and its use The key is isolated in the trusted execution environment and cannot be obtained by the untrusted execution environment; the encrypted security data object is passed to the eMMC RPMB driver in the untrusted execution environment through shared memory, and the eMMC RPMB driver completes the verification The access and storage of the eMMC RPMB partition ensures the security of data objects.

附图说明Description of drawings

图1为现有安全数据存储系统和方法框图;Fig. 1 is a block diagram of an existing secure data storage system and method;

图2为本发明实施例一安全数据存储系统框图;Fig. 2 is a block diagram of a secure data storage system according to an embodiment of the present invention;

图3为本发明实施例二中的安全数据对象存储流程图;FIG. 3 is a flow chart of secure data object storage in Embodiment 2 of the present invention;

图4为本发明实施例二中的安全数据对象读取流程图。FIG. 4 is a flow chart of reading a secure data object in Embodiment 2 of the present invention.

具体实施方式detailed description

本发明实施例公开了一种基于ARM TrustZone的安全数据存储方法和系统,适用于具有ARM TrustZone处理器和包含RPMB分区的eMMC作为存储介质的嵌入式设备,包括但不仅限于智能手机、平板电脑、智能电视、数字机顶盒、网络视频播放机等。所述系统包括可信任执行环境和非可信任执行环境。The embodiment of the present invention discloses a secure data storage method and system based on ARM TrustZone, which is suitable for embedded devices with ARM TrustZone processors and eMMCs containing RPMB partitions as storage media, including but not limited to smartphones, tablet computers, Smart TV, digital set-top box, network video player, etc. The system includes a trusted execution environment and a non-trusted execution environment.

其中,所述可信任执行环境包含通信模块,可信任应用程序,安全存储服务程序和加解密模块。可信任执行环境与非可信任执行环境共享处理器时间,其运行指令和数据被置于安全的内存空间,受到TrustZone IP的隔离保护,避免被非可信任执行环境程序恶意攻击。Wherein, the trusted execution environment includes a communication module, a trusted application program, a secure storage service program and an encryption and decryption module. The trusted execution environment shares processor time with the untrusted execution environment, and its operating instructions and data are placed in a secure memory space, which is isolated and protected by TrustZone IP to avoid malicious attacks by untrusted execution environment programs.

其中,所述非可信任执行环境包含非可信任操作系统,非可信任应用程序,eMMCRPMB驱动程序。非可信任执行环境容易受到各种攻击,包括被拥有根权限的特权用户执行非法操作,如修改指令和读取用户程序内存页面。Wherein, the non-trusted execution environment includes a non-trusted operating system, a non-trusted application program, and an eMMCRPMB driver. Untrusted execution environments are vulnerable to various attacks, including illegal operations performed by privileged users with root privileges, such as modifying instructions and reading user program memory pages.

优选的,所述通信模块运行在可信任执行环境的特权模式,接受从非可信任执行环境的请求和消息传递,并完成非可信任执行环境和可信任执行环境之间的上下文切换,同时通过对共享内存页面的映射,支持非可信任执行环境和可信任执行环境之间的数据共享。Preferably, the communication module runs in the privileged mode of the trusted execution environment, accepts requests and message transfers from the untrusted execution environment, and completes context switching between the untrusted execution environment and the trusted execution environment, and simultaneously passes Mapping of shared memory pages supports data sharing between untrusted execution environments and trusted execution environments.

更进一步的,通信模块还可以完成非可信任执行环境和可信任执行环境之间的中断转发,避免中断响应延迟对各自运行环境造成的影响。Furthermore, the communication module can also complete the interrupt forwarding between the untrusted execution environment and the trusted execution environment, so as to avoid the impact of interrupt response delay on the respective operating environments.

优选的,所述可信任应用程序,包括可执行的ELF文件和数字签名信息,可以从非可信任执行环境通过共享内存送入可信任执行环境,由可信任执行环境对其进行签名检查,验证通过后再进行加载执行。Preferably, the trusted application program, including executable ELF files and digital signature information, can be sent from the non-trusted execution environment to the trusted execution environment through the shared memory, and the trusted execution environment performs signature check on it, verifies After passing, load and execute.

优选的,所述安全存储服务程序,运行于可信任执行环境中的用户模式或者特权模式。Preferably, the secure storage service program runs in a user mode or a privileged mode in a trusted execution environment.

优选的,所述安全存储服务程序,当收到可信任应用程序的创建数据对象请求时,具体工作步骤包括:Preferably, when the secure storage service program receives a request for creating a data object from a trusted application, the specific working steps include:

1)创建明文的安全数据对象,并保存在可信任执行环境中。1) Create a plaintext security data object and save it in a trusted execution environment.

2)调用加解密模块,使用对称加密方式对安全数据对象进行加密。2) Call the encryption and decryption module to encrypt the secure data object using symmetric encryption.

3)使用软件中断方式,通知非可信任执行环境中的eMMC RPMB驱动程序,并读取当前可用的eMMC RPMB分区的块地址和写计数值。3) Use the software interrupt method to notify the eMMC RPMB driver in the non-trusted execution environment, and read the block address and write count value of the currently available eMMC RPMB partition.

4)按照RPMB数据包格式,填充数据内容,随机值和写计数值,并使用预置密钥,通过HMAC SHA256计算消息认证码(MAC)。4) According to the RPMB packet format, fill the data content, random value and write count value, and use the preset key to calculate the message authentication code (MAC) through HMAC SHA256.

5)把包含加密后的安全数据对象和MAC值的RPMB数据包填入共享内存,并使用软件中断方式,通知非可信任执行环境中的eMMC RPMB驱动程序。5) Fill the RPMB packet containing the encrypted security data object and MAC value into the shared memory, and use the software interrupt mode to notify the eMMC RPMB driver in the non-trusted execution environment.

优选的,所述安全存储服务程序,当收到可信任应用程序的修改数据对象请求时,具体工作步骤包括:Preferably, when the secure storage service program receives a request to modify a data object from a trusted application, the specific working steps include:

1)在可信任执行环境中查找该明文安全数据对象,并进行修改。1) Find the plaintext security data object in the trusted execution environment and modify it.

2)调用加解密模块,使用对称加密方式对修改后的安全数据对象进行加密。2) Call the encryption and decryption module, and use the symmetric encryption method to encrypt the modified security data object.

3)使用软件中断方式,通知非可信任执行环境中的eMMC RPMB驱动程序,并读取当前可用的eMMC RPMB分区的块地址和写计数值。3) Use the software interrupt method to notify the eMMC RPMB driver in the non-trusted execution environment, and read the block address and write count value of the currently available eMMC RPMB partition.

4)按照RPMB数据包格式,填充数据内容,随机值和写计数值,并使用预置密钥,通过HMAC SHA256计算消息认证码(MAC)。4) According to the RPMB packet format, fill the data content, random value and write count value, and use the preset key to calculate the message authentication code (MAC) through HMAC SHA256.

5)把包含加密后的安全数据对象和MAC值的RPMB数据包填入共享内存,并使用软件中断方式,通知非可信任执行环境中的eMMC RPMB驱动程序。5) Fill the RPMB packet containing the encrypted security data object and MAC value into the shared memory, and use the software interrupt mode to notify the eMMC RPMB driver in the non-trusted execution environment.

优选的,所述安全存储服务程序,当收到可信任应用程序的删除数据对象请求时,具体工作步骤包括:Preferably, when the secure storage service program receives a request to delete a data object from a trusted application, the specific working steps include:

1)在可信任执行环境中查找该明文安全数据对象,根据其标记找到其在eMMCRPMB分区中的块地址。1) Find the plaintext security data object in the trusted execution environment, and find its block address in the eMMCRPMB partition according to its mark.

2)使用软件中断方式,通知非可信任执行环境中的eMMC RPMB驱动程序,并读取该eMMC RPMB分区的写计数值。2) Use software interrupt mode to notify the eMMC RPMB driver in the non-trusted execution environment, and read the write count value of the eMMC RPMB partition.

3)按照RPMB数据包格式,填充空的数据内容,随机值和写计数值,并使用预置密钥,通过哈希运算消息认证码(Hash-based Message Authentication Code,HMAC)SHA256计算消息认证码(MAC)。3) According to the RPMB data packet format, fill in the empty data content, random value and write count value, and use the preset key to calculate the message authentication code through hash operation message authentication code (Hash-based Message Authentication Code, HMAC) SHA256 (MAC).

4)把包含空的数据和MAC值的RPMB数据包填入共享内存,并使用软件中断方式,通知非可信任执行环境中的eMMC RPMB驱动程序。4) Fill the RPMB packet containing empty data and MAC value into the shared memory, and use the software interrupt mode to notify the eMMC RPMB driver in the non-trusted execution environment.

5)删除可信任执行环境中的该明文安全数据对象。5) Delete the plaintext security data object in the trusted execution environment.

优选的,所述安全存储服务程序,当收到可信任应用程序的读取数据对象请求时,具体工作步骤包括:Preferably, when the secure storage service program receives a request for reading a data object from a trusted application, the specific working steps include:

1)在可信任执行环境中查找该明文安全数据对象,如果找到,则直接返回其数据对象内容。1) Search for the plaintext security data object in the trusted execution environment, and if found, directly return the content of the data object.

2)如果该数据对象内容为空,则使用软件中断方式,通知非可信任执行环境中的eMMC RPMB驱动程序读取eMMC RPMB分区块中的加密后的安全数据对象和eMMC RPMB分区返回的消息认证码MAC,并填入共享内存。2) If the content of the data object is empty, use the software interrupt method to notify the eMMC RPMB driver in the non-trusted execution environment to read the encrypted security data object in the eMMC RPMB partition block and the message authentication returned by the eMMC RPMB partition Code MAC, and fill in the shared memory.

3)按照RPMB数据包格式,使用预置密钥,通过HMAC SHA256重新计算消息认证码MAC,并与共享内存中的MAC比较,如果不一致,则丢弃该数据,把错误结果返回可信任应用程序。3) According to the RPMB packet format, use the preset key, recalculate the message authentication code MAC through HMAC SHA256, and compare it with the MAC in the shared memory. If they are inconsistent, discard the data and return the error result to the trusted application.

4)如果一致,则调用加解密模块,对共享内存中的安全数据对象进行对称解密。4) If consistent, call the encryption and decryption module to symmetrically decrypt the secure data object in the shared memory.

5)解密后的安全数据对象,添加到可信任执行环境中的数据对象列表,并把数据对象内容返回可信任应用程序。5) The decrypted secure data object is added to the list of data objects in the trusted execution environment, and the content of the data object is returned to the trusted application.

优选的,所述安全存储服务程序,还可以是在系统启动时,通过软件中断方式通知非可信任执行环境中的eMMC RPMB驱动程序,把RPMB分区块上的安全数据对象一次性读入,并在可信任执行环境中完成消息认证码MAC值的检查后,进行逐一进行解密,并添加到数据对象列表。Preferably, the safe storage service program can also notify the eMMC RPMB driver program in the non-trusted execution environment by software interrupt mode when the system starts, and read in the safety data object on the RPMB sub-block once, and After checking the MAC value of the message authentication code in the trusted execution environment, decrypt them one by one and add them to the data object list.

优选的,上述步骤中,在可信任执行环境中查找明文安全数据对象,可以是从缓存或者数据内存页面进行查找。Preferably, in the above steps, searching for the plaintext security data object in the trusted execution environment may be carried out from cache or data memory page.

优选的,上述步骤中的软件中断方式,可以通过对通用中断控制器GIC进行编程实现,在单核或者多核平台上,均可以通过通信模块的中断转发作用,完成非可信任执行环境操作系统对该中断的快速响应。Preferably, the software interrupt mode in the above steps can be implemented by programming the general interrupt controller GIC. On a single-core or multi-core platform, the interrupt forwarding function of the communication module can be used to complete the operation system of the non-trusted execution environment. fast response to the interrupt.

优选的,所述加解密模块,可以通过驱动加解密硬件引擎,或者使用软件算法来实现加解密功能。加解密模块运行于可信任执行环境中,同时其使用的密钥、数据缓存和内存页面,均被可信任执行环境隔离保护,非可信任执行环境无法访问。Preferably, the encryption and decryption module can realize the encryption and decryption function by driving the encryption and decryption hardware engine, or using software algorithms. The encryption and decryption module runs in a trusted execution environment, and the keys, data caches, and memory pages used by it are all isolated and protected by the trusted execution environment, and cannot be accessed by non-trusted execution environments.

优选的,所述嵌入式设备在出厂前,需要对eMMC RPMB进行SHA 256密钥编程注入;密钥注入编程为单次有效,后续不能再进行修改。Preferably, before the embedded device leaves the factory, it needs to perform SHA 256 key programming injection into the eMMC RPMB; the key injection programming is valid for a single time, and cannot be modified later.

优选的,所述eMMC RPMB驱动程序,运行在非可信任执行环境中,其工作步骤包括:Preferably, the eMMC RPMB driver runs in a non-trusted execution environment, and its working steps include:

1)当收到可信执行环境软件中断时,检查其请求类型。1) When a trusted execution environment software interrupt is received, check its request type.

2)当需要写入安全数据对象时,从共享内存页面读取包含被加密的安全数据对象和MAC值的RPMB数据包,并写入eMMC RPMB分区块地址。2) When the security data object needs to be written, the RPMB data packet containing the encrypted security data object and the MAC value is read from the shared memory page, and written into the eMMC RPMB partition block address.

3)当需要读取安全数据对象时,从eMMC PRMB分区块地址中读入包含被加密的安全数据对象和MAC值的RPMB数据包,并写入共享内存。3) When the security data object needs to be read, the RPMB packet containing the encrypted security data object and the MAC value is read from the address of the eMMC PRMB partition, and written into the shared memory.

其中,所述eMMC RPMB驱动程序自身并不管理密钥,也无法从eMMC RPMB分区中获取已注入的密钥,更不能从可信任执行环境中获得预置的相同密钥;因此,所述eMMC RPMB驱动程序无法使用替换数据来产生伪造的MAC值,这样可以避免被中间人攻击的方式欺骗eMMC或者可信任执行环境,保证了数据对象的非易失性安全存储。Wherein, the eMMC RPMB driver itself does not manage the key, nor can it obtain the injected key from the eMMC RPMB partition, nor can it obtain the same preset key from the trusted execution environment; therefore, the eMMC The RPMB driver cannot use the replacement data to generate a forged MAC value, which can avoid cheating the eMMC or trusted execution environment by man-in-the-middle attacks, and ensure the non-volatile safe storage of data objects.

优选的,所述非可信任操作系统和非可信任应用程序,运行在非可信执行环境中,受到TrustZone IP的隔离作用,不能访问任何可信任执行环境中的执行指令、数据内容或者内存页面,因此无法访问或者修改明文的安全数据对象内容或任何密钥信息;并且所有在共享内存中的安全数据对象,其内容均为被加密状态,不会暴露给非可信任执行环境中的恶意应用程序,保证了运行期间数据对象的安全隔离。Preferably, the non-trusted operating system and non-trusted application program run in a non-trusted execution environment, are subjected to the isolation effect of TrustZone IP, and cannot access execution instructions, data content or memory pages in any trusted execution environment , so it is impossible to access or modify the content of the plaintext security data object or any key information; and all the content of the security data object in the shared memory is encrypted and will not be exposed to malicious applications in untrusted execution environments The program ensures the safe isolation of data objects during operation.

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

实施例一:Embodiment one:

本实施例提供了一种基于ARM TrustZone的安全数据存储系统。所述系统使用支持ARM TrustZone的处理器,并使用支持RPMB的eMMC作为存储器,适用于如手机、平板电脑、数字电视等各种消费电子嵌入式平台。参见图2所示,所述系统软件执行环境通过ARMTrustZone技术来隔离为非可信任执行环境和可信任执行环境;其中,非可信任执行环境包括非可信任操作系统(即普通操作系统)和eMMC RPMB驱动程序;可信任执行环境包括通信模块,可信任应用程序,安全存储服务程序和加解密模块,具体包括:This embodiment provides an ARM TrustZone-based secure data storage system. The system uses a processor that supports ARM TrustZone, and uses eMMC that supports RPMB as a memory, and is applicable to various consumer electronics embedded platforms such as mobile phones, tablet computers, and digital TVs. Referring to shown in Figure 2, the system software execution environment is isolated into a non-trusted execution environment and a trusted execution environment by ARMTrustZone technology; wherein, the non-trusted execution environment includes a non-trusted operating system (i.e. a common operating system) and eMMC RPMB driver; the trusted execution environment includes a communication module, a trusted application program, a secure storage service program and an encryption and decryption module, specifically including:

本实施例中的普通操作系统负责向各种应用程序提供必要的系统接口支持,其内核可以处理各种外部设备中断和软件中断,并且根据中断类型,调用已注册的驱动程序。本实施例为Linux,也可以是Android或者其他通用操作系统。The common operating system in this embodiment is responsible for providing necessary system interface support to various application programs, and its kernel can handle various external device interrupts and software interrupts, and call registered drivers according to interrupt types. This embodiment is Linux, and may also be Android or other general-purpose operating systems.

本实施例中的eMMC RPMB驱动程序运行在普通操作系统内核空间,其功能主要包括:The eMMC RPMB driver in the present embodiment runs in common operating system kernel space, and its function mainly includes:

1)向可信任执行环境中的通信模块中注册共享内存。1) Register the shared memory with the communication module in the trusted execution environment.

2)向非可信任执行环境中的普通操作系统内核注册软件中断处理程序。2) Register the software interrupt handler with the common operating system kernel in the non-trusted execution environment.

3)在软件中断处理程序中,根据可信任执行环境的要求进行读或者写处理。3) In the software interrupt handler, read or write processing is performed according to the requirements of the trusted execution environment.

4)从eMMC RPMB分区读取当前有效的写计数值,并通知可信任执行环境中的安全存储服务程序。4) Read the currently effective write count value from the eMMC RPMB partition, and notify the secure storage service program in the trusted execution environment.

5)访问共享内存,读取或写入包含加密后的数据对象和MAC值的RPMB包数据。5) Access the shared memory, read or write the RPMB packet data containing encrypted data objects and MAC values.

6)完成对eMMC RPMB分区块数据的读写操作,执行eMMC规范中定义的RPMB的命令和应答流程,完成各种错误处理等。6) Complete the read and write operations of eMMC RPMB partition data, execute the RPMB command and response process defined in the eMMC specification, and complete various error handling, etc.

本实施例中的可信任应用程序为经过安全认证的应用程序,运行在可信任执行环境中,包括但不仅限于数字版权管理DRM服务,用户授权证书管理等功能。所述可信任应用程序在运行期间,使用安全存储服务程序的功能,用以创建、修改、删除和保存内部使用的各种安全数据对象。The trusted application program in this embodiment is a security-certified application program running in a trusted execution environment, including but not limited to digital rights management DRM services, user authorization certificate management and other functions. During operation, the trusted application uses the function of the secure storage service program to create, modify, delete and save various secure data objects used internally.

本实施例中的安全存储服务程序运行在可信任执行环境中,向可信任应用程序提供服务接口,其功能主要包括:The secure storage service program in this embodiment runs in a trusted execution environment and provides a service interface to trusted applications. Its functions mainly include:

1)管理数据对象列表,提供对指定数据对象的查找,插入,删除等功能。1) Manage the list of data objects and provide functions such as searching, inserting, and deleting specified data objects.

2)接受可信任应用程序对安全数据对象的创建请求,并加入到数据对象列表。2) Accept the creation request of the trusted application program for the secure data object, and add it to the data object list.

3)接受可信任应用程序对安全数据对象的修改请求,并更新数据对象列表。3) Accept the modification request of the trusted application program for the secure data object, and update the data object list.

4)接受可信任应用程序对安全数据对象的数据删除请求,并从数据对象列表中清除。4) Accept the data deletion request of the trusted application program for the secure data object, and clear it from the data object list.

5)调用加解密模块,对数据对象列表中的待存储数据对象进行加密处理。5) Call the encryption and decryption module to encrypt the data objects to be stored in the data object list.

6)根据从eMMC RPMB读入的写计数值,构造RPMB数据包,计算消息认证码MAC。6) According to the write count value read in from the eMMC RPMB, construct the RPMB data packet, and calculate the message authentication code MAC.

7)把包含加密后的安全数据对象和MAC值的RPMB数据包填入共享内存,通过软件中断方式,通知非可信执行环境eMMC RPMB驱动程序进行存储。7) Fill the RPMB packet containing the encrypted security data object and the MAC value into the shared memory, and notify the non-trusted execution environment eMMC RPMB driver to store it by means of software interruption.

8)从共享内存读取eMMC RPMB分区中的加密后的数据对象和MAC,按照RPMB数据包格式,从新计算并检查其MAC是否有效。8) Read the encrypted data object and MAC in the eMMC RPMB partition from the shared memory, and recalculate and check whether the MAC is valid according to the RPMB packet format.

9)对加密后的安全数据对象进行解密,并添加到数据对象列表。9) Decrypt the encrypted security data object and add it to the data object list.

本实施例中的加解密模块为片上系统的硬件加解密引擎及其驱动程序,支持如AES ECB/CTR/CBC等对称加解密功能,同时支持HMAC_SHA256计算消息认证码。实际系统也可以是软件算法模块。The encryption and decryption module in this embodiment is the hardware encryption and decryption engine of the system on chip and its driver, which supports symmetric encryption and decryption functions such as AES ECB/CTR/CBC, and supports HMAC_SHA256 to calculate the message authentication code. The actual system can also be a software algorithm module.

本实施中的通信模块,其运行环境是可信任的特权模式,其功能主要包括:The communication module in this implementation, its operating environment is a trusted privileged mode, and its functions mainly include:

1)接收非可信任执行环境的请求,解析通用寄存器传递的各种命令参数。1) Receive requests from non-trusted execution environments, and parse various command parameters passed by general-purpose registers.

2)进行非可信任执行环境共享内存页面到可信任执行环境的再映射,进行数据共享。2) Remapping the non-trusted execution environment shared memory page to the trusted execution environment to share data.

3)对可信任执行环境和非可信任执行环境中各种硬件或者软件中断进行转发,并切换到该中断对应的执行环境进行中断处理。3) Forward various hardware or software interrupts in the trusted execution environment and non-trusted execution environment, and switch to the execution environment corresponding to the interrupt for interrupt processing.

实施例二Embodiment two

本实施例提供了一种基于ARM TrustZone的安全数据存储的方法。This embodiment provides a method for secure data storage based on ARM TrustZone.

图3为本实例中安全数据对象创建和存储的流程图,所述步骤包括:Fig. 3 is the flowchart of creation and storage of security data objects in this example, and the steps include:

步骤301:在可信任执行环境中,可信任应用程序发出安全数据对象的创建,修改,删除等请求。Step 301: In the trusted execution environment, the trusted application sends a request for creating, modifying, deleting, etc. a secure data object.

步骤302:安全存储服务程序根据可信任应用程序的请求类型进行响应的处理,具体包括:Step 302: The secure storage service program performs response processing according to the request type of the trusted application program, specifically including:

对于创建请求,查找安全数据对象,如果不存在,那么创建新的安全数据对象,否则返回失败;For the creation request, find the security data object, if it does not exist, then create a new security data object, otherwise return failure;

对于修改请求,查找安全数据对象,如果存在,那么修改对应的安全数据对象,否则返回失败;For the modification request, find the security data object, if it exists, then modify the corresponding security data object, otherwise return failure;

对于删除请求,查找安全数据对象,如果存在,那么删除对应的安全数据对象,否则返回失败;For the delete request, find the security data object, if it exists, delete the corresponding security data object, otherwise return failure;

更新数据对象列表,并把结果返回可信任应用程序。Update the list of data objects and return the result to the trusted application.

步骤303:周期性地,安全存储服务程序使用AES密钥,对发生变更的安全数据对象进行对称加密,并且可根据需要选择CBC/CTR/ECB等不同块模式,完成后发送软件中断给非可信执行环境eMMC RPMB驱动程序。Step 303: Periodically, the secure storage service program uses the AES key to symmetrically encrypt the changed secure data object, and can select different block modes such as CBC/CTR/ECB as required, and sends a software interrupt to the non-secure data object after completion. Letter execution environment eMMC RPMB driver.

步骤304:软件中断被通信模块转发至非可信任执行环境中的非可信任操作系统内核中,从而调用eMMC RPMB驱动程序,读取RPMB写计数值,并填入共享内存。Step 304: The software interrupt is forwarded by the communication module to the untrusted operating system kernel in the untrusted execution environment, thereby calling the eMMC RPMB driver, reading the RPMB write count value, and filling it into the shared memory.

步骤305:安全存储服务程序按照RPMB数据包格式,对加密后的安全数据对象、随机值和写计数值,并使用预置密钥,通过HMAC SHA256计算消息认证码(MAC)。Step 305: The secure storage service program calculates a message authentication code (MAC) through HMAC SHA256 for the encrypted secure data object, random value, and write count value according to the RPMB packet format, and uses a preset key.

步骤306:安全存储服务程序按照RPMB数据包格式,把完整的数据包填入共享内存,并发送软件中断给非可信任执行环境中的eMMC RPMB驱动程序。Step 306: The secure storage service program fills the complete data packet into the shared memory according to the RPMB data packet format, and sends a software interrupt to the eMMC RPMB driver in the non-trusted execution environment.

步骤307:eMMC RPMB驱动程序从共享内存读取RPMB数据包,其中包含加密后的安全数据对象和MAC值,然后写入RPMB分区。Step 307: The eMMC RPMB driver reads the RPMB data packet from the shared memory, which contains the encrypted security data object and MAC value, and then writes it into the RPMB partition.

图4为对安全数据对象进行读取的流程图,所述步骤包括:Fig. 4 is the flow chart that reads security data object, described step comprises:

步骤401:在可信任执行环境中,可信任应用程序发出安全数据对象的读取请求。Step 401: In the trusted execution environment, the trusted application sends a read request of the secure data object.

步骤402:安全存储服务程序查找安全数据对象,如果存在,那么直接返回该安全数据对象。Step 402: The secure storage service program searches for the secure data object, and returns the secure data object directly if it exists.

步骤403:如果不存在,那么安全存储服务程序发送软件中断给非可信任执行环境中的eMMC RPMB驱动程序。Step 403: If it does not exist, then the secure storage service program sends a software interrupt to the eMMC RPMB driver in the non-trusted execution environment.

步骤404:eMMC RPMB驱动程序从eMMC RPMB分区中读入数据包,其中包含加密后的数据对象内容和消息认证码MAC,并填入共享内存。Step 404: The eMMC RPMB driver program reads the data packet from the eMMC RPMB partition, which contains the encrypted data object content and the message authentication code MAC, and fills it into the shared memory.

步骤405:安全存储服务程序对加密后的数据对象内容,使用预置的密钥重新计算消息认证码MAC,并检查是否匹配,如果不匹配,说明数据异常,把错误结果返回可信任应用程序。Step 405: The secure storage service program uses the preset key to recalculate the message authentication code MAC for the encrypted data object content, and checks whether it matches. If not, it means that the data is abnormal, and returns the error result to the trusted application.

步骤406:MAC检查匹配通过后,安全存储服务程序需要解析RPMB数据包,对其中加密的数据对象使用AES密钥进行解密处理后,更新到数据对象列表。Step 406: After the MAC check and matching pass, the secure storage service program needs to parse the RPMB data packet, decrypt the encrypted data object in it using the AES key, and update to the data object list.

步骤407:安全存储服务程序把解密后的明文安全数据对象返回可信任应用程序。Step 407: The secure storage service program returns the decrypted plaintext secure data object to the trusted application program.

RPMB数据包格式和计算消息认证码的具体流程,请参考eMMC规范中对eMMC RPMB的描述。For the RPMB packet format and the specific process of calculating the message authentication code, please refer to the description of eMMC RPMB in the eMMC specification.

与现有技术相比,本发明的有益效果是:通过利用ARM TrustZone技术对可信任和非可信任执行环境的分离,把安全数据对象的加解密计算过程隔离在可信任执行环境,并且加解密过程使用的密钥和明文数据内容被保护在可信的内存页面,避免了运行时被非可信任执行环境非法窃取的风险。同时当需要存储安全数据对象时,安全存储服务程序在可信任执行环境中使用预置密钥,计算并提供eMMC RPMB消息认证码MAC,以保证对eMMC RPMB分区的合法写入;在读取安全数据对象时,安全存储服务程序重新计算和比对eMMC RPMB的消息认证码MAC,避免数据被非法替换。Compared with the prior art, the beneficial effect of the present invention is: by using the ARM TrustZone technology to separate the trusted and non-trusted execution environments, the encryption and decryption calculation process of the secure data object is isolated in the trusted execution environment, and the encryption and decryption The key and plaintext data content used by the process are protected in trusted memory pages, avoiding the risk of being illegally stolen by an untrusted execution environment during runtime. At the same time, when the secure data object needs to be stored, the secure storage service program uses the preset key in the trusted execution environment to calculate and provide the eMMC RPMB message authentication code MAC to ensure the legal writing of the eMMC RPMB partition; When a data object is detected, the secure storage service program recalculates and compares the message authentication code MAC of the eMMC RPMB to prevent the data from being illegally replaced.

以上所述仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。本文中应用了具体个例对本发明的原理及实施方式进行了闸述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处。综上所述,本说明书内容不应理解为对本发明的限制。凡在本发明的精神和原则之内所作的任何修改、等同替换、改进等,均包含在本发明的保护范围内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the protection scope of the present invention. In this paper, specific examples have been used to describe the principle and implementation of the present invention. The description of the above embodiments is only used to help understand the method of the present invention and its core idea; meanwhile, for those of ordinary skill in the art, according to the present invention The idea of the invention will have changes in the specific implementation and scope of application. In summary, the contents of this specification should not be construed as limiting the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present invention are included in the protection scope of the present invention.

Claims (27)

1. a kind of secure data store method, it is characterised in that the place suitable for supporting ARM trust region TrustZone technologies Device is managed, and uses the embedded multi-media card eMMC for supporting replay protection memory block RPMB subregions as storage medium, the side Method includes:
The secured data objects of trusted application program, safe storage service program and its generation are protected by trusted execution environments Shield;
Safe storage service program provides the foundation and access of secured data objects to trusted application program, and calls encryption and decryption Module secured data objects is encrypted and decrypted processing;
Secured data objects after encryption appoint the eMMC RPMB in performing environment to drive journey by the shared drive page and untrusted Sequence is shared;
Untrusted appoints the eMMC RPMB drivers in performing environment to complete access and storage to eMMC RPMB subregions.
2. according to the method described in claim 1, it is characterised in that the trusted application program and safe storage service program Operationally protected by trusted execution environments, its execute instruction can not be appointed the untrusted in performing environment to appoint application by untrusted Program reads or changed.
3. according to the method described in claim 1, it is characterised in that the secured data objects are operationally performed by trusted Environmental protection is in the memory pages of security isolation, and its clear data content can not be appointed the untrusted in performing environment by untrusted Application program is appointed to read or change.
4. according to the method described in claim 1, it is characterised in that the safe storage service program is to trusted application program The mode of foundation and access for providing secured data objects is:
Trusted application program calls the interface of safe storage service program, the safe number of dynamic creation in trusted execution environments According to object, modification or deleting history secured data objects.
5. according to the method described in claim 1, it is characterised in that the safe storage service routine call encryption/decryption module pair The mode that secured data objects are encrypted is:
Safe storage service program to secure data content carry out object encapsulation, using by trusted execution environments protect it is close Key, and call encryption/decryption module to be encrypted.
6. method according to claim 5, it is characterised in that the mode of the encryption is symmetric cryptography mode.
7. method according to claim 6, it is characterised in that the key that the symmetric cryptography is used should for the trusted It is privately owned close that the key or equipment used with the unsolicited key of program, the safe storage service program inside solidifies Key.
8. according to the method described in claim 1, it is characterised in that the safe storage service program passes through software interrupt mode Untrusted is notified to appoint the eMMC RPMB drivers in performing environment to read and currently write count value.
9. according to the method described in claim 1, it is characterised in that the safe storage service program is right the safety after encryption Image data and count value is write according to RPMB packets fields forms, using preset key, and pass through Hash operation message authentication code HMAC SHA256 algorithms calculate its message authentication code MAC, and construct complete RPMB packets.
10. method according to claim 9, it is characterised in that the preset key is stored in trusted execution environments Safe storage service program inside, it is impossible to by untrusted appoint performing environment obtain.
11. method according to claim 9, it is characterised in that the safe storage service program is complete RPMB numbers Shared drive is inserted according to bag, and notifies untrusted to appoint the untrusted in performing environment to appoint operating system by software interrupt.
12. method according to claim 11, it is characterised in that the untrusted appoints the untrusted in performing environment to appoint behaviour Make after systems inspection software interrupt, call eMMC RPMB drivers, and copy the RPMB packets in shared drive, will RPMB packets write eMMC RPMB subregions.
13. method according to claim 12, it is characterised in that the eMMC RPMB drivers do not allow to know use To produce MAC preset key.
14. method according to claim 13, it is characterised in that eMMC equipment needs to complete preset key when dispatching from the factory Injection, it is described to be injected to single effectively, it can not subsequently rewrite.
15. method according to claim 4, it is characterised in that trusted application program is carried in trusted execution environments For secured data objects mark, the interface of safe storage service program is called, the secured data objects produced are accessed.
16. method according to claim 15, it is characterised in that the safe storage service program is according to secure data pair As the local data object list caching in mark retrieval trusted execution environments, and subsequent treatment is carried out according to result.
17. method according to claim 16, it is characterised in that safe storage service program is in local data object list The corresponding secured data objects of secured data objects mark are retrieved in caching, and the secured data objects are not invalid numbers According to when, return to the data content required for trusted application program.
18. method according to claim 16, it is characterised in that safe storage service program is retrieved not in local cache Corresponding secured data objects are marked to the secured data objects;Or can retrieve corresponding to secured data objects mark Secured data objects, but its state is when being invalid data, notifies untrusted is appointed non-in performing environment by traps mode Trusted operating system.
19. method according to claim 18, it is characterised in that the untrusted appoints the untrusted in performing environment to appoint behaviour Received as system after traps, call eMMC RPMB drivers, from eMMCRPMB subregions read encryption after data object with And the MAC value that eMMC RPMB subregions are returned, insert shared drive.
20. method according to claim 16, it is characterised in that safe storage service program is read from shared drive to be added Close data object, and call encryption/decryption module that processing is decrypted, the plaintext secure data object after decryption is stored in credible Appoint the memory pages in performing environment.
21. method according to claim 16, it is characterised in that safe storage service program returns to trusted application journey The plaintext secure data object that sequence needs, and trusted application program is necessary to ensure that the plaintext secure data object content will not Being exposed to untrusted appoints the untrusted in performing environment to appoint operating system or untrusted to appoint application program.
22. a kind of secure data storage system, it is characterised in that the system operation is supporting ARM trust regions TrustZone On the processor of technology, and the embedded multi-media card eMMC of replay protection memory block RPMB subregions is used to be situated between as storage Matter, the system includes trusted application program, and encryption/decryption module, safe storage service program, communication module, untrusted appoints behaviour Make system and eMMC RPMB drivers;
The trusted application program is operated in trusted execution environments, by the user program of security context certification, is accessed Secured data objects;
The encryption/decryption module is operated in trusted execution environments, is realized using driving hardware engine or software algorithm plus solution Close function;
The safe storage service program is operated in trusted execution environments, and secure data pair is provided to trusted application program The establishment of elephant, reading, modification, the function of deleting or store;
The eMMC RPMB drivers operate in untrusted and appointed in performing environment, complete the read-write to eMMC RPMB subregions.
23. system according to claim 22, it is characterised in that the communication module, completes trusted execution environments and arrives Untrusted appoints the switching of performing environment, context to preserve and recover, and handles the mapping of the shared drive page, and interrupt it is non-can Trust the forwarding between performing environment and trusted execution environments.
24. system according to claim 22, it is characterised in that the safe storage service program maintenance trusted is performed There is provided the quick-searching function to secured data objects for environment local security data object list caching.
25. system according to claim 22, it is characterised in that the safe storage service program is responsible for calling encryption and decryption Module, completes the function to the encrypted data objects decryption in shared drive, and be saved in local in trusted execution environments Secured data objects list.
26. system according to claim 22, it is characterised in that the safe storage service program is responsible for calling encryption and decryption Module, completes the function to the clear data object encryption of trusted execution environments memory pages, and insert in shared drive.
27. system according to claim 22, it is characterised in that the untrusted appoints operating system to appoint in untrusted There is provided the basic running environment that untrusted appoints application program in performing environment, the interruption that safe storage service program is produced is responded Processing.
CN201410619453.2A 2014-11-06 2014-11-06 A kind of secure data store method and system Active CN104392188B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410619453.2A CN104392188B (en) 2014-11-06 2014-11-06 A kind of secure data store method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410619453.2A CN104392188B (en) 2014-11-06 2014-11-06 A kind of secure data store method and system

Publications (2)

Publication Number Publication Date
CN104392188A CN104392188A (en) 2015-03-04
CN104392188B true CN104392188B (en) 2017-10-27

Family

ID=52610090

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410619453.2A Active CN104392188B (en) 2014-11-06 2014-11-06 A kind of secure data store method and system

Country Status (1)

Country Link
CN (1) CN104392188B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110442462A (en) * 2019-07-16 2019-11-12 阿里巴巴集团控股有限公司 Multi-thread data transmission method and device in TEE system

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106156229A (en) * 2015-04-27 2016-11-23 宇龙计算机通信科技(深圳)有限公司 The processing method of file, device and terminal in a kind of multiple operating system terminal
CN104980338A (en) * 2015-05-12 2015-10-14 上海斐讯数据通信技术有限公司 Enterprise instant messaging security application system based on mobile intelligent terminal
KR102130744B1 (en) * 2015-07-21 2020-07-06 삼성전자주식회사 Display device and Method for controlling the display device thereof
CN106411814B (en) * 2015-07-27 2019-12-06 深圳市中兴微电子技术有限公司 Method and system for policy management
CN105138930A (en) * 2015-08-12 2015-12-09 山东超越数控电子有限公司 Encryption system and encryption method based on TrustZone
CN105068891B (en) * 2015-08-14 2020-09-29 Tcl移动通信科技(宁波)有限公司 Method and terminal for repairing eMMC file
CN105138904B (en) * 2015-08-25 2018-06-15 华为技术有限公司 A kind of access control method and device
CN110457959B (en) * 2015-09-10 2023-06-20 创新先进技术有限公司 Information transmission method and device based on Trust application
CN105260663B (en) * 2015-09-15 2017-12-01 中国科学院信息工程研究所 A kind of safe storage service system and method based on TrustZone technologies
CN105447406B (en) * 2015-11-10 2018-10-19 华为技术有限公司 A kind of method and apparatus for accessing memory space
CN105468980B (en) * 2015-11-16 2018-07-03 华为技术有限公司 The method, apparatus and system of a kind of security management and control
CN110059500A (en) 2015-11-30 2019-07-26 华为技术有限公司 User interface switching method and terminal
CN106845174B (en) * 2015-12-03 2020-07-10 福州瑞芯微电子股份有限公司 Application authority management method and system under security system
CN106897584A (en) * 2015-12-21 2017-06-27 上海交通大学 Onboard system digital copyright management method and system based on architectural feature
CN106936774B (en) * 2015-12-29 2020-02-18 中国电信股份有限公司 Authentication method and system in trusted execution environment
CN109996114B (en) * 2016-01-04 2021-02-26 华为技术有限公司 Method and device for controlling video output, and control circuit
US11424931B2 (en) 2016-01-27 2022-08-23 Blackberry Limited Trusted execution environment
CN107305607B (en) * 2016-04-18 2019-12-03 大唐半导体设计有限公司 One kind preventing the independently operated method and apparatus of backstage rogue program
CN106056380A (en) * 2016-05-27 2016-10-26 深圳市雪球科技有限公司 Mobile payment risk control system and mobile payment risk control method
CN106354687B (en) * 2016-08-29 2020-01-03 珠海市魅族科技有限公司 Data transmission method and system
CN107808687B (en) 2016-09-08 2021-01-29 京东方科技集团股份有限公司 Medical data acquisition method, processing method, cluster processing system and method
CN106384042B (en) * 2016-09-13 2019-06-04 北京豆荚科技有限公司 A kind of electronic equipment and security system
EP3534583B1 (en) 2016-11-15 2021-01-06 Huawei Technologies Co., Ltd. Secure processor chip and terminal device
CN106453398B (en) * 2016-11-22 2019-07-09 北京安云世纪科技有限公司 A kind of data encryption system and method
CN107066331B (en) * 2016-12-20 2021-05-18 华为技术有限公司 A TrustZone-based resource allocation method and device
CN108268303A (en) * 2017-01-03 2018-07-10 北京润信恒达科技有限公司 A kind of operation requests method, apparatus and system
CN108429719B (en) * 2017-02-14 2020-12-01 华为技术有限公司 Key protection method and device
CN107103257B (en) * 2017-05-16 2020-06-16 陕西国博政通信息科技有限公司 Computer intrusion prevention method
CN107426192A (en) * 2017-06-29 2017-12-01 环球智达科技(北京)有限公司 Method of data synchronization for multi-process
CN109426742B (en) * 2017-08-23 2022-04-22 深圳市中兴微电子技术有限公司 A secure memory dynamic management system and method based on trusted execution environment
CN107545185A (en) * 2017-08-24 2018-01-05 上海与德科技有限公司 Android mobile terminal administration authority detection method, device, terminal and storage medium
CN109783245B (en) * 2017-11-13 2023-07-18 厦门雅迅网络股份有限公司 Data interaction method and system based on dual-system shared memory
CN108154032B (en) * 2017-11-16 2021-07-30 中国科学院软件研究所 A Root of Trust Construction Method for Computer System with Memory Integrity Guarantee
CN109905233B (en) * 2017-12-08 2022-07-29 阿里巴巴集团控股有限公司 Equipment data processing method and system
CN108255644B (en) * 2017-12-29 2021-12-31 北京元心科技有限公司 File system recovery method and device
KR102501776B1 (en) 2018-01-31 2023-02-21 에스케이하이닉스 주식회사 Storage device and operating method thereof
CN108270574B (en) * 2018-02-11 2021-02-09 浙江中控技术股份有限公司 Safe loading method and device for white list library file
KR20190099693A (en) * 2018-02-19 2019-08-28 에스케이하이닉스 주식회사 Memory system and operating method thereof
CN112005230B (en) * 2018-04-30 2024-05-03 谷歌有限责任公司 Manage security zone creation through a unified security zone interface
WO2019237304A1 (en) 2018-06-14 2019-12-19 华为技术有限公司 Key processing method and device
CN112088376B (en) * 2018-06-30 2025-04-08 华为技术有限公司 File storage method, device and storage medium
CN109063516B (en) * 2018-07-27 2020-12-04 杭州中天微系统有限公司 Data processor
CN111105777B (en) * 2018-10-25 2023-10-31 阿里巴巴集团控股有限公司 Voice data acquisition and playing method and device, key package updating method and device and storage medium
CN109558743A (en) * 2018-11-27 2019-04-02 广州供电局有限公司 Data guard method, device, computer equipment and the storage medium of mobile terminal
CN113557703B (en) * 2019-03-19 2024-05-14 华为技术有限公司 Authentication method and device of network camera
CN110266651B (en) * 2019-05-28 2021-07-13 创新先进技术有限公司 Internet of things equipment and method for same
US11003785B2 (en) 2019-07-16 2021-05-11 Advanced New Technologies Co., Ltd. Data transmission method and apparatus in tee systems
CN110399235B (en) 2019-07-16 2020-07-28 阿里巴巴集团控股有限公司 Multithreading data transmission method and device in TEE system
US10699015B1 (en) 2020-01-10 2020-06-30 Alibaba Group Holding Limited Method and apparatus for data transmission in a tee system
CN110427274B (en) * 2019-07-16 2020-07-17 阿里巴巴集团控股有限公司 Data transmission method and device in TEE system
CN110443078B (en) * 2019-07-19 2021-05-28 南京芯驰半导体科技有限公司 A Secure Storage System Based on Privilege Hierarchy
CN110704839A (en) * 2019-08-05 2020-01-17 慧镕电子系统工程股份有限公司 Data encryption protection method based on national cryptographic algorithm
CN110598384B (en) * 2019-09-16 2022-02-22 Oppo(重庆)智能科技有限公司 Information protection method, information protection device and mobile terminal
CN111143857B (en) * 2019-12-27 2022-04-22 达闼机器人有限公司 A data sharing method, robot controller and storage medium
KR20220067396A (en) * 2020-11-17 2022-05-24 에스케이하이닉스 주식회사 Storage device and operating method thereof
CN113239347B (en) * 2021-06-18 2022-06-28 上海交通大学 Starting method and device suitable for TEE security application example
CN113810382B (en) * 2021-08-24 2023-07-11 东北大学秦皇岛分校 A ciphertext loading method for defending against SGX side channel attacks
CN114792016B (en) * 2022-03-30 2025-09-19 联想(北京)有限公司 Processing method and electronic equipment
CN117492635A (en) * 2022-07-25 2024-02-02 荣耀终端有限公司 Data storage method and electronic equipment
CN116405218B (en) * 2023-03-22 2025-09-02 东风汽车集团股份有限公司 A method, device and computer system for sharing TEE resources based on a virtualized environment
CN119646814A (en) * 2024-10-31 2025-03-18 深圳市遇贤微电子计算有限公司 Secure processors and Arm CPU processors that support confidential computing

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477612A (en) * 2008-01-02 2009-07-08 Arm有限公司 Protecting the security of secure data sent from a central processor for processing by a further processing device
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Intelligent terminal safety system and safety storage method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477612A (en) * 2008-01-02 2009-07-08 Arm有限公司 Protecting the security of secure data sent from a central processor for processing by a further processing device
CN104091135A (en) * 2014-02-24 2014-10-08 电子科技大学 Intelligent terminal safety system and safety storage method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ARM TrustZone安全隔离技术研究与应用;王熙友;《中国优秀硕士学位论文全文数据库 信息科技辑》;20140115;I136-387 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110442462A (en) * 2019-07-16 2019-11-12 阿里巴巴集团控股有限公司 Multi-thread data transmission method and device in TEE system

Also Published As

Publication number Publication date
CN104392188A (en) 2015-03-04

Similar Documents

Publication Publication Date Title
CN104392188B (en) A kind of secure data store method and system
US11841806B1 (en) System, apparatus and method for integrity protecting tenant workloads in a multi-tenant computing environment
US10261919B2 (en) Selective memory encryption
US6715085B2 (en) Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function
US11775177B2 (en) Integrity tree for memory integrity checking
CN103988467B (en) Encryption system and method for ensuring software encryption technology security
CN103106372B (en) For lightweight privacy data encryption method and the system of android system
TWI514187B (en) Systems and methods for providing anti-malware protection on storage devices
US20040003273A1 (en) Sleep protection
US20100174919A1 (en) Program execution apparatus, control method, control program, and integrated circuit
US20130022201A1 (en) Encrypted memory
KR20190063264A (en) Method and Apparatus for Device Security Verification Utilizing a Virtual Trusted Computing Base
WO2022028289A1 (en) Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium
US10019603B2 (en) Secured memory system and method therefor
US12135657B2 (en) Architecture, system and methods thereof for secure computing using hardware security classifications
WO2017105704A1 (en) Bidirectional cryptographic io for data streams
CN103532712B (en) digital media file protection method, system and client
CN111523129A (en) TPM-based data leakage protection method
US12443542B2 (en) System, apparatus and method for integrity protecting tenant workloads in a multi-tenant computing environment
KR101236991B1 (en) Apparatus and method for encrypting hard disk
CN120068109A (en) Processing method and device and electronic equipment
WO2025166911A1 (en) Memory encryption and decryption method and system based on user layer, and related device
JP2023154825A (en) Distributed information processing system, and distributed information processing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载