Trusted application processing method based on multiple containers and related equipment

Abstract

The invention discloses a multi-container-based trusted application program processing method and related equipment, which are used for simplifying the development and deployment process of trusted application programs and improving the processing efficiency of the trusted application programs and the security of an access interface of a trusted execution environment. The method comprises the steps that a terminal performs integrity verification on a signed security computing unit through a security computing container; if the signed security computing unit passes the integrity verification, the terminal performs legality verification on the signed security computing unit through the security computing container and acquires a verification result; and if the verification result is legal, the terminal loads the signed security computing unit through a trusted execution environment (TEE) or a security element (SE) and acquires a security computing result of the trusted application.

Description

technical field [0001] The present application relates to the communication field, and in particular to a multi-container-based trusted application processing method and related equipment. Background technique [0002] Currently, terminal security mainly involves five areas: identity authentication, access control, security authentication, service authorization, and service audit. In the field of security authentication, hardware devices based on the universal serial bus interface (universal serial bus key, USB Key), trusted execution environment (trusted execution environment, TEE) and secure element (secure element, SE) have begun to appear. Among them, the trusted execution environment TEE can solve various security demands of upstream and downstream participants such as consumers, merchants, mobile operators, third-party payment, and financial institutions in the mobile payment scenario, and is currently the most promising solution. one of the technologies. At present,...

AI Technical Summary

Problems solved by technology

[0004] Due to some limitations in the current TEE application architecture, there are many differences in the implementation of trusted application management platforms by TEEs of different terminal manufacturers, which makes the development and deployment process of trusted applications more complicated. Since the core framework of TEE technology lies in REE and TEE isolation, because the REE side is vulnerable to external attacks, high-level data processing can only be implemented on the TEE side

Because TEE needs to ensure that TEE is truly credible through proprietary measures such as digitally signing TA's secure computing unit, TA developers must contact various TEE issuers (usually terminal manufacturers) for cooperative development. This upstream and downstream (TA development) The coupling relationship between the author and the TEE issuer) will lead to low processing efficiency of the trusted application TA

Images