CN101859373A - Method for safely accessing mobile credible terminal - Google Patents
Method for safely accessing mobile credible terminal Download PDFInfo
- Publication number
- CN101859373A CN101859373A CN201010159273A CN201010159273A CN101859373A CN 101859373 A CN101859373 A CN 101859373A CN 201010159273 A CN201010159273 A CN 201010159273A CN 201010159273 A CN201010159273 A CN 201010159273A CN 101859373 A CN101859373 A CN 101859373A
- Authority
- CN
- China
- Prior art keywords
- terminal
- safe
- operating system
- safety
- started
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for safely accessing a mobile credible terminal, which comprises the following steps that: a user starts the mobile terminal by means of password or fingerprint authentication and the like; the terminal loads an operating system and verifies that the operating system is changed or not so as to ensure safe start; a process monitoring module cured in a read only memory (ROM) is started and loaded to monitor other process and module loading, the safety of a TF memory card is checked, and whether to continuously start or stop starting the terminal is determined; after the terminal is started and before the terminal establishes safe connection with a server, a terminal health examination module is started to check hardware information of the terminal, safely scan the terminal, and submit the extracted information and safe scanning result to the server for further analysis; the terminal checks a digital certificate in the safe TF memory card and determines that the certificate is in a safe state; and safe connection between the terminal and the server is started. The method can ensure that the terminal can credibly communicate with the server.
Description
Technical field
The present invention relates to the credible access technology of portable terminal, comprise to terminal the exploitation of the trusted technology from hardware layer to the application software layer, and at portable terminal from starting to access service end process safe control technology.
Background technology
Traditional trusted terminal cut-in method only accesses terminal by the checking of identity identifying methods such as certificate, as the patent No. 200810046854 disclosed " terminal inserts the method and the connecting system of trusted PDA " technology, by authentication certificate and platform state recognition terminal, this mode can improve the security that terminal inserts to a certain extent, but from the bottom hardware to the upper layer application, do not provide omnibearing end of scan information and state, to reach safety, the access of believable terminal to terminal.
Summary of the invention
Fundamental purpose of the present invention is, when portable terminal connects with serve end program from starting to, authentication identification, the health status assessment of terminal by carry out terminal based on control devices such as hardware identifier information, operating system version, process status information, decision making package arbitration terminal inserts, and guarantees that legal, believable terminal and service end communicate.
Technical scheme
The step of the trusted terminal safety access method that this programme is described is as follows:
(1) terminal device safety certification
When mobile terminal-opening, the embedded fingerprint recognition of portable terminal guarantees that than the identification of reciprocity authentication module to the portable terminal end user it is the validated user of portable terminal.User's relevant information is at first gathered by system, with the data of database comparison of terminal body, if legal user just allows start or carries out some operation.
Portable terminal can face the invasion and the influence of various viruses and other unsafe factors in application process.In the middle of mobile terminal software, when each system start-up or accesses network, regularly or the integrity analysis that passes through code check and data of randomness, if finding operating system code or sensitive information (configuration of grid access point, application software configuration information, application data information etc.) is modified, to remedying of significant data, from system backup zone restoring operation system code, covering is by the operating system of virus infections or modification, guarantee behind operating system generation virus damage, to make system recovery revert to the state of virus-free threat.
By being provided with in the middle of portable terminal that antitheft tracking and significant data are hidden and destroying certainly, the automatic upload function of data cooperates daemon software, can effectively stop leaking of after portable terminal is lost important information.
For the storage of significant datas such as privacy of user data and Operational Visit, adopt safe TF card that data are encrypted, the subregion storage is provided with access rights.According to rights of using, the user also can download personal information easily and backup on computer or other equipment.
(2) process Loading Control
Portable terminal guarantees that the lander is PDA user after the safety certification of having passed through equipment, and terminal loads the process control module of a running background not by behind the virus infections.When a process will load, whether the background process control module was credible by the integrality determinating processes that calculates this process code, if calculated value in desired range of values, illustrates then that process is credible, otherwise refusal loads.This process can be controlled at and start legal process on the portable terminal, organizes operations such as illegal process, code.
The process control module is cured among the startup ROM of portable terminal, and assurance can not be changed, and reliably loads simultaneously.Process control module and TF card mutual authentication, authentication finish to confirm safety, and program just can be opened the TF card and use, and terminal can begin the Connection Service end.
(3) terminal health examination
Setting up before safety is connected with service end, the security sweep module starts, and extraction client scan information with the service end interprogram communication time, is handled the scanning information of client as a message exchange of client and service end negotiations process.Can serve end program scans client-side information, and determine this client insert according to policy library, if client is allowed to be connected to service end, then client is deposited into the local file that forms, reference when initiating for next connection with this swap data.
(4) terminal TF card safety
Terminal TF card safety all plays a role when communicating by letter in starting terminal and data storage, the start-up control program that is solidificated in during startup among the terminal ROM detects at first whether safe TF card is housed, detect the two-way authentication that begins to carry out terminal and card behind the safe TF card, by then entering normal start-up routine; If do not detect or authenticate and do not pass through, then the halt system start-up course.
Provide secure memory space on the safe TF card, the All Files that is deposited into the TF card memory area is all encrypted storage, and the computing of safe TF card encryption is to user transparent.Be used to store individual digital letter of identity and signature private key, cryptographic service such as digital signature, signature verification and data encrypting and deciphering are provided for portable terminal, the cooperation security client is finished the encryption and decryption functions in the information transmission.
Deciphering chip built in hardware SM1 algorithm on the terminal TF (the standard symmetry algorithm of the close office authentication of state, down with) and key management mechanism are for portable terminal provides data encrypting and deciphering service based on the SM1 algorithm., encryption and decryption is connected and during exchanges data, the computing of calling deciphering chip is to guarantee data encryption when terminal and service end are carried out.
Beneficial effect
By accessing terminal from the control of aspects such as hardware layer, network layer, service layer to moving, terminal reaches a kind of trusted status in each side such as process control, file storage, device authentication, healthy scanning, rights of using, and the assurance portable terminal can be communicated by letter with service end credibly.
Description of drawings
Fig. 1 is the internal module figure of trusted terminal;
Fig. 2 is that the clean boot of trusted terminal loads process flow diagram.
Embodiment
The startup flow process and the access service end flow process of mobile trusted terminal are described in conjunction with Fig. 1 and Fig. 2 here:
The user starts portable terminal by means such as password or finger print identifyings.
Whether terminal loads operating system and verification operation system image were modified, and guaranteed clean boot.
Be solidificated in process monitoring module among the ROM and start and load to monitor other process and module loading, check the security of TF then, decision continues to start and still stops to start.
Behind the starting terminal, prepare and service end is set up before safety is connected, start the terminal health examination module, check the hardware information of terminal, and do security sweep that preparation submits to service end to be further analyzed to the information and the security sweep result that extract.
Terminal is checked the digital certificate in safety TF storage card, determines that certificate status is normal.
The safe connection procedure of startup and service end.
Claims (3)
1. a method for safely accessing mobile credible terminal is characterized in that, may further comprise the steps:
The user starts portable terminal by means such as password or finger print identifyings;
Whether terminal loads operating system and verification operation system were modified, and guaranteed clean boot;
Be solidificated in process monitoring module among the ROM and start and load to monitor other process and module loading, check the security of TF storage card then, decision continues to start and still stops to start;
Behind the starting terminal, prepare and service end is set up before safety is connected, start the terminal health examination module, check the hardware information of terminal, and do security sweep that preparation submits to service end to be further analyzed to the information and the security sweep result that extract;
Terminal is checked the digital certificate in safety TF storage card, determines that certificate status is normal;
The safety that starts terminal and service end is connected.
2. a kind of method for safely accessing mobile credible terminal according to claim 1 is characterized in that, terminal from system backup zone restoring operation system code, covers the operating system that is modified if finding operating system code or sensitive information is modified.
3. a kind of method for safely accessing mobile credible terminal according to claim 1 is characterized in that, whether the process monitoring module is to come determinating processes believable by the integrality of calculating this process code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010159273A CN101859373A (en) | 2010-04-28 | 2010-04-28 | Method for safely accessing mobile credible terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010159273A CN101859373A (en) | 2010-04-28 | 2010-04-28 | Method for safely accessing mobile credible terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101859373A true CN101859373A (en) | 2010-10-13 |
Family
ID=42945271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010159273A Pending CN101859373A (en) | 2010-04-28 | 2010-04-28 | Method for safely accessing mobile credible terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101859373A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN104462898A (en) * | 2014-11-27 | 2015-03-25 | 中国华戎控股有限公司 | Object file protecting method and device based on Android system |
| CN104573491A (en) * | 2014-09-10 | 2015-04-29 | 中电科技(北京)有限公司 | UEFI (Unified Extensible Firmware Interface)-based terminal management system and UEFI-based terminal management method |
| CN105391728A (en) * | 2015-11-26 | 2016-03-09 | 国网北京市电力公司 | Power information transmission method and apparatus |
| CN105956499A (en) * | 2016-05-05 | 2016-09-21 | 捷开通讯(深圳)有限公司 | Method for finding mobile equipment based on security chip and mobile equipment |
| CN106781094A (en) * | 2016-12-29 | 2017-05-31 | 北京安天网络安全技术有限公司 | A kind of ATM system resource exception warning system and method |
| WO2019072060A1 (en) * | 2017-10-11 | 2019-04-18 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Certificate loading method and related product |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001257668A (en) * | 2000-03-14 | 2001-09-21 | Ntt Data Corp | Authentication system, portable terminal, certifying method and recording medium |
| CN1925494A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Web page wooden horse detecting method based on behavior characteristic |
| CN1933392A (en) * | 2006-08-16 | 2007-03-21 | 华为技术有限公司 | System for raising local side terminal constitutional safety and performance and method thereof |
| CN101241528A (en) * | 2008-01-31 | 2008-08-13 | 武汉大学 | Terminal access trusted PDA method and access system |
| CN101256608A (en) * | 2008-03-25 | 2008-09-03 | 北京飞天诚信科技有限公司 | Safe operation method and system |
| US20090217353A1 (en) * | 2008-02-26 | 2009-08-27 | Zheng Xiongkai | Method, system and device for network access control supporting quarantine mode |
| CN101527909A (en) * | 2009-04-08 | 2009-09-09 | 中兴通讯股份有限公司 | Method for realizing access authentication, device thereof and mobile terminal |
-
2010
- 2010-04-28 CN CN201010159273A patent/CN101859373A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2001257668A (en) * | 2000-03-14 | 2001-09-21 | Ntt Data Corp | Authentication system, portable terminal, certifying method and recording medium |
| CN1933392A (en) * | 2006-08-16 | 2007-03-21 | 华为技术有限公司 | System for raising local side terminal constitutional safety and performance and method thereof |
| CN1925494A (en) * | 2006-09-28 | 2007-03-07 | 北京理工大学 | Web page wooden horse detecting method based on behavior characteristic |
| CN101241528A (en) * | 2008-01-31 | 2008-08-13 | 武汉大学 | Terminal access trusted PDA method and access system |
| US20090217353A1 (en) * | 2008-02-26 | 2009-08-27 | Zheng Xiongkai | Method, system and device for network access control supporting quarantine mode |
| CN101256608A (en) * | 2008-03-25 | 2008-09-03 | 北京飞天诚信科技有限公司 | Safe operation method and system |
| CN101527909A (en) * | 2009-04-08 | 2009-09-09 | 中兴通讯股份有限公司 | Method for realizing access authentication, device thereof and mobile terminal |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102355467B (en) * | 2011-10-18 | 2015-07-08 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN102624699B (en) * | 2012-01-19 | 2015-07-08 | 歌尔声学股份有限公司 | Method and system for protecting data |
| CN104573491B (en) * | 2014-09-10 | 2017-08-01 | 中电科技(北京)有限公司 | A kind of terminal management system and method based on UEFI |
| CN104573491A (en) * | 2014-09-10 | 2015-04-29 | 中电科技(北京)有限公司 | UEFI (Unified Extensible Firmware Interface)-based terminal management system and UEFI-based terminal management method |
| CN104462898A (en) * | 2014-11-27 | 2015-03-25 | 中国华戎控股有限公司 | Object file protecting method and device based on Android system |
| CN104462898B (en) * | 2014-11-27 | 2018-01-16 | 中国华戎控股有限公司 | File destination guard method and device based on android system |
| CN105391728A (en) * | 2015-11-26 | 2016-03-09 | 国网北京市电力公司 | Power information transmission method and apparatus |
| CN105956499A (en) * | 2016-05-05 | 2016-09-21 | 捷开通讯(深圳)有限公司 | Method for finding mobile equipment based on security chip and mobile equipment |
| CN105956499B (en) * | 2016-05-05 | 2019-09-20 | 捷开通讯(深圳)有限公司 | A kind of mobile device method for retrieving and mobile device based on safety chip |
| CN106781094A (en) * | 2016-12-29 | 2017-05-31 | 北京安天网络安全技术有限公司 | A kind of ATM system resource exception warning system and method |
| WO2019072060A1 (en) * | 2017-10-11 | 2019-04-18 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Certificate loading method and related product |
| US10419599B2 (en) | 2017-10-11 | 2019-09-17 | Guangdong Oppo Mobile Telecommunications Corp. | Certificate loading method and related product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102193644B1 (en) | Facility verification method and device | |
| CN112182519B (en) | Computer storage system security access method and access system | |
| CN107438849B (en) | System and method for verifying integrity of electronic device | |
| CN101859373A (en) | Method for safely accessing mobile credible terminal | |
| US9286455B2 (en) | Real identity authentication | |
| CN107463838B (en) | Method for safety monitoring, device, system and storage medium based on SGX | |
| US20130268444A1 (en) | Three-factor user authentication method for generating otp using iris information and secure mutual authentication system using otp authentication module of wireless communication terminal | |
| US20150012748A1 (en) | Method And System For Protecting Data | |
| US20070143629A1 (en) | Method to verify the integrity of components on a trusted platform using integrity database services | |
| CN105243314B (en) | A kind of security system and its application method based on USB key | |
| CN105205370A (en) | Safety protection method for mobile terminal, mobile terminal, safety system and application method | |
| CN101986325A (en) | Computer security access control system and method | |
| TW201635186A (en) | System and method for computing device with improved firmware service security using credential-derived encryption key | |
| WO2008024135A2 (en) | Method to verify the integrity of components on a trusted platform using integrity database services | |
| JP2016531508A (en) | Data secure storage | |
| CN101916348A (en) | Method and system for safely guiding operating system of user | |
| CN110740140A (en) | network information security supervision system based on cloud platform | |
| EP2192513B1 (en) | Authentication using stored biometric data | |
| US9411949B2 (en) | Encrypted image with matryoshka structure and mutual agreement authentication system and method using the same | |
| Stokkenes et al. | Biometric authentication protocols on smartphones: An overview | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| US8151111B2 (en) | Processing device constituting an authentication system, authentication system, and the operation method thereof | |
| CN104735085A (en) | Terminal two-factor secure login protection method | |
| WO2006093238A1 (en) | Authentication assisting device, authentication main device, integrated circuit, and authenticating method | |
| Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20101013 |