CN108306892B - TrustZone-based request response method and system - Google Patents
TrustZone-based request response method and system Download PDFInfo
- Publication number
- CN108306892B CN108306892B CN201810172815.6A CN201810172815A CN108306892B CN 108306892 B CN108306892 B CN 108306892B CN 201810172815 A CN201810172815 A CN 201810172815A CN 108306892 B CN108306892 B CN 108306892B
- Authority
- CN
- China
- Prior art keywords
- signature
- stored
- verification
- request response
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/03—Arrangements for converting the position or the displacement of a member into a coded form
- G06F3/041—Digitisers, e.g. for touch screens or touch pads, characterised by the transducing means
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a request response method and a system based on TrustZone, which combine TrustZone technology and a signature verification method, and when receiving a first connection request sent by a requester, send a signature verification request to the requester; receiving a verification signature responded by the requester, and judging whether the verification signature is consistent with a pre-stored signature stored in a TrustZone security zone; and if so, accepting the connection request so as to establish connection with the requester. The invention is particularly suitable for network equipment such as a router or an intelligent home, judges whether a requester meets the access requirement by a signature verification method, and greatly increases the difficulty of cracking compared with single password verification; in addition, the pre-stored signature is stored in the security zone of the TrustZone by combining the technical characteristics of the TrustZone, thereby greatly improving the security of the whole system.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a request response method and system based on TrustZone.
Background
With the development of communication technology, information interaction means are increasingly diversified, and the world has come into the internet era. Network equipment such as a router or an intelligent home is widely applied to various places such as families, factories, office buildings, hospitals and schools. Meanwhile, network security is becoming a topic that people pay attention to and discuss. Whether the network is safe or not directly affects the normal operation of the network, and even causes loss of privacy, property and the like of users.
However, in the prior art, most of currently used network devices such as routers or smart homes are not capable of correctly setting a network security protection mechanism, and the security is poor, and since the network devices themselves are also used as important nodes in the network, such network devices are prone to be attacked maliciously by a network attacker. An attacker can obtain an access password of the router or the intelligent household equipment through network sniffing, exhaustive cracking or social engineering and other modes, and then log in the equipment by using the password to perform corresponding destructive behaviors.
The TrustZone technology is a system-wide security method proposed by ARM corporation, and is expanded in the entire system by being tightly integrated with a processor and by a specific bus and a specific TrustZone system IP. The method can effectively protect peripherals such as a secure memory, an encryption block, a keyboard, a display screen and the like, thereby ensuring that the peripherals are prevented from being attacked by software. Most of the existing network junction devices such as routers or smart homes are provided with ARM processors supporting the TrustZone technology, the security of the whole system is undoubtedly enhanced by fully utilizing the security advantages of the TrustZone, and more powerful protection is brought to the personal privacy and property of users.
Disclosure of Invention
Based on the above, the invention provides a request response method and system based on TrustZone, which combines the TrustZone technology and the signature verification method together to improve the security of network equipment such as a router or an intelligent home.
The request response method based on TrustZone in the embodiment of the invention is applied to network equipment such as a router or an intelligent home and the like, and comprises the following steps:
when a request response system receives a primary connection request sent by a requester, sending a signature verification request to the requester; receiving a verification signature responded by the requester, and judging whether the verification signature is consistent with a pre-stored signature stored in a TrustZone security zone of a request response system; and if so, accepting the connection request so as to establish connection with the requester.
In the above method for requesting and responding based on TrustZone, after the step of determining whether the verification signature is consistent with the pre-stored signature stored in the TrustZone secure area of the request and response system, the method further includes:
and if the verification signature is inconsistent with the pre-stored signature stored in the TrustZone security zone of the request response system, returning a verification error prompt to the requester and returning to execute the step of sending a signature verification request to the requester.
In the above method for requesting and responding based on TrustZone, after the step of determining whether the verification signature is consistent with the pre-stored signature stored in the TrustZone secure area of the request and response system, the method further includes:
and acquiring a contact address of an administrator from a registration table, and sending an abnormal connection prompt to the contact address, wherein the registration table is stored in a memory of the router or the intelligent home network equipment.
In the above TrustZone-based request response method, the step of obtaining the contact address of the administrator from the registry comprises:
step 1: acquiring the management weight of each user from the registration table, and taking the user with the highest management weight as the administrator;
step 2: and acquiring the prestored address of the user with the highest management weight from the registry as the contact address.
The request response method based on TrustZone further includes:
when the request response system receives an information input request, calling an information input program;
when the request response system enters a signature entry subprogram, acquiring and storing an interactive signature input by a user and sensed by the touch screen;
when a request response system enters an address entry subprogram, acquiring an interactive address input by the user and sensed by the touch screen, and storing the interactive address into the registry as the contact address of the user;
when the requested response system enters a weight entry subprogram, acquiring the weight proportion of the user input sensed by the touch screen, and storing the weight proportion as the management weight of the user into the registry.
The request response method based on TrustZone further includes:
when the request response system receives a factory reset request, sending a data deletion prompt to prompt a user whether to delete the pre-stored signature and the recorded data in the registry; when an instruction of not deleting the pre-stored signature and the recorded data is received, uploading the pre-stored signature and the registry backup to a server, starting a factory reset program, and when the router or the intelligent home network equipment finishes factory reset and is restarted, downloading the pre-stored signature and the registry from the server; and when an instruction for deleting the pre-stored signature and the recorded data is received, deleting the pre-stored signature and all the recorded data in the registry.
A request response system based on TrustZone is applied to network equipment such as a router or an intelligent home and is characterized by comprising the following components:
the verification sending module is used for sending a signature verification request to a requester when receiving a primary connection request sent by the requester; the signature judging module is used for receiving the verification signature responded by the requester and judging whether the verification signature is consistent with a pre-stored signature stored in the TrustZone safety zone; and the request response module is used for accepting the connection request when the verification signature is judged to be consistent with the pre-stored signature so as to establish connection with the requester.
In the above request response system based on TrustZone, the request response system further includes:
and the error prompt module is used for returning a verification error prompt to the requester when the verification signature is judged to be inconsistent with the pre-stored signature, and the verification sending module sends the signature verification request to the requester again.
Further comprising: acquiring a contact address of an administrator from a registration table, and sending an abnormal connection prompt to the contact address, wherein the registration table is stored in a memory of a network device such as a router or an intelligent home, and the step of acquiring the contact address of the administrator from the registration table comprises the following steps:
step 1: acquiring the management weight of each user from the registration table, and taking the user with the highest management weight as the administrator;
step 2: and acquiring the prestored address of the user with the highest management weight from the registry as the contact address.
In the TrustZone-based request response system, the network device such as the router or the smart home comprises a touch screen for man-machine interaction, information entry is performed through an information entry module, and when the request response system receives an information entry request, the information entry module is called;
when the request response system enters a signature entry subprogram, acquiring and storing an interactive signature input by a user and sensed by the touch screen;
when a request response system enters an address entry subprogram, acquiring an interactive address input by the user and sensed by the touch screen, and storing the interactive address into the registry as the contact address of the user;
when the request response system enters a weight entry subprogram, acquiring the weight proportion of the user input sensed by the touch screen, and storing the weight proportion into the registry as the management weight of the user, wherein the weight is the capacity for changing the configuration of the request response system.
In the above TrustZone-based request response system, the system further includes a reset module: when the request response system receives a factory reset request, a reset module is called: the data deletion reminding device is used for sending out a data deletion reminding to prompt a user whether to delete the pre-stored signature and the recorded data in the registry; when an instruction of not deleting the pre-stored signature and the recorded data is received, uploading the pre-stored signature and the registry backup to a server, starting a factory reset program, and when the router or the intelligent home network equipment finishes factory reset and is restarted, downloading the pre-stored signature and the registry from the server; and when an instruction for deleting the pre-stored signature and the recorded data is received, deleting the pre-stored signature and all the recorded data in the registry.
Therefore, the request response method and system based on TrustZone judge whether the request party meets the access requirement by the signature verification method, and compared with single password verification, the difficulty of cracking is greatly increased; in addition, the pre-stored signature is stored in the security zone of the TrustZone by combining the technical characteristics of the TrustZone, thereby greatly improving the security of the whole system.
Drawings
Fig. 1 is a flowchart of a request response method in a first embodiment of the present invention.
Fig. 2 is a flowchart of a request response method in a second embodiment of the present invention.
Fig. 3 is a flowchart illustrating an embodiment of step B5 in fig. 2.
Fig. 4 is a flowchart of interactive information entry in a second embodiment of the present invention.
Fig. 5 is a flowchart of factory setting restoration according to a second embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a request response system in a third embodiment of the present invention.
Detailed Description
To facilitate an understanding of the invention, the invention will now be described more fully with reference to the accompanying drawings. Several embodiments of the invention are presented in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
In the drawings, the main reference symbols indicate:
the following detailed description will further illustrate the invention in conjunction with the above-described figures.
Referring to fig. 1, a request response method in a first embodiment of the present invention is applied to a network device such as a router or a smart home, and includes steps a1 to A3.
Step A1: when a primary connection request sent by a requester is received, a signature verification request is sent to the requester.
It can be understood that, when a requester (e.g., a mobile phone, a tablet, etc.) finds a corresponding SSID of a router or a smart home in a wireless network list and requests to connect to the router or the smart home by inputting a password, the requester sends a connection request to a network device such as the router or the smart home, and if the requester has never been connected before or a connection relationship (e.g., the SSID access password of the router or the smart home is modified), the connection request is an initial connection request.
In addition, when the requester receives a signature verification request, a signature verification program is executed, a signature interface (such as a signature interface on a POS machine) is automatically popped up for a user to input a signature, and after the user inputs the signature, the requester sends a verification signature interactively input by the user to the router or the smart home and other network equipment.
Step A2: and receiving a verification signature responded by the requester, and judging whether the verification signature is consistent with a pre-stored signature stored in the TrustZone security zone.
It should be noted that, when the signature is input, the background of the signature is usually white, and the input signature is projected onto the background of the signature to form a signature picture in black words in white, so that the above-mentioned verification signature and pre-stored signature are both stored in the secure zone of TrustZone in the form of pictures.
The step of determining whether the verification signature is consistent with a pre-stored signature stored in a TrustZone secure area may be specifically implemented according to the following steps: firstly, according to the difference of pixel values, intercepting a verification signature and a signature stored on a pre-stored signature in a TrustZone safety zone, matching in a word stock to respectively obtain characters/numbers in the verification signature and characters/numbers in the pre-stored signature, and then judging whether the characters/numbers are the same or not.
When the verification signature is judged to be consistent with the pre-stored signature, the step A3 is executed, and when the verification signature is judged to be inconsistent with the pre-stored signature, the verification is wrong on behalf of the requester, and the router or the smart home and other network devices are not qualified to be connected at present.
Step A3: and receiving the connection request to establish connection with the requester.
In summary, in the request responding method based on TrustZone according to the above embodiment of the present invention, when receiving a connection request from a requester for the first time, the communication address of the requester is obtained from the connection request, and a signature verification is sent to the communication address to prompt the requester to input a signature, and when receiving the signature input by the requester, it is determined whether the signature is stored in the security zone of TrustZone, and the requester is granted to access the connection only when the signature is stored in the security zone of TrustZone and the signature is consistent. Therefore, the request response method and system based on TrustZone judge whether the requester meets the access requirement by the signature verification method, and compared with single password verification, the difficulty of cracking is greatly increased; in addition, the pre-stored signature is stored in the security zone of the TrustZone by combining the technical characteristics of the TrustZone, thereby greatly improving the security of the whole system.
Referring to fig. 2, a request response method based on TrustZone in a second embodiment of the present invention is applied to a router or a network device such as a smart home, where the router or the network device such as the smart home includes a touch screen for human-computer interaction, and the request response method includes steps B1 to B5.
Step B1: when a primary connection request sent by a requester is received, a signature verification request is sent to the requester.
Step B2: and receiving a verification signature responded by the requester, and judging whether the verification signature is consistent with a pre-stored signature stored in the TrustZone security zone.
Wherein, when the verification signature is determined to be consistent with the pre-stored signature, the step B3 is executed, and when the verification signature is determined not to be consistent with the pre-stored signature, the step B4 is executed.
Step B3: accepting the connection request to establish a connection with the requestor.
It should be noted that, after the network device such as the router or the smart home receives the initial connection request of the requester, the subsequent requester can automatically connect to the network device such as the router or the smart home.
Step B4: and returning a verification error prompt to the requester, and returning to execute the step of sending the signature verification to the communication address.
It can be understood that when the verification signature is judged to be inconsistent with the pre-stored signature, the signature input by the requester is incorrect, at this time, the requester is reminded of an error, and a signature interface is popped up again, so that the user can input the signature again to perform signature verification again.
Step B5: and acquiring a contact address of an administrator from a registration table, and sending an abnormal connection prompt to the contact address, wherein the registration table is stored in a memory of network equipment such as the router or the smart home.
The contact address may be at least one of a mobile phone number, a mailbox, a QQ number, a micro signal, and the like, and the addresses and the pre-stored signatures may be preset, and the specific preset steps may be executed according to the following flow steps of interactive information entry.
Referring to fig. 3, a flowchart of an embodiment of step B5 is shown, which includes steps B5.1 to B5.2.
Step B5.1: and acquiring the management weight of each user from the registration table, and taking the user with the highest management weight as the administrator.
Step B5.2: and acquiring the prestored address of the user with the highest management weight from the registry as the contact address.
Referring to fig. 4, a specific flowchart for entering interaction information into the network device such as the router or the smart home is shown, which includes steps C1 to C4.
Step C1: and when the information entry request is received, calling the information entry program.
In specific implementation, an information entry start icon can be set on network equipment such as a router or an intelligent home, the information entry start icon is displayed on the touch screen, and when a user clicks the information entry start icon through the touch screen, the network equipment such as the router or the intelligent home receives an information entry request and automatically calls and executes an information entry program.
Step C2: and when entering a signature entry subprogram, acquiring and storing the interactive signature input by the user and sensed by the touch screen.
Step C3: and when an address entry subprogram is entered, acquiring the interactive address input by the user and sensed by the touch screen, and storing the interactive address into the registry as the contact address of the user.
Step C4: and when entering a weight entry subprogram, acquiring the weight proportion of the user input sensed by the touch screen, and storing the weight proportion as the management weight of the user into the registry.
When the system needs to be pointed out, corresponding input prompts and input interfaces are given out when the system enters an information input subprogram.
Referring to fig. 5, a specific flowchart of factory settings restoration of network devices such as the router or the smart home is shown, which includes steps D1 to D4.
Step D1: and when a factory reset request is received, sending a data deletion prompt to prompt a user whether to delete the pre-stored signature and the recorded data in the registry.
Step D2: and when an instruction of not deleting the pre-stored signature and the recorded data is received, uploading the pre-stored signature and the registry backup to a server.
Step D3: and starting a factory resetting program.
Step D4: and when the network equipment such as the router or the intelligent home and the like finishes factory restoration and is restarted, downloading the pre-stored signature and the registration table from the server.
It should be noted that, in order to further improve the security of network devices such as a router or an intelligent home, in the step of determining whether the verification signature is consistent with the pre-stored signature stored in the TrustZone security zone, it may be further determined whether the characters/numbers in the verification signature are the same as the characters/numbers in the pre-stored signature in the font by using a graph comparison analysis technique.
Another aspect of the present invention further provides a TrustZone-based request response system, referring to fig. 6, which is a request response system in a third embodiment of the present invention, where the request response system is applied to a router or a network device such as an intelligent home, and the request response system includes:
the verification sending module M1 is used for sending a signature verification request to a requester when receiving a primary connection request sent by the requester;
the signature judgment module M2 is configured to receive a verification signature responded by the requester, and judge whether the verification signature is consistent with a pre-stored signature stored in a TrustZone secure area;
and the request response module M3 is used for accepting the connection request to establish connection with the requester when the verification signature is judged to be consistent with the pre-stored signature.
Further, the request response system further includes:
and the error prompt module M4 is configured to, when it is determined that the verification signature is inconsistent with the pre-stored signature, return a verification error prompt to the requestor, and the verification sending module sends the signature verification request to the requestor again.
Further, the request response system further includes:
and the abnormal prompting module M5 is configured to acquire a contact address of the administrator from a registry, and send an abnormal connection prompt to the contact address, where the registry is stored in a memory of the network device such as the router or the smart home.
Further, the exception prompting module M5 includes:
a first obtaining unit M51, configured to obtain the management weight of each user from the registry, and take the user with the highest management weight as the administrator;
the second obtaining unit M52 obtains the pre-stored address of the user with the highest management weight from the registry as the contact address.
Further, the network device such as the router or the smart home includes a touch screen for human-computer interaction, and the request response system further includes:
the program calling module M6 is used for calling the information entry program when receiving the information entry request;
the signature acquisition module M7 is used for acquiring and storing the interactive signature input by the user and sensed by the touch screen when entering the signature entry subprogram;
the address acquisition module M8 is used for acquiring the interactive address input by the user and sensed by the touch screen when entering an address entry subprogram, and storing the interactive address into the registry as the contact address of the user;
and the weight obtaining module M9 is used for obtaining the weight proportion of the user input sensed by the touch screen when entering the weight entry subprogram, and storing the weight proportion into the registry as the management weight of the user.
Further, the request response system further includes:
a deletion reminding module M10, configured to send a data deletion reminding to prompt a user whether to delete the pre-stored signature and the recorded data in the registry when a factory reset request is received;
the data uploading module M11 is used for uploading the pre-stored signature and the registry backup to a server when receiving an instruction that the pre-stored signature and the recorded data are not deleted;
a program starting module M12, configured to start a factory reset program;
and the data downloading module M13 is configured to download the pre-stored signature and the registry from the server when the network device, such as the router or the smart home, is reset after factory reset is completed.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (7)
1. A TrustZone-based request response method is characterized by comprising the following steps:
when a request response system receives a primary connection request sent by a requester, sending a signature verification request to the requester; receiving a verification signature responded by the requester, and judging whether the verification signature is consistent with a pre-stored signature stored in a TrustZone security zone of a request response system; if the connection request is consistent with the connection request, the connection request is accepted so as to establish connection with the requester;
after the step of judging whether the verification signature is consistent with the pre-stored signature stored in the TrustZone security zone of the request response system, the method further comprises the following steps:
the method comprises the following steps of obtaining a contact address of an administrator from a registration table, and sending an abnormal connection prompt to the contact address, wherein the registration table is stored in a memory of a router or intelligent home network equipment, and the step of obtaining the contact address of the administrator from the registration table comprises the following steps:
step 1: acquiring the management weight of each user from the registration table, and taking the user with the highest management weight as the administrator;
step 2: and acquiring the prestored address of the user with the highest management weight from the registry as the contact address.
2. The TrustZone-based request response method according to claim 1, further comprising after the step of determining whether the verification signature is consistent with the pre-stored signature stored in the TrustZone security zone of the request response system:
and if the verification signature is inconsistent with the pre-stored signature stored in the TrustZone security zone of the request response system, returning a verification error prompt to the requester and returning to execute the step of sending a signature verification request to the requester.
3. The TrustZone-based request response method according to claim 2, further comprising:
when the request response system receives an information input request, calling an information input program;
when the request response system enters a signature entry subprogram, acquiring and storing an interactive signature input by a user and sensed by a touch screen;
when a request response system enters an address entry subprogram, acquiring an interactive address input by the user and sensed by the touch screen, and storing the interactive address into the registry as the contact address of the user;
when the requested response system enters a weight entry subprogram, acquiring the weight proportion of the user input sensed by the touch screen, and storing the weight proportion as the management weight of the user into the registry.
4. The TrustZone-based request response method according to claim 3, further comprising:
when the request response system receives a factory reset request, sending a data deletion prompt to prompt a user whether to delete the pre-stored signature and the recorded data in the registry; when an instruction of not deleting the pre-stored signature and the recorded data is received, uploading the pre-stored signature and the registry backup to a server, starting a factory reset program, and when the router or the intelligent home network equipment finishes factory reset and is restarted, downloading the pre-stored signature and the registry from the server; and when an instruction for deleting the pre-stored signature and the recorded data is received, deleting the pre-stored signature and all the recorded data in the registry.
5. A TrustZone-based request response system is applied to a router or intelligent home network equipment and is characterized by comprising the following components:
the verification sending module is used for sending a signature verification request to a requester when receiving a primary connection request sent by the requester; the signature judging module is used for receiving the verification signature responded by the requester and judging whether the verification signature is consistent with a pre-stored signature stored in the TrustZone safety zone; the request response module is used for accepting the connection request when the verification signature is judged to be consistent with the pre-stored signature so as to establish connection with the requester;
the request response system further includes:
the error prompt module is used for returning a verification error prompt to the requester when the verification signature is judged to be inconsistent with the pre-stored signature, and the verification sending module sends the signature verification request to the requester again;
further comprising: acquiring a contact address of an administrator from a registration table, and sending an abnormal connection prompt to the contact address, wherein the registration table is stored in a memory of a network device such as a router or an intelligent home, and the step of acquiring the contact address of the administrator from the registration table comprises the following steps:
step 1: acquiring the management weight of each user from the registration table, and taking the user with the highest management weight as the administrator;
step 2: and acquiring the prestored address of the user with the highest management weight from the registry as the contact address.
6. The TrustZone-based request response system according to claim 5, wherein the router or smart home network device comprises a touch screen for human-computer interaction, and performs information entry through the information entry module, and when the request response system receives an information entry request, the information entry module is invoked;
when the request response system enters a signature entry subprogram, acquiring and storing an interactive signature input by a user and sensed by the touch screen;
when a request response system enters an address entry subprogram, acquiring an interactive address input by the user and sensed by the touch screen, and storing the interactive address into the registry as the contact address of the user;
when the request response system enters a weight entry subprogram, acquiring the weight proportion of the user input sensed by the touch screen, and storing the weight proportion into the registry as the management weight of the user, wherein the weight is the capacity for changing the configuration of the request response system.
7. The TrustZone-based request response system according to claim 6, further comprising a reset module: when the request response system receives a factory reset request, a reset module is called: the data deletion reminding device is used for sending out a data deletion reminding to prompt a user whether to delete the pre-stored signature and the recorded data in the registry; when an instruction of not deleting the pre-stored signature and the recorded data is received, uploading the pre-stored signature and the registry backup to a server, starting a factory reset program, and when the router or the intelligent home network equipment finishes factory reset and is restarted, downloading the pre-stored signature and the registry from the server; and when an instruction for deleting the pre-stored signature and the recorded data is received, deleting the pre-stored signature and all the recorded data in the registry.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810172815.6A CN108306892B (en) | 2018-03-01 | 2018-03-01 | TrustZone-based request response method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810172815.6A CN108306892B (en) | 2018-03-01 | 2018-03-01 | TrustZone-based request response method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108306892A CN108306892A (en) | 2018-07-20 |
| CN108306892B true CN108306892B (en) | 2020-12-18 |
Family
ID=62849092
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810172815.6A Active CN108306892B (en) | 2018-03-01 | 2018-03-01 | TrustZone-based request response method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108306892B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
| CN102238193A (en) * | 2011-08-09 | 2011-11-09 | 深圳市德卡科技有限公司 | Data authentication method and system using same |
| WO2017118437A1 (en) * | 2016-01-08 | 2017-07-13 | 腾讯科技(深圳)有限公司 | Service processing method, device, and system |
| CN107247899A (en) * | 2017-05-22 | 2017-10-13 | 珠海格力电器股份有限公司 | Role authority control method and device based on security engine and security chip |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9369867B2 (en) * | 2012-06-29 | 2016-06-14 | Intel Corporation | Mobile platform software update with secure authentication |
-
2018
- 2018-03-01 CN CN201810172815.6A patent/CN108306892B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1831865A (en) * | 2006-04-24 | 2006-09-13 | 北京易恒信认证科技有限公司 | Electronic bank safety authorization system and method based on CPK |
| CN102238193A (en) * | 2011-08-09 | 2011-11-09 | 深圳市德卡科技有限公司 | Data authentication method and system using same |
| WO2017118437A1 (en) * | 2016-01-08 | 2017-07-13 | 腾讯科技(深圳)有限公司 | Service processing method, device, and system |
| CN107247899A (en) * | 2017-05-22 | 2017-10-13 | 珠海格力电器股份有限公司 | Role authority control method and device based on security engine and security chip |
Non-Patent Citations (2)
| Title |
|---|
| Chen Chen;Fei Xiao.Designing and implementing Embedded Security Terminal under the Trustzone Technology of Trusted Computing.《2010 International Conference on Computer and Communication Technologies in Agriculture Engineering》.2010,第252-254页. * |
| 基于TrustZone的可信移动终端云服务安全接入方案;杨波,冯登国,秦宇,张英骏;《软件学报》;20161231;第27卷(第6期);第1366-1383页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108306892A (en) | 2018-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7770002B2 (en) | Multi-factor authentication | |
| Takada et al. | Awase-E: Image-based authentication for mobile phones using user’s favorite images | |
| JP6386069B2 (en) | Connection management method, apparatus, electronic equipment, program, and recording medium | |
| US7493487B2 (en) | Portable computing environment | |
| US9930705B2 (en) | Mobile terminal control method, apparatus and system | |
| TW200302007A (en) | System and method for preventing use of a wireless device | |
| JP2020502657A (en) | Method and device for authenticated login | |
| AU2005222507B2 (en) | Portable computing environment | |
| CN110430280B (en) | Account automatic login method and system, storage medium and cloud desktop server | |
| WO2021013056A1 (en) | Microservice-based data processing method and apparatus, and device and readable storage medium | |
| CN108985095B (en) | Non-public file access method, system, electronic equipment and storage medium | |
| WO2016112796A1 (en) | Processing method and device for pushing information | |
| US9858400B2 (en) | Information processing system, terminal, and authentication method | |
| JP6473879B1 (en) | Client server system | |
| CN111866557B (en) | Configuration method and device of large-screen display equipment, storage medium and electronic equipment | |
| CN108306892B (en) | TrustZone-based request response method and system | |
| CN107969024A (en) | The method and system that a kind of WiFi passwords are shared | |
| CN116743496A (en) | Device remote operation method, device, computer device and storage medium | |
| US20230008310A1 (en) | Communication device, non-transitory computer-readable recording medium storing computer-readable instructions for communication device, non-transitory computer-readable recording medium storing computer-readable instructions for server, and server | |
| JP6325654B2 (en) | Network service providing apparatus, network service providing method, and program | |
| US9143510B2 (en) | Secure identification of intranet network | |
| JP2002055948A (en) | Computer system, member information transmitting method, and personal information acquiring method | |
| JP6354382B2 (en) | Authentication system, authentication method, authentication apparatus, and program | |
| CN106454830B (en) | Method and system for establishing connection with program in mobile terminal | |
| KR100736830B1 (en) | System for blocking noxious information using authentication of user's internet protocol and method therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |