CN111666560A - 一种基于可信执行环境的密码管理方法和*** - Google Patents
一种基于可信执行环境的密码管理方法和*** Download PDFInfo
- Publication number
- CN111666560A CN111666560A CN202010465293.6A CN202010465293A CN111666560A CN 111666560 A CN111666560 A CN 111666560A CN 202010465293 A CN202010465293 A CN 202010465293A CN 111666560 A CN111666560 A CN 111666560A
- Authority
- CN
- China
- Prior art keywords
- execution environment
- password
- trusted execution
- application
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 52
- 238000000034 method Methods 0.000 claims abstract description 12
- 230000001360 synchronised effect Effects 0.000 claims abstract description 4
- 238000013475 authorization Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/42—User authentication using separate channels for security data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2139—Recurrent verification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/082—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Bioethics (AREA)
- Mathematical Physics (AREA)
- Biomedical Technology (AREA)
- Storage Device Security (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
本发明公开了一种基于可信执行环境的密码管理方法和***。该方法假定移动端存在硬件可信环境,通过用户对硬件可信环境进行授权,可信环境中的独立操作***将自动地进行密码相关的管理操作。可信执行环境将会为每个账号注册独立的强密码,并将账号和应用(或网站)的对应关系存储在硬件安全区内。应用请求登录时返回该应用对应的账号列表,由用户进行选择。通过点对点加密传输,不同的可信设备间可以同步存储的密码信息。此外,可以通过移动可信端,可以管理其他无可信环境的设备上的应用(或网站),比如笔记本电脑等。该方法解决了用户难以记忆大量复杂密码的问题,并且确保了密码管理***自身的安全性。
Description
技术领域
本发明属于信息安全领域,特别涉及到一种基于可信执行环境的密码管理方法和***。
背景技术
随着智能手机的普及,越来越多的事务可以通过手机应用或网站进行在线处理,包括娱乐,办公,社交,财务等。对于不同的应用或网站,用户需要进行相应的密码设置。由于应用数量增多,用户难以记忆太多复杂的随机密码,因而倾向于设置方便记忆的通用密码,给信息安全带来了威胁。有的用户为不同的应用设置相同的密码,并且泄露的密码会导致一连串应用或网站的密码泄露,其中包括高敏感度的财务应用密码的泄露。这些习惯使得黑客可以通过预测用户密码习惯或者撞库攻击等方式进行破解。
解决密码泄露或被猜出的最简单直接的方式之一就是为每一个应用或网站的每一个账号设置一个独立的随机高强度密码,但这样会极大增加用户的记忆难度。杨振林等人[1]构建的密码管理***可以将应用以及相应的账号密码进行存储,减少了用户的记忆负担。徐平等人[2]利用智能手机进行密码管理,将密码信息存储在手机的存储卡或SIM卡上。但是密码管理***本身的安全性至关重要,需要非常高的安全机制进行保护,以防止密码泄露的风险性。上述方法将密码管理***构建在服务器或者存储卡上,无法做到对密码管理***进行有效的安全保护。
可信执行环境(Trusted Execution Environment)是移动设备中的一个独特的隔离安全区域。市场上的许多设备都有硬件安全级的可信执行环境。该区域可以确保该环境内部的代码和数据的安全性、机密性、完整性。可信执行环境提供了一个隔离的环境,与设备的操作***同时存在。其硬件隔离技术可以使其不受安装在移动设备上操作***的应用影响。
本专利公开了一个基于硬件安全区的密码管理方法和***,将密码的管理过程由人工记忆转移到硬件可信执行环境管理,因此可以为每个应用设置复杂的强密码,同时无需用户记忆。该密码管理***基于硬件安全区进行构建,无需上传到服务器或者使用外部存储,减少泄露风险。用户授权安全区进行全部操作,具有较高的实用性和安全性。所述方法和***,可以在方便用户使用的同时,真正做到硬件安全级的密码管理与保护。
[1]杨振林.一种密码管理方法和***:中国,201210225542X,2016.01.06.
[2]徐平.用智能手机实现密码管理的方法:中国,2014103451281,2018.03.13.
发明内容
本发明提供一种基于可信执行环境的密码管理方法和***,要解决的技术问题是如何为大量的应用和网站进行自动的账号管理,包括创建,修改,自动填写以及同步,并确保密码管理***本身的安全性。
为了实现本发明的目的,我们依靠以下技术方案来实现。
一种基于可信执行环境的密码管理方法,包括:
a)收到应用请求输入密码时,将请求交由可信执行环境进行处理;
b)可信执行环境为应用的账号创建强密码;
c)应用与账号的对应关系存储于硬件安全区内。应用登录时返回存储的账号列表由用户进行选择。
根据本方法的一个方面,应用可以在可信执行环境内为账号创建新的强密码,该应用和账号的绑定信息存储在信任区,支持注册多个新的账号与密码,即支持应用和账号一对多绑定。
根据本方法的另一个方面,应用请求登陆时,在可信执行环境内检索并返回绑定的多个注册账号,由用户进行选择使用哪一个账号进行登录。
根据本方法的另一个方面,涉及可信执行环境的密码操作(读取,写入等),需要用户对可信执行环境的授权,包括但不限于,指纹识别、虹膜识别、人脸识别、输入超级密码等。对于识别未通过的操作,拒绝其进行密码操作。
根据本方法的另一个方面,除了本地应用的账号,可信执行环境还可以对网站进行管理,仅需通过拍照或复制该网址到管理***。
根据本方法的另一个方面,可信设备,下文统称手机,同时也可以用于管理其他无可信执行环境的设备,包括但不限于,笔记本电脑,平板电脑等,下文统称电脑。手机可通过加密点对点信道与电脑相连,电脑端的管理***传递的应用id或者网址,手机可信执行环境授权通过后,可以注册或检索出相应的账号返回电脑端,并由电脑端管理***进行自动登陆。
一种基于可信执行环境的密码管理***,包括:
a)生成模块,接收到可信执行环境生成密码的请求,为账号随机生成一个强密码,与存储模块相连;
b)存储模块,接收应用和账号信息,成对存储在硬件安全区内,与生成模块,输出模块和认证模块相连;
c)输出模块,接收应用信息,在存储模块中进行检索相应的账号,经认证模块确认后,返回给请求的应用,与存储模块相连;
d)认证模块,与存储模块相连,所有对存储模块的读写操作均需要进行认证操作,该认证模块包括但不限于手机内部的指纹认证模块、虹膜认证模块、人脸识别模块、超级密码输入等。
根据本***的一个方面,所述***还可以支持两台不同可信设备的存储模块间的点对点互联,当双方均通过认证模块认证后,安全区的数据可通过点对点加密信道进行同步,用于更换、备份、或添加设备等场景。
本发明达到的技术效果是:相对于现有密码管理***,需要将密码上传至服务器存储,本发明通过硬件安全区进行密码管理,确保了密码***自身的安全性。本***可以使用手机管理其他设备,同时管理应用和网站,极大地减轻了用户密码的记忆负担,减少密码泄露的风险。
附图说明
图1为基于可信执行环境的密码管理方法示意图。
图2为基于可信执行环境的密码管理***示意图。
图3为跨设备管理示意图。
具体实施方式
为了更清楚的说明此***的具体使用实施方式,下面采用解说步骤参照示意图的方式详细说明:
参照图1基于可信执行环境的密码管理方法流程图,包含:
S1.应用请求创建新的账号。
对S1进一步说明,应用请求密码管理***创建新的账号,密码管理***的设计分为客户端应用和可信端应用,分别负责非密码部分和密码部分.非密码部分由客户端接口转发至普通操作***,由用户进行输入,密码部分由可信端接口转发至可信执行环境,由可信执行环境进行自动创建。可信执行环境(TEE)是CPU内的一个安全区域,它运行在一个独立的环境中,且与操作***并行运行。客户端接口和可信端接口通过通用唯一识别码(uuid)进行识别,只有相同的uuid,双方才能交互.
可信执行环境请求用户进行授权,授权方式可包括但不限于人脸识别,指纹识别,虹膜识别等。通过在可信环境内的指纹模板和用户输入的指纹进行比对,如果比对未通过,则禁止该操作。若比对通过,可信执行环境将应用id以及相应创建的账号信息存储在信任区(Trust Zone)内。信任区是***级芯片级别的安全技术,其核心理念是将硬件***隔离出安全环境,信任区中的内存无法直接环境.对于网页端,该应用id可以通过输入或者拍照获取其网址作为应用id,可以为同一个应用id创建多个账号。
S2.客户端应用请求登录。
对S2进一步说明,客户端请求登录,发送应用id至可信执行环境。可信执行环境请求用户进行授权,授权方式可包括但不限于人脸识别,指纹识别,虹膜识别等。通过在可信环境内的指纹模板和用户输入的指纹进行比对,如果比对未通过,则禁止该操作。若比对通过,可信执行环境通过检索该应用id对应的账号,返回由用户点选其中一个账号进行登录。
S3.跨设备管理
参照图2,通过手机等存在可信执行环境(统称手机端)的设备,管理笔记本电脑、平板电脑等不存在可信执行环境的设备(统称电脑端)进行自动密码授权。
对S3进一步说明,在电脑端安装该密码管理客户端,对于电脑端的应用,由电脑端密码管理***检测其应用id。该应用如果是网页应用,其网址通过SHA-1散列值得到应用id。电脑端密码管理***将应用id通过加密点对点信道传输至手机端。手机端通过用户授权,选择待登陆的账号,返回给电脑端密码管理***,由电脑端操控登录。
参照图3基于可信执行环境的密码管理***示意图,包含以下模块。
S4.生成模块,当请求命令为生成时,可信执行环境通过生成模块生成随机密码。该生成密码以应用id作为随机数种子。
S5.存储模块,当请求命令为写入时,存储模块调用生成模块生成随机密码,与应用id以及账号同时存储在硬件安全区内。
S6.输出模块,当请求命令为读取时,输出模块通过读取存储模块,根据应用id索引到对应的账号列表,返回给用户进行选择由哪个账号进行登录。
S7.认证模块,当对存储模块进行读取和写入的时候,存储模块会调用认证模块,认证模块请求用户进行授权,包括但不限于指纹识别,虹膜识别,面部识别和超级密码。通过身份核验后,授权存储模块可以进行读取和写入密码。
S8.存储模块可通过点对点加密信道进行连接,包括但不限于蓝牙,WLAN连接。当双方均通过认证模块认证后,安全区的数据可通过点对点加密信道进行同步,用于更换、备份、或添加设备等场景。
Claims (8)
1.一种基于可信执行环境的密码管理方法,其特征在于,包括:
a)收到应用请求输入密码时,将请求交由可信执行环境进行处理;
b)可信执行环境为应用的账号创建强密码;
c)应用与账号的对应关系存储于硬件安全区内,应用登录时返回存储的账号列表由用户进行选择。
2.根据权利要求1所述的基于可信执行环境的密码管理方法,其特征在于,所述方法还包括:应用可以在可信执行环境内为账号创建新的强密码,该应用和账号的绑定信息存储在信任区,支持注册多个新的账号与密码。
3.根据权利要求1所述的基于可信执行环境的密码管理方法,其特征在于,应用请求登陆时,在可信执行环境内检索并返回绑定的多个注册账号,由用户进行选择使用哪一个账号进行登录。
4.根据权利要求1所述的基于可信执行环境的密码管理方法,其特征在于,涉及可信执行环境的密码操作,需要用户对可信执行环境的授权,包括但不限于,指纹识别、虹膜识别、人脸识别、输入超级密码,对于识别未通过的操作,拒绝其进行密码操作。
5.根据权利要求1所述的基于可信执行环境的密码管理方法,其特征在于,除了本地应用的账号,可信执行环境还可以对网站进行管理,仅需通过拍照或复制该网址到管理***。
6.根据权利要求1所述的基于可信执行环境的密码管理方法,其特征在于,可信设备,同时也可以用于管理其他无可信执行环境的设备,包括但不限于电脑,可信设备通过加密点对点信道与电脑相连,电脑端的管理***传递的应用id或者网址,可信设备可信执行环境授权通过后,可以注册或检索出相应的账号返回电脑端,并由电脑端管理***进行自动登陆;其中的可信设备为手机。
7.一种基于可信执行环境的密码管理***,其特征在于,包括:
a)生成模块,接收到可信执行环境生成密码的请求,为账号随机生成一个强密码,与存储模块相连;
b)存储模块,接收应用和账号信息,成对存储在硬件安全区内,与生成模块,输出模块和认证模块相连;
c)输出模块,接收应用信息,在存储模块中进行检索相应的账号,经认证模块确认后,返回给请求的应用,与存储模块相连;
d)认证模块,与存储模块相连,所有对存储模块的读写操作均需要进行认证操作,该认证模块包括但不限于手机内部的指纹认证模块、虹膜认证模块、人脸识别模块、超级密码输入。
8.根据权利要求7所述的基于可信执行环境的密码管理***,其特征在于,所述***还可以支持两台不同可信设备的存储模块间的点对点互联,当双方均通过认证模块认证后,安全区的数据可通过点对点加密信道进行同步,用于更换、备份、或添加设备场景。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010465293.6A CN111666560A (zh) | 2020-05-28 | 2020-05-28 | 一种基于可信执行环境的密码管理方法和*** |
US17/123,208 US20210374227A1 (en) | 2020-05-28 | 2020-12-16 | Trusted execution environment (tee)-based password management method and system |
GB2107608.8A GB2595590A (en) | 2020-05-28 | 2021-05-27 | Trusted execution environment (TEE)-based password management method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010465293.6A CN111666560A (zh) | 2020-05-28 | 2020-05-28 | 一种基于可信执行环境的密码管理方法和*** |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111666560A true CN111666560A (zh) | 2020-09-15 |
Family
ID=72384824
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010465293.6A Pending CN111666560A (zh) | 2020-05-28 | 2020-05-28 | 一种基于可信执行环境的密码管理方法和*** |
Country Status (3)
Country | Link |
---|---|
US (1) | US20210374227A1 (zh) |
CN (1) | CN111666560A (zh) |
GB (1) | GB2595590A (zh) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104636682A (zh) * | 2015-02-09 | 2015-05-20 | 上海瀚银信息技术有限公司 | 一种基于硬件设备的密码管理***及方法 |
US20170118215A1 (en) * | 2015-10-23 | 2017-04-27 | Srikanth Varadarajan | Systems and methods for providing confidentiality and privacy of user data for web browsers |
WO2017071329A1 (zh) * | 2015-10-28 | 2017-05-04 | 广东欧珀移动通信有限公司 | 密码管理方法、密码管理***及终端设备 |
WO2017185683A1 (zh) * | 2016-04-27 | 2017-11-02 | 乐视控股(北京)有限公司 | 基于生物识别信息的认证方法和认证***、电子设备 |
CN108804935A (zh) * | 2018-05-31 | 2018-11-13 | 中国-东盟信息港股份有限公司 | 一种基于TrustZone的安全加密存储***及方法 |
US20190268155A1 (en) * | 2016-12-02 | 2019-08-29 | Huawei Technologies Co., Ltd. | Method for Ensuring Terminal Security and Device |
CN110401538A (zh) * | 2018-04-24 | 2019-11-01 | 北京握奇智能科技有限公司 | 数据加密方法、***以及终端 |
US20190392417A1 (en) * | 2017-01-25 | 2019-12-26 | Huawei Technologies Co., Ltd. | Bank Card Adding Method, and Apparatus |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9064109B2 (en) * | 2012-12-20 | 2015-06-23 | Intel Corporation | Privacy enhanced key management for a web service provider using a converged security engine |
US10248772B2 (en) * | 2015-09-25 | 2019-04-02 | Mcafee, Llc | Secure communication between a virtual smartcard enclave and a trusted I/O enclave |
CN105516104B (zh) * | 2015-12-01 | 2018-10-26 | 神州融安科技(北京)有限公司 | 一种基于tee的动态口令的身份验证方法及*** |
KR101791150B1 (ko) * | 2016-05-12 | 2017-11-20 | (주)케이스마텍 | 신뢰된 실행 환경 기반의 보안 핀패드 제공 방법 및 시스템 |
US10601828B2 (en) * | 2018-08-21 | 2020-03-24 | HYPR Corp. | Out-of-band authentication based on secure channel to trusted execution environment on client device |
US11727403B2 (en) * | 2019-05-20 | 2023-08-15 | Samsung Electronics Co., Ltd. | System and method for payment authentication |
-
2020
- 2020-05-28 CN CN202010465293.6A patent/CN111666560A/zh active Pending
- 2020-12-16 US US17/123,208 patent/US20210374227A1/en not_active Abandoned
-
2021
- 2021-05-27 GB GB2107608.8A patent/GB2595590A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104636682A (zh) * | 2015-02-09 | 2015-05-20 | 上海瀚银信息技术有限公司 | 一种基于硬件设备的密码管理***及方法 |
US20170118215A1 (en) * | 2015-10-23 | 2017-04-27 | Srikanth Varadarajan | Systems and methods for providing confidentiality and privacy of user data for web browsers |
WO2017071329A1 (zh) * | 2015-10-28 | 2017-05-04 | 广东欧珀移动通信有限公司 | 密码管理方法、密码管理***及终端设备 |
WO2017185683A1 (zh) * | 2016-04-27 | 2017-11-02 | 乐视控股(北京)有限公司 | 基于生物识别信息的认证方法和认证***、电子设备 |
US20190268155A1 (en) * | 2016-12-02 | 2019-08-29 | Huawei Technologies Co., Ltd. | Method for Ensuring Terminal Security and Device |
US20190392417A1 (en) * | 2017-01-25 | 2019-12-26 | Huawei Technologies Co., Ltd. | Bank Card Adding Method, and Apparatus |
CN110401538A (zh) * | 2018-04-24 | 2019-11-01 | 北京握奇智能科技有限公司 | 数据加密方法、***以及终端 |
CN108804935A (zh) * | 2018-05-31 | 2018-11-13 | 中国-东盟信息港股份有限公司 | 一种基于TrustZone的安全加密存储***及方法 |
Also Published As
Publication number | Publication date |
---|---|
GB2595590A (en) | 2021-12-01 |
GB202107608D0 (en) | 2021-07-14 |
US20210374227A1 (en) | 2021-12-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210344678A1 (en) | System for accessing data from multiple devices | |
CN100438421C (zh) | 用于对网络位置的子位置进行用户验证的方法和*** | |
US11539524B1 (en) | Software credential token process, software, and device | |
US20120030475A1 (en) | Machine-machine authentication method and human-machine authentication method for cloud computing | |
US20100228987A1 (en) | System and method for securing information using remote access control and data encryption | |
CN110781468A (zh) | 一种身份认证的处理方法、装置、电子设备及存储介质 | |
KR20200028880A (ko) | 블록체인 기반의 모바일 단말 및 IoT 기기 간의 다중 보안 인증 시스템 및 방법 | |
CN107145531B (zh) | 分布式文件***及分布式文件***的用户管理方法 | |
US11068570B1 (en) | Authentication using third-party data | |
TWM595792U (zh) | 跨平台授權存取資源的授權存取系統 | |
CN113541935A (zh) | 一种支持密钥托管的加密云存储方法、***、设备、终端 | |
KR102010776B1 (ko) | 블록체인 기반의 패스워드 처리 방법, 사용자 로그인 인증 지원 방법 및 이를 이용한 서버 | |
CN111666560A (zh) | 一种基于可信执行环境的密码管理方法和*** | |
US11968202B2 (en) | Secure authentication in adverse environments | |
CN108668260B (zh) | 一种sim卡数据自毁方法、sim卡、装置及服务器 | |
Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services | |
US8621231B2 (en) | Method and server for accessing an electronic safe via a plurality of entities | |
US20230208634A1 (en) | Key management method and apparatus | |
KR102181445B1 (ko) | 장정맥을 이용한 전자결재 방법 | |
CN114257410B (zh) | 基于数字证书的身份认证方法、装置、计算机设备 | |
TWI778319B (zh) | 跨平台授權存取資源方法及授權存取系統 | |
CN206672135U (zh) | 一种二维码生成显示设备 | |
TW202418783A (zh) | 上鎖與解鎖儲存裝置的方法和其相關的系統 | |
CN117834242A (zh) | 验证方法、装置、设备、存储介质和程序产品 | |
CN117455489A (zh) | 交易授权方法、装置、设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200915 |