CN112740204A - Data processing method, data processing device and electronic equipment in password input - Google Patents
Data processing method, data processing device and electronic equipment in password input Download PDFInfo
- Publication number
- CN112740204A CN112740204A CN201980007039.7A CN201980007039A CN112740204A CN 112740204 A CN112740204 A CN 112740204A CN 201980007039 A CN201980007039 A CN 201980007039A CN 112740204 A CN112740204 A CN 112740204A
- Authority
- CN
- China
- Prior art keywords
- processor
- sensor
- data
- data processing
- sensor data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 54
- 238000003672 processing method Methods 0.000 title abstract description 11
- 238000000034 method Methods 0.000 claims description 22
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 8
- 238000013461 design Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 229910044991 metal oxide Inorganic materials 0.000 description 1
- 150000004706 metal oxides Chemical class 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
- Power Sources (AREA)
Abstract
A data processing method, a data processing device and electronic equipment in password input are used for protecting sensor data and providing guarantee for password security of users. The data processing apparatus includes: the low-power-consumption processor is used for receiving the sensor data output by the sensor and transmitting the sensor data to the processor; a processor coupled to the low power processor for preventing access to the sensor data by at least one software program run by the processor during a password entry performed by a user; wherein the power consumption of the processor is higher than the power consumption of the low power consuming processor.
Description
The present application relates to the field of data security technologies, and in particular, to a data processing method, a data processing apparatus, and an electronic device in password input.
At present, more and more user data are stored in electronic equipment (such as a mobile phone), and the privacy of a user is more and more important, so that the requirement on the safety of the electronic equipment is continuously improved. The electronic equipment is developed from initial sliding unlocking to password unlocking and pattern unlocking, and the unlocking mode is continuously evolving from the current biometric unlocking. However, no matter which unlocking method is used, the digital password is the basis of all unlocking methods, and the reasons are mainly as follows: 1. setting password unlocking prior to setting the fingerprint/face; 2. after the mobile phone is restarted, a password is required to be input for unlocking; 3. the mobile phone needs to input a password for unlocking at intervals; 4. after the biological recognition unlocking fails, the unlocking can be realized only through the password. Therefore, when the attack is carried out on the mobile phone password, the attack can be carried out on the digital password.
At present, there is such an attack mode for mobile phone passwords: to achieve more functionality, electronic devices are often provided with various types of sensors. In various current operating systems, such as Android versions, the system does not meet the requirements of sensor permissions, that is, any application, process and service can apply for acquiring sensor data when needed, and the sensor data is used as a common resource of the system and is open to all applications, processes and services. An attacker induces a user to install the app for analyzing the mobile phone password, and the sensor data are public resources of the system, so the app can acquire information (including mobile phone inclination angles, rotation angles, light rays and the like) of various sensors in the unlocking process of the electronic equipment, analyze a plurality of possible password combinations according to a machine learning model and massive learning data, and try to crack the mobile phone password. This attack approach may also be referred to as a sensor-based Side Channel Attack (SCA).
Data shows that the data of the two sensors, namely the accelerometer and the gyroscope, are combined for side channel password analysis, and the password cracking success rate is 70%. Therefore, it is easy to see that, in the Android device password unlocking process, an attacker can easily break the mobile phone password by acquiring the sensor data, and threats are brought to the privacy of the user and the safety of the electronic device.
Disclosure of Invention
The embodiment of the application provides a data processing method, a data processing device and electronic equipment in password input, which are used for protecting sensor data and providing guarantee for password security of a user.
In a first aspect, an embodiment of the present application provides a data processing apparatus in password input, including: the low-power-consumption processor is used for receiving the sensor data output by the sensor and transmitting the sensor data to the processor; a processor coupled to the low power processor for preventing access to the sensor data by at least one software program run by the processor during a password entry performed by a user; wherein the power consumption of the processor is higher than the power consumption of the low power consuming processor. Optionally, the sensor comprises one or more of: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a hall sensor.
With the data processing apparatus provided in the first aspect, during the password input performed by the user, the processor prevents the at least one software program run by the processor from accessing the sensor data, so that a specific software program, such as an application program, requesting to acquire the sensor data cannot acquire the sensor data. Compared with the prior art, the sensor data can not be acquired by the software program at will, and an attacker is difficult to crack the user password through the sensor data.
In one possible design, the at least one software program includes an application software program. In particular, the at least one software program may belong to non-secure software. By adopting the scheme, the processor runs software to form a safe environment and a non-safe environment, at least one software program is non-safe software, and the non-safe software can initiate a data request through a safe/non-safe interface drive to acquire sensor data. Once the non-secure software is disabled from acquiring sensor data, the security of password entry is enhanced.
In one possible design, the processor, when preventing access to the sensor data by at least one software program run by the processor, is specifically configured to: the sensor data is discarded or replaced with dummy data. By adopting the scheme, the sensor data can be discarded or replaced by the dummy data, and an attacker is difficult to crack the user password through the sensor data.
In one possible design, the data processing device further comprises a protection unit for preventing the low-power processor from continuously receiving the sensor data under the control of the processor; when the processor prevents at least one software program run by the processor from accessing the sensor data, the processor is specifically configured to: the processor controls the protection unit to perform an operation of preventing the low power processor from continuing to receive the sensor data. By adopting the scheme, the protection unit can be arranged between the sensor and the low-power-consumption processor, and when a user inputs a password, the protection unit executes the cutting-off operation of the sensor data, so that an attacker is difficult to crack the user password through the sensor data.
Specifically, the protection unit is specifically configured to: the sensor data connection between the low power processor and the sensor is prevented under control of the processor. In a first implementation manner, the protection unit is specifically configured to: and disabling the interface between the sensor and the low-power-consumption processor or disabling the data transmission function of the interface or disabling the data line between the sensor and the low-power-consumption processor or setting the data line to a preset level. In a second implementation manner, the protection unit is specifically configured to: the sensor is disabled.
Optionally, the processor is further configured to: it is determined whether the user is performing password entry. With the above arrangement, the processor may trigger the aforementioned operation of preventing the at least one software program from accessing the sensor data in a case where it is determined that the user is performing the password input. Wherein, the processor is specifically configured to, when determining whether the user is performing password input: and judging whether the user is performing password input or not through the indication of the status flag bit.
Optionally, the processor is further configured to: and operating the safety software, and setting a status flag bit when the safety software detects that the user executes password input. Wherein the security software may include unlocking software.
In a second aspect, an embodiment of the present application further provides an electronic device, which includes the data processing apparatus provided in the first aspect and a sensor.
In a third aspect, an embodiment of the present application provides a data processing method in password input. The method comprises the following steps: the low-power-consumption processor receives sensor data output by the sensor and transmits the sensor data to the processor; the processor prevents access to the sensor data by at least one software program run by the processor during execution of the password entry by the user. Wherein the power consumption of the processor is higher than the power consumption of the low power processor.
Wherein the at least one software program comprises an application software program. In particular, the at least one software program may belong to non-secure software.
Alternatively, the blocking by the processor of the access of the sensor data by the at least one software program run by the processor may be achieved by: the processor discards the sensor data or replaces the sensor data with dummy data.
Optionally, the blocking of the sensor data by the processor from access by the at least one software program run by the processor may also be achieved by: the processor controls the protection unit to perform an operation of preventing the low power processor from continuing to receive the sensor data.
Optionally, the method provided by the third aspect further includes: the processor determines whether the user is performing password entry. Specifically, the specific way for the processor to determine whether the user is performing password input may be: the processor judges whether the user is performing password input or not through indication of the status flag bit.
Optionally, the method provided by the third aspect further includes the processor running security software and setting the status flag bit when the security software detects that the user performs the password input. Wherein the security software comprises unlocking software.
Optionally, the sensor comprises one or more of: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a hall sensor.
Fig. 1 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a software module in an SoC according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart illustrating an implementation scheme of each software module in the SoC according to an embodiment of the present disclosure;
fig. 4 is a schematic diagram of data received by an application in various states according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of another integrated chip provided in the embodiment of the present application;
fig. 6 is a schematic structural diagram of a first protection unit according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a second protection unit according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a third protection unit provided in the embodiment of the present application;
fig. 9 is a schematic structural diagram of a fourth protection unit provided in the embodiment of the present application;
fig. 10 is a schematic structural diagram of a fifth protection unit according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a sixth protection unit according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
fig. 13 is a flowchart illustrating a data processing method according to an embodiment of the present application.
Next, an application scenario of the embodiment of the present application will be described first. The embodiment of the application can be applied to the electronic equipment shown in FIG. 1. As shown in fig. 1, the electronic device includes a system on chip (SoC) and a sensor. The SoC includes a processor, specifically includes an Application Central Processing Unit (ACPU), and may further include other types of processors, such as a digital signal processor, an artificial intelligence processor, or a microcontroller. The SoC also includes a low power micro control unit (LP MCU). In the embodiments of the present application, the low power consumption microprocessor may also be referred to as a low power consumption processor, and its power consumption is lower than the power consumption of the processor, for example, lower than the power consumption of the application processor. The electronic device includes, but is not limited to, a smart phone, a smart watch, a smart television, a tablet computer, a Virtual Reality (VR) device, an Augmented Reality (AR) device, an internet of things (IoT) device, a personal computer, a handheld computer, and a personal digital assistant.
In the electronic device shown in fig. 1, the sensor is a device in the electronic device for sensing external data or environmental parameters, and the sensor may be a low-speed bus device based on an interface such as an inter-integrated circuit (I2C) bus or a Serial Peripheral Interface (SPI) bus. It is understood that the interface used by the sensor may also be an interface other than a low-speed bus, such as a high-speed bus, and the embodiment is not limited thereto. The sensors may be used to detect the state of the electronic device and its surroundings (e.g. acceleration, magnetic field strength, light intensity, air pressure). Illustratively, the sensor may be one or more of a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a hall sensor.
In the electronic device shown in fig. 1, since the sensor is usually required to operate in a low power consumption state, the sensor is typically attached to a low power consumption processor of the SoC using a low speed bus. The low-power processor is mainly used for transmitting the sensor data to the application processor after the sensor data are simply processed, so that the application processor can conveniently perform subsequent processing on the data.
In the electronic device shown in fig. 1, the application processor is used for processing various functions and services of the electronic device, for example, implementing functions of various application software (APP), providing various password operations such as unlocking service for a user, controlling and scheduling a sensor, processing sensor data, and the like. In particular, the application processor runs software to form different environments, such as a secure environment and a non-secure environment, i.e., the software can be divided into a secure software side and a non-secure software side. The data and programs which relate to user privacy, payment security and the like and have high requirements on security level are located on the security software side, and the data and programs which have low requirements on security level are located on the non-security software side. The non-secure software side can initiate a data request through the secure/non-secure interface driver to obtain data of the secure software side. In the embodiment of the application, the unlocking application and the sensor data processing application are located on the security software side. The non-secure software side corresponds to a common environment and the secure software side corresponds to a Trusted Execution Environment (TEE).
In the prior art, taking an Android system as an example, although application software for processing sensor data is located on a secure software side, access authority of the sensor data is not limited in the Android system, that is, any application, service and process on the secure software side or a non-secure software side can access the sensor data as needed, and the sensor data is used as a common resource of the whole system and is open to all applications, services and processes. Therefore, in the process of inputting the password by the user, an attacker can easily acquire the sensor data, analyze the password combination possibly corresponding to the acquired sensor data based on the machine learning model and the massive learning data, and try to crack the hand secret code. In view of this, embodiments of the present application provide an integrated chip and a data processing method, so as to protect sensor data and prevent an attacker from performing a side channel attack based on a sensor in a process of a user performing password input, that is, prevent a user password from being cracked, thereby providing guarantees for password security and mobile phone security of the user.
Specifically, the data processing device in password input provided by the embodiment of the application can comprise a processor and a low-power processor. The processor may be an application processor included in the electronic device shown in fig. 1, and may also include other necessary types of processors, such as a microcontroller, a digital signal processor, or an artificial intelligence processor, and the low power consumption processor may be a low power consumption processor in the electronic device shown in fig. 1. Optionally, the low power processor is a Sensor Hub.
The low-power-consumption processor is used for receiving sensor data output by the sensor and transmitting the sensor data to the processor; the processor is coupled with the low-power consumption processor and is used for preventing at least one software program run by the processor from accessing the sensor data in the process of inputting the password by the user; wherein the power consumption of the processor is higher than the power consumption of the low power consuming processor.
At least one of the software programs includes an application software program, and may optionally include other types of software, such as driver software or plug-ins. The at least one software program may be non-secure software, i.e. the processor runs the software to form a secure environment and a non-secure environment, i.e. the at least one software program is non-secure software, which may initiate a data request via the secure/non-secure interface driver to obtain the sensor data. Preventing access to the sensor data by at least one non-secure software program run by the processor helps to improve the security of password entry.
In the data processing apparatus provided in the embodiment of the present application, the processor does not allow the sensor data to be acquired by any application at any time as in the prior art, but prevents the at least one software program run by the processor from accessing the sensor data during the process of inputting the password by the user, so that the application requesting to acquire the sensor data cannot acquire the sensor data or only acquires fixed dummy data (i.e. data of a fixed value, such as 0x00, 0xFF, etc.). In this way, the sensor data is not acquired by the software program (the application on the secure software side or the application on the non-secure software side) at will, and it is difficult for an attacker to break the user password by the sensor data.
Further, in the data processing apparatus, the processor may be further configured to: it is determined whether the user is performing password entry. That is, the processor may trigger the aforementioned operation of preventing access to the sensor data by the at least one software program upon determining that the user is performing a password entry. Specifically, the processor may determine whether the user is performing password entry via an indication of the status flag bit. That is, in the embodiment of the present application, a status flag is set in the processor to indicate whether the user is performing password input.
Specifically, in this embodiment of the present application, the status flag bit may be located on the secure software side, so as to prevent the status flag bit from being tampered with maliciously. Illustratively, the status flag bit is used to indicate whether the electronic device is successfully unlocked. The design can be as follows in practical application: when the status flag bit is a first numerical value, the status flag bit is used for indicating that the electronic equipment is in an unlocking state; when the status flag bit is a second value, the status flag bit is used for indicating that the electronic equipment is in a locked state; and when the status flag bit is a third numerical value, the status flag bit is used for indicating that the electronic equipment is in an unlocking state.
Illustratively, the status flag bit may be denoted as Lockstatus. When Lockstatus is 0, it indicates that the electronic device is in a locked state, i.e. the electronic device is locked; when Lockstatus is 1, the electronic device is in an unlocking state, that is, the user is performing an unlocking operation; when Lockstatus is 2, it indicates that the electronic device is in the unlocked state, i.e., the electronic device is unlocked. It should be noted that, in the embodiment of the present application, an application scenario for inputting a password is described by taking an unlocking scenario as an example, so that the scheme is better applicable to this scenario. It should be understood that the data processing scheme for the user to perform password input according to the embodiment may also be applied to other scenarios with password input, and is not limited to the unlocking scenario.
In the embodiment of the present application, the status flag bit may be set in the following manner: the processor runs security software and sets the status flag when the security software (which may be, for example, unlocking software) detects that the user has performed a password input.
In addition, the processor may no longer prevent the application from accessing the sensor data when the status flag bit indicates that the electronic device is in the locked state or the unlocked state. That is, in a case where the user does not perform the password input operation, the sensor data may be acquired by the application program on the secure software side or the non-secure software side.
As described above, when an attacker performs a side channel attack by a sensor, it is necessary to use sensor data when a user performs password input. If the processor determines that the user does not execute the password input process, the attacker cannot perform the sensor-based side channel attack, so that the request for acquiring the sensor data by at least one software program can be responded through the secure/non-secure interface, and the normal application function is realized.
In the data processing device provided by the embodiment of the application, the low-power processor and the processor can be integrated into one integrated chip. Illustratively, the integrated chip may be an SoC in the electronic device shown in fig. 1. Of course, in practical applications, the low power consumption processor and the processor may also be integrated in different chips, for example, the processor is integrated in the SoC, and the low power consumption processor is coupled to the SoC as a separate chip. The present embodiment does not limit the various possible variations of the SoC.
As described in the electronic device shown in fig. 1, the application software in the application processor may be on the secure software side or the non-secure software side. Then, corresponding functions in the above-mentioned processors can also be cooperatively realized by software modules located on the secure software side or the non-secure software side.
Illustratively, taking the processor as ACPU, the low power processor as LP MCU, and the ACPU and LP MCU integrated in the SoC as an example, the software modules in the ACPU and LP MCU may be divided as shown in fig. 2. The ACPU includes five software modules: the system comprises an unlocking application, an unlocking service, a safe/non-safe interface driver, a sensor framework service, a sensor data processing module and a common upper layer application, wherein the unlocking application and the unlocking service are software modules in a software system, the software system is also called system software and can comprise other software modules, and the embodiment is not limited. The software system comprises an operating system, plug-ins, middleware, application software and the like. The LP MCU includes a sensor drive. In addition, the sensor driver is also coupled to sensor hardware, such as running on a LP MCU core coupled to the sensor hardware. Various types of sensors may be included in the sensor hardware, as described with particular reference to the previous embodiments.
The unlocking application and the unlocking service are used for initiating unlocking operation when the system software needs to be unlocked, guiding a user to unlock, and outputting a state flag bit to the sensor data processing module; the safety/non-safety interface driver is used for data transmission interaction between the safety software side and the non-safety software side, and the common upper layer application of the non-safety side initiates a data request and drives the data or the state of the return request; the sensor framework service is realized by sensor software in system software, is used for controlling and scheduling a sensor by higher-layer software, and transmits data to a sensor data processing module and then transmits the data to an application at a non-safety software side through a safety/non-safety interface; the sensor data processing module is used for processing sensor data transmitted by the sensor framework service and performing a data processing flow under the control of the status flag bit; the common upper layer application refers to a common Android application, and when the application needs to acquire sensor data, the application requests the sensor data by calling a safe/unsafe interface driver. The sensor driver is an interactive module of sensor hardware and system software, realizes control and data transmission of the low-speed bus through bottom layer codes, and simultaneously simply processes sensor data and sends the sensor data to a sensor framework for service.
In the module architecture shown in fig. 2, the unlocking application and unlocking service, the sensor framework service, and the sensor data processing module are located on the secure software side, and the common upper layer application is located on the non-secure software side. The sensor data processing module is used for processing sensor data transmitted by the sensor framework service according to the state flag bit.
Specifically, the sensor data processing module may periodically poll the status flag (for example, the access period is several tens of ms), and if the polled result is that the status is being unlocked (i.e., a specific example of a scenario that the user is performing password input), the data channel between the sensor data processing module and the sensor framework service is switched to the disconnected status at this time, and does not respond to the data request of the secure/non-secure interface. Optionally, the sensor data processing module notifies the sensor framework service to clear the sensor data, or transmits fixed sensor dummy data, such as 0x00, 0xFF, etc., to the secure/non-secure interface driver, while notifying the sensor framework service to clear the sensor data; if the polled result indicates that the electronic device is in the unlocked state or the locked state, the data channel is set to be in the normal state, so that the common upper layer application can drive a normal request through the secure/non-secure interface, acquire sensor data, and realize a normal application function, as shown in fig. 3.
For example, when the electronic device is in different states (an unlocked state, and a locked state), the data received by the common upper layer application may be as shown in fig. 4. In scheme 1 shown in fig. 4, when the electronic device is in the locked state and the unlocked state, the normal upper layer application receives normal sensor data; when the electronic device is in an unlocked state, the common upper layer application cannot receive data. In scheme 2 shown in fig. 5, when the electronic device is in the locked state and the unlocked state, the normal upper layer application receives normal sensor data; when the electronic device is in the unlocking state, the common upper layer application receives the fixed pseudo data.
Specifically, in the embodiment of the present application, the processor may be implemented in a software manner, or may be implemented in a hardware manner when the processor prevents at least one software program run by the processor from accessing the sensor data. These two modes are described separately below.
One, software mode
When the processor prevents at least one software program run by the processor from accessing the sensor data, the following specific steps may be implemented: the sensor data is discarded or replaced with dummy data. That is, the processor may discard the sensor data or replace the sensor data with dummy data during the password input performed by the user, so that the application program requesting to acquire the sensor data cannot acquire the sensor data or only acquires fixed dummy data, and it is difficult for an attacker to crack the user password through the sensor data.
Two, hardware mode
The data processing apparatus provided in the embodiment of the present application may further include: the protection unit is used for preventing the low-power-consumption processor from continuously receiving the sensor data under the control of the processor; then, when the processor prevents the at least one software program run by the processor from accessing the sensor data, the following method is specifically implemented: the processor controls the protection unit to perform an operation of preventing the low power consumption processor from continuing to receive the sensor data. In the embodiment of the application, a protection unit may be disposed between the sensor and the low power consumption processor, as shown in fig. 5, so that when the user inputs the password, the protection unit executes an operation of preventing the low power consumption processor from continuing to receive the sensor data, and then the application program requesting to acquire the sensor data cannot acquire the sensor data or only acquires fixed dummy data, so that an attacker cannot crack the user password through the sensor data.
Specifically, the protection unit is specifically configured to: the sensor data connection between the low power processor and the sensor is prevented under control of the processor. The protection unit may prevent the sensor data connection between the low power consumption processor and the sensor, and may be implemented in different manners, for example, the protection unit may enable an interface between the sensor and the low power consumption processor, or the protection unit may enable a data transmission function of the interface, or the protection unit may enable a data line between the sensor and the low power consumption processor, or the protection unit may set the data line to a preset level. Furthermore, the protection unit may also directly disable the sensor.
In a specific application, the protection unit has a plurality of implementation manners, and the following examples are some of them.
First implementation
In a first implementation, the protection unit includes an active transistor coupled to a data bus between the low power processor and the sensor for pulling a level of the data bus high or low when the unlock state flag indicates that the electronic device is in the unlocking state.
Specifically, taking an active transistor as a Metal Oxide Semiconductor (MOS) as an example, if the unlocking state flag indicates that the electronic device is in the unlocking state, the gate of the MOS inputs a high level, so that the MOS transistor is turned on, and the level of the data bus between the low power consumption processor and the sensor is pulled up or pulled down, which depends on whether the voltage connected to the transistor is a high level or a low level, and at this time, the protection unit outputs a high level or a low level to the low power consumption processor, so that an attacker is difficult to acquire sensor data and crack the user password through the sensor data. In the embodiment of the present invention, the type of the active transistor may be various, and for example, the active transistor may be a MOS or Bipolar Junction Transistor (BJT), and the specific type of the active transistor in the embodiment of the present invention is not limited.
For example, when the protection unit is an active transistor, the connection relationship between the active transistor and the sensor and the low power consumption processor may be as shown in fig. 6. In example a of fig. 6, the active transistor is used to pull the data bus high (high) based on the unlock status flag bit output by the processor; in example b of fig. 6, the active transistor is used to pull the data bus low (GND) according to the unlock status flag bit of the processor output.
In addition, in the first implementation manner, the active transistor may also be implemented by using another device capable of fixing a bus level, and this is not specifically limited in this embodiment of the present application.
Second implementation
In a second implementation, the protection unit includes an analog switch coupled to a data bus between the low power processor and the sensor for enabling when the unlock state flag indicates that the electronic device is in the unlocking state.
That is, an analog switch may be added to the data bus between the sensor and the low power processor, the analog switch defaults to an enabled state, rendering the data bus conductive. When the electronic device is detected to be in the unlocking state, the processor controls the enable signal of the analog switch to enable the analog switch to be in the de-enable state, and a data bus between the sensor and the low-power-consumption processor is disconnected, as shown in fig. 7.
Third implementation
In a third implementation manner, the protection unit includes a first register, where the first register is configured to store the unlocking status flag and output the unlocking status flag to an input/output (IO) interface of the low power consumption processor, and control the IO interface to switch to a general-purpose input/output (GPIO) function when the unlocking status flag indicates that the electronic device is in the unlocking status.
In a third implementation manner, the IO interface of the processor and the low power consumption processor supports function multiplexing, and specifically, the IO interface supports function multiplexing of a data interface and a GPIO interface. In a specific implementation, a multiplexing selection signal of an IO interface may be controlled by a first register, and the IO interface is set as a data interface by default; when it is detected that the electronic device is in an unlocking state, the first register controls the IO multiplexing selection signal, so that the function of the IO interface is switched to the GPIO, and an effect of cutting off a transmission channel of the sensor data is achieved, as shown in fig. 8.
Fourth mode of implementation
In a fourth implementation manner, the protection unit includes a second register, where the second register is coupled to the processor, and is configured to store the unlocking state flag bit and output the unlocking state flag bit to an IO interface of the low power consumption processor, and control the IO interface to disable when the unlocking state flag bit indicates that the electronic device is in the unlocking state.
In a fourth implementation, the processors and IO interfaces of the low power processors support enabling and disabling state switching. By default, the IO interface is in an enabled state. When it is detected that the electronic device is in the unlocking state, the IO interface is controlled to be switched to the disable state through the second register, so that an effect of cutting off a transmission channel of sensor data is achieved, as shown in fig. 9.
Fifth implementation
In a fifth implementation, the protection unit includes a Power Management Unit (PMU) configured to power down the sensor when the unlocking state flag indicates that the electronic device is in the unlocking state. Specifically, the PMU is coupled to the application processor and the sensor, and if it is detected that the electronic device is in the unlocking state, the PMU powers down the sensor under the control of the application processor, so as to achieve the effect of cutting off a transmission channel of sensor data, as shown in fig. 10.
Furthermore, in the fifth implementation, there is an alternative implementation that, if the sensor supports power-on reset by the reset signal, upon detecting that the electronic device is in the unlocked state, the application processor may send a reset signal to the RST pin of the sensor to reset the sensor, or send a disable signal to the ENA pin of the sensor to disable the sensor, so that the sensor cannot output sensor data, thereby achieving the effect of cutting off the transmission channel of the sensor data, as shown in fig. 11.
In summary, with the data processing apparatus provided in this embodiment of the present application, in the process of the user performing password input, the processor prevents at least one software program run by the processor from accessing the sensor data, so that the application program requesting to acquire the sensor data cannot acquire the sensor data or only acquires fixed dummy data. Compared with the prior art, the sensor data can not be randomly acquired by a software program (application on a secure software side or application on a non-secure software side), and an attacker is difficult to crack the user password through the sensor data.
Based on the same inventive concept, the embodiment of the present application further provides an electronic device, which includes the foregoing data processing apparatus and a sensor, as shown in fig. 12. The data processing device may correspond to the system on chip shown in fig. 1, and the sensors correspond to the description of fig. 1 and the previous embodiments. The electronic equipment can be a complete machine of the equipment or a part of the electronic equipment. The electronic device includes, but is not limited to, a smartphone.
Based on the same inventive concept, the embodiment of the application also provides a data processing method in password input. As shown in fig. 13, the method includes the following steps.
S1301: the low power processor receives sensor data output by the sensor and transmits the sensor data to the processor.
S1302: the processor prevents access to the sensor data by at least one software program run by the processor during execution of the password entry by the user. Wherein the power consumption of the processor is higher than the power consumption of the low power consuming processor.
It should be noted that the data processing method shown in fig. 13 can be regarded as a method executed by the aforementioned data processing apparatus, and the implementation manner not described in detail in the data processing method shown in fig. 13 can be referred to the relevant description in the aforementioned data processing apparatus.
It will be apparent to those skilled in the art that various changes and modifications may be made in the embodiments of the present application without departing from the scope of the embodiments of the present application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to encompass such modifications and variations.
Claims (15)
- A data processing apparatus in password input, comprising:the low-power consumption processor is used for receiving the sensor data output by the sensor and transmitting the sensor data to the processor;the processor, coupled with the low-power processor, is configured to prevent at least one software program run by the processor from accessing the sensor data during a password entry performed by a user; wherein the power consumption of the processor is higher than the power consumption of the low power processor.
- The data processing apparatus of claim 1, wherein the at least one software program comprises an application software program.
- A data processing apparatus as claimed in claim 1 or 2, characterized in that the at least one software program belongs to non-secure software.
- A data processing apparatus as claimed in any one of claims 1 to 3, wherein the processor, when preventing access to the sensor data by at least one software program run by the processor, is specifically configured to: discarding the sensor data or replacing the sensor data with dummy data.
- The data processing apparatus of any of claims 1 to 4, further comprising: a protection unit for preventing the low power processor from continuing to receive the sensor data under control of the processor;the processor is specifically configured to control the protection unit to perform an operation of preventing the low-power processor from continuing to receive the sensor data when the processor prevents at least one software program run by the processor from accessing the sensor data.
- The data processing apparatus according to claim 5, wherein the protection unit is specifically configured to: blocking a sensor data connection between the low power processor and the sensor under control of the processor.
- The data processing device of claim 6, wherein the protection unit, when preventing the sensor data connection, is specifically configured to: disabling an interface between the sensor and the low power processor or disabling a data transfer function of the interface or disabling a data line between the sensor and the low power processor or setting the data line to a preset level.
- The data processing device of claim 6, wherein the protection unit, when preventing the sensor data connection, is specifically configured to: the sensor is disabled.
- The data processing apparatus of any of claims 1 to 8, wherein the processor is further configured to: it is determined whether the user is performing the password input.
- The data processing apparatus as claimed in claim 9, wherein the processor, when determining whether the user is performing the password input, is specifically configured to: and judging whether the user is performing the password input or not through the indication of the status flag bit.
- The data processing apparatus of claim 10, wherein the processor is further configured to: and running safety software, and setting the status flag bit when the safety software detects that the user executes the password input.
- The data processing apparatus of claim 11, wherein the security software comprises unlocking software.
- A data processing apparatus as claimed in any one of claims 1 to 12, wherein the sensor comprises one or more of: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a hall sensor.
- An electronic device comprising the data processing apparatus according to any one of claims 1 to 13 and a sensor.
- A method of data processing in password entry, comprising:the low-power-consumption processor receives sensor data output by the sensor and transmits the sensor data to the processor;the processor preventing access to the sensor data by at least one software program run by the processor during password entry by a user; wherein the power consumption of the processor is higher than the power consumption of the low power processor.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/CN2019/103118 WO2021035582A1 (en) | 2019-08-28 | 2019-08-28 | Method for processing data during password input, data processing apparatus, and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112740204A true CN112740204A (en) | 2021-04-30 |
Family
ID=74684961
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201980007039.7A Pending CN112740204A (en) | 2019-08-28 | 2019-08-28 | Data processing method, data processing device and electronic equipment in password input |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112740204A (en) |
| WO (1) | WO2021035582A1 (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150371050A1 (en) * | 2013-02-26 | 2015-12-24 | Giesecke & Devrient Gmbh | Method and end device for securely inputting access code |
| CN108347528A (en) * | 2018-01-30 | 2018-07-31 | 广东欧珀移动通信有限公司 | Electronic equipment falls based reminding method and Related product |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9898642B2 (en) * | 2013-09-09 | 2018-02-20 | Apple Inc. | Device, method, and graphical user interface for manipulating user interfaces based on fingerprint sensor inputs |
| CN106790988A (en) * | 2016-11-23 | 2017-05-31 | 惠州Tcl移动通信有限公司 | Fingerprint sensor false triggering control method and system are prevented based on mobile terminal |
| WO2018223402A1 (en) * | 2017-06-09 | 2018-12-13 | 华为技术有限公司 | Function control method and terminal |
| CN108377293B (en) * | 2018-01-31 | 2020-06-02 | Oppo广东移动通信有限公司 | Electronic device, fall control method and related product |
-
2019
- 2019-08-28 WO PCT/CN2019/103118 patent/WO2021035582A1/en active Application Filing
- 2019-08-28 CN CN201980007039.7A patent/CN112740204A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150371050A1 (en) * | 2013-02-26 | 2015-12-24 | Giesecke & Devrient Gmbh | Method and end device for securely inputting access code |
| CN108347528A (en) * | 2018-01-30 | 2018-07-31 | 广东欧珀移动通信有限公司 | Electronic equipment falls based reminding method and Related product |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2021035582A1 (en) | 2021-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10432627B2 (en) | Secure sensor data transport and processing | |
| Sun et al. | TrustOTP: Transforming smartphones into secure one-time password tokens | |
| CN108664780B (en) | Enabling various device access based on different levels of unlocking mechanisms | |
| EP3065074A1 (en) | Fingerprint authentication method and device, intelligent terminal, and computer storage medium | |
| KR101736397B1 (en) | User authorization and presence detection in isolation from interference from and control by host central processing unit and operating system | |
| US20160191512A1 (en) | Predictive user authentication | |
| EP2895982B1 (en) | Hardware-enforced access protection | |
| EP3537322A1 (en) | Media and method for setting a security state based on carried state of device | |
| EP3882800A1 (en) | Methods and apparatus to monitor permission-controlled hidden sensitive application behavior at run-time | |
| US10204218B2 (en) | Authentication management | |
| US11798327B2 (en) | Universal smart interface for electronic locks | |
| EP3162101A1 (en) | Premises-aware security and policy orchestration | |
| CN113192237B (en) | Internet of things equipment supporting TEE and REE and method for realizing communication between TEE and REE | |
| Sun et al. | Reliable and trustworthy memory acquisition on smartphones | |
| US20090271606A1 (en) | Information processing device and information processing system | |
| US10409734B1 (en) | Systems and methods for controlling auxiliary device access to computing devices based on device functionality descriptors | |
| WO2017107053A1 (en) | Isolated remotely-virtualized mobile computing environment | |
| CN112740204A (en) | Data processing method, data processing device and electronic equipment in password input | |
| US20190356655A1 (en) | Techniques of using facial recognition to authenticate kvm users at service processor | |
| CN105260678A (en) | Mobile equipment and equipment operating method | |
| KR102248132B1 (en) | Method, apparatus and program of log-in using biometric information | |
| CN115413337A (en) | Electronic device, system-on-chip and physical core allocation method | |
| US11100215B2 (en) | Management of a display of a view of an application on a screen of an electronic data entry device, corresponding method, device and computer program product | |
| KR20140075559A (en) | Method and Apparatus for operating application of data processor based on priority | |
| US20190349364A1 (en) | Techniques of using fingerprints to authenticate kvm users at service processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210430 |