WO2017084555A1 - Method for generating and installing trusted application for use in a trusted execution environment - Google Patents
Method for generating and installing trusted application for use in a trusted execution environment Download PDFInfo
- Publication number
- WO2017084555A1 WO2017084555A1 PCT/CN2016/105888 CN2016105888W WO2017084555A1 WO 2017084555 A1 WO2017084555 A1 WO 2017084555A1 CN 2016105888 W CN2016105888 W CN 2016105888W WO 2017084555 A1 WO2017084555 A1 WO 2017084555A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- trusted
- application
- target application
- execution environment
- file
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Definitions
- the trusted application management server parses and recompiles the intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file for downloading and installing by the security information interactive terminal.
- the security information interactive terminal downloads and installs the target application file in the following manner:
- the security information interaction terminal downloads and installs the target application file in the following manner: (B1) downloading the target application Before the program file, the management agent driver module in the security information interaction terminal obtains a platform type support list from a security operation platform (for example, a TEE operating system) running on the security information interaction terminal, and the platform type supports The list indicates the type of the secure operating platform and the format of the target application file it supports; (B2) querying and downloading the target application installation package from the trusted application management server according to the user instruction, and decompressing and parsing accordingly Determining, by the target application installation package, at least one target application file; (B3) determining, from the at least one target application file, a target application file supported by the secure operation platform according to the platform type support list, and Delete the remaining target application files; (B4) install the determined security operations The platform supports the target application files.
- a security operation platform for example, a TEE operating system
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Stored Programmes (AREA)
Abstract
A method for generating and installing a trusted application for use in a trusted execution environment. The method comprises: on the basis of a universal object-oriented programming language, writing application code to implement a particular application (A1); compiling said application code to generate intermediate bytecode, then transmitting said intermediate bytecode to a trusted application management server (A2); said trusted application management server parsing and recompiling said intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file, in order to provide secure information for an interactive terminal to download and install (A3). The present method has high platform applicability and scalability.
Description
本发明涉及应用生成及安装方法,更具体地,涉及用于可信执行环境的可信应用生成及安装方法。The present invention relates to application generation and installation methods, and more particularly to trusted application generation and installation methods for a trusted execution environment.
目前,随着计算机和网络应用的日益广泛以及不同领域的业务种类的日益丰富,用于安全性信息交互(即对安全性要求较高的信息交互,例如金融领域中的交易处理过程)的设备(尤其是基于移动终端的安全性信息交互设备)变得越来越重要。At present, with the increasing popularity of computers and network applications and the growing variety of services in different fields, devices for security information interaction (ie, information interaction with high security requirements, such as transaction processing in the financial field) (especially based on mobile terminal security information interaction devices) is becoming more and more important.
在现有的基于可信执行环境的技术方案中,安全性信息交互设备(例如移动终端)通常采用从可信应用管理平台上下载并安装可信应用的方式完成特定的可信应用的安装过程。In an existing trusted execution environment-based technical solution, a security information interaction device (for example, a mobile terminal) generally completes a specific trusted application installation process by downloading and installing a trusted application from a trusted application management platform. .
然而,现有的技术方案存在如下问题:由于可信应用管理平台上所存储的可信应用一般是仅针对单一硬件平台(例如ARM平台或者Intel平台)的特定格式编码的应用程序,故难于适应多平台的使用环境,从而导致低的平台适用性和扩展性。However, the existing technical solution has the following problem: since the trusted application stored on the trusted application management platform is generally an application coded only for a specific format of a single hardware platform (for example, an ARM platform or an Intel platform), it is difficult to adapt. Multi-platform use environment, resulting in low platform applicability and scalability.
因此,存在如下需求:提供具有高的平台适用性和扩展性的用于可信执行环境的可信应用生成及安装方法。Therefore, there is a need to provide a trusted application generation and installation method for a trusted execution environment with high platform suitability and scalability.
发明内容Summary of the invention
为了解决上述现有技术方案所存在的问题,本发明提出了具有高的平台适用性和扩展性的用于可信执行环境的可信应用生成及安装方法。In order to solve the problems of the above prior art solutions, the present invention proposes a trusted application generation and installation method for a trusted execution environment with high platform applicability and scalability.
本发明的目的是通过以下技术方案实现的:The object of the invention is achieved by the following technical solutions:
一种用于可信执行环境的可信应用生成及安装方法,所述用于可信执行环境的可信应用生成及安装方法包括下列步骤:A trusted application generation and installation method for a trusted execution environment, the trusted application generation and installation method for a trusted execution environment comprising the following steps:
(A1)基于通用的面向对象语言编写用于实现特定应用的应用程序代码;(A1) writing application code for implementing a specific application based on a general object-oriented language;
(A2)编译所述应用程序代码以生成中间字节码,并将所述中间字节码传
送至可信应用管理服务器;(A2) compiling the application code to generate an intermediate bytecode and passing the intermediate bytecode
Sent to the trusted application management server;
(A3)所述可信应用管理服务器解析并重编译所述中间字节码以生成并存储由至少一个目标应用程序文件组成的经压缩的应用安装包,以便供安全性信息交互终端下载并安装。(A3) The trusted application management server parses and recompiles the intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file for downloading and installing by the security information interactive terminal.
在上面所公开的方案中,优选地,所述至少一个目标应用程序文件是至少两个目标应用程序文件,并且所述至少两个目标应用程序文件中的每个的格式分别对应于至少两个不同格式的虚拟机。In the solution disclosed above, preferably, the at least one target application file is at least two target application files, and the format of each of the at least two target application files respectively corresponds to at least two Virtual machines in different formats.
在上面所公开的方案中,优选地,所述安全性信息交互终端以如下方式下载并安装目标应用程序文件:In the solution disclosed above, preferably, the security information interactive terminal downloads and installs the target application file in the following manner:
(B1)在下载目标应用程序文件之前,所述安全性信息交互终端中的管理代理驱动模块预先从运行于所述安全性信息交互终端上的安全操作平台中获取平台类型支持列表,该平台类型支持列表指示所述安全操作平台的类型以及其所支持的目标应用程序文件的格式;(B1) The management agent driver module in the security information interaction terminal acquires a platform type support list from a security operation platform running on the security information interaction terminal in advance, before downloading the target application file, the platform type The support list indicates the type of the secure operating platform and the format of the target application file it supports;
(B2)根据用户指令从所述可信应用管理服务器查询并下载目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件;(B2) querying and downloading a target application installation package from the trusted application management server according to a user instruction, and decompressing and parsing the target application installation package to obtain at least one target application file;
(B3)根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并且删除剩余的目标应用程序文件;(B3) determining, according to the platform type support list, a target application file supported by the secure operation platform from the at least one target application file, and deleting the remaining target application files;
(B4)安装所确定的该安全操作平台支持的目标应用程序文件。(B4) Install the target application files supported by the secure operating platform.
在上面所公开的方案中,优选地,所述步骤(B3)进一步包括:如果确定所述至少一个目标应用程序文件中没有一个目标应用程序文件是所述安全操作平台支持的目标应用程序文件,则继续从所述可信应用管理服务器查询相应的目标应用安装包,并且如果仍然查询不到相应的目标应用安装包,则报错。In the solution disclosed above, preferably, the step (B3) further includes: if it is determined that none of the target application files in the at least one target application file is a target application file supported by the secure operating platform, Then, the corresponding target application installation package is continuously queried from the trusted application management server, and an error is reported if the corresponding target application installation package is still not queried.
在上面所公开的方案中,可选地,所述可信应用管理服务器据用户指令从查询相应的目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件,以及随之根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并通知所述安全性信息交互终端中的管理代理驱动模块下载并安装所确定
的该安全操作平台支持的目标应用程序文件。In the solution disclosed above, optionally, the trusted application management server queries the corresponding target application installation package according to the user instruction, and then decompresses and parses the target application installation package to obtain at least one target application. a program file, and then determining, from the at least one target application file, a target application file supported by the secure operating platform according to the platform type support list, and notifying a management agent in the security information interaction terminal Driver module download and installation determined
The target application file supported by the secure operating platform.
在上面所公开的方案中,优选地,所述步骤(A3)进一步包括:所述可信应用管理服务器对所述应用安装包进行数字签名以用于所述安全性信息交互终端对其进行安全验证。In the solution disclosed above, preferably, the step (A3) further comprises: the trusted application management server digitally signing the application installation package for the security information interaction terminal to secure it verification.
在上面所公开的方案中,优选地,所述中间字节码包含至少由如下项组成的部件:头文件、常量池、类、域、方法、属性。In the solution disclosed above, preferably, the intermediate bytecode includes components consisting of at least a header file, a constant pool, a class, a field, a method, and an attribute.
在上面所公开的方案中,优选地,所述解析并重编译所述中间字节码包括:解析所述中间字节码的各个部件,并对解析出的各个部件按预定规则进行重新排序以及对各个部件的参数重新定义,其中,所述预定规则与所述不同格式的虚拟机相适配In the solution disclosed above, preferably, the parsing and recompiling the intermediate bytecode comprises: parsing each component of the intermediate bytecode, and reordering the parsed components according to a predetermined rule and Redefined the parameters of the various components, wherein the predetermined rules are adapted to the virtual machines of the different formats
本发明所公开的用于可信执行环境的可信应用生成及安装方法具有下列优点:由于能够将中间字节码转换成多个目标应用程序文件,故显著地提高了目标应用程序的平台适用性和扩展性。The trusted application generation and installation method for the trusted execution environment disclosed by the present invention has the following advantages: since the intermediate bytecode can be converted into multiple target application files, the platform application of the target application is significantly improved. Sex and extensibility.
结合附图,本发明的技术特征以及优点将会被本领域技术人员更好地理解,其中:The technical features and advantages of the present invention will be better understood by those skilled in the art, in which:
图1是根据本发明的实施例的用于可信执行环境的可信应用生成及安装方法的流程图。1 is a flow diagram of a trusted application generation and installation method for a trusted execution environment, in accordance with an embodiment of the present invention.
图1是根据本发明的实施例的用于可信执行环境的可信应用生成及安装方法的流程图。如图1所示,本发明所公开的用于可信执行环境的可信应用生成及安装方法包括下列步骤:(A1)基于通用的面向对象语言(例如类java语言)编写用于实现特定应用的应用程序代码;(A2)编译所述应用程序代码以生成中间字节码,并将所述中间字节码传送至可信应用管理服务器;(A3)所述可信应用管理服务器解析并重编译所述中间字节码以生成并存储由至少一个目标应用程序文件组成的经压缩的应用安装包,以便供安全性信息交互终端(例如智能手机)下载并安装。
1 is a flow diagram of a trusted application generation and installation method for a trusted execution environment, in accordance with an embodiment of the present invention. As shown in FIG. 1, the trusted application generation and installation method for a trusted execution environment disclosed by the present invention comprises the following steps: (A1) writing a specific application based on a general-purpose object-oriented language (for example, a Java-like language) Application code; (A2) compiling the application code to generate an intermediate bytecode, and transmitting the intermediate bytecode to a trusted application management server; (A3) the trusted application management server parsing and recompiling The intermediate bytecode generates and stores a compressed application installation package consisting of at least one target application file for downloading and installing by a security information interactive terminal (eg, a smart phone).
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述至少一个目标应用程序文件是至少两个目标应用程序文件,并且所述至少两个目标应用程序文件中的每个的格式分别对应于至少两个不同格式的虚拟机(例如用于Android操作***的java虚拟机、NEF虚拟机、Dalvik虚拟机、JEFF虚拟机等等)。Preferably, in the trusted application generation and installation method for a trusted execution environment disclosed by the present invention, the at least one target application file is at least two target application files, and the at least two target applications The format of each of the program files corresponds to at least two different formats of virtual machines (eg, a java virtual machine for the Android operating system, a NEF virtual machine, a Dalvik virtual machine, a JEFF virtual machine, etc.).
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述安全性信息交互终端以如下方式下载并安装目标应用程序文件:(B1)在下载目标应用程序文件之前,所述安全性信息交互终端中的管理代理驱动模块预先从运行于所述安全性信息交互终端上的安全操作平台(例如TEE操作***)中获取平台类型支持列表,该平台类型支持列表指示所述安全操作平台的类型以及其所支持的目标应用程序文件的格式;(B2)根据用户指令从所述可信应用管理服务器查询并下载目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件;(B3)根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并且删除剩余的目标应用程序文件;(B4)安装所确定的该安全操作平台支持的目标应用程序文件。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the security information interaction terminal downloads and installs the target application file in the following manner: (B1) downloading the target application Before the program file, the management agent driver module in the security information interaction terminal obtains a platform type support list from a security operation platform (for example, a TEE operating system) running on the security information interaction terminal, and the platform type supports The list indicates the type of the secure operating platform and the format of the target application file it supports; (B2) querying and downloading the target application installation package from the trusted application management server according to the user instruction, and decompressing and parsing accordingly Determining, by the target application installation package, at least one target application file; (B3) determining, from the at least one target application file, a target application file supported by the secure operation platform according to the platform type support list, and Delete the remaining target application files; (B4) install the determined security operations The platform supports the target application files.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述步骤(B3)进一步包括:如果确定所述至少一个目标应用程序文件中没有一个目标应用程序文件是所述安全操作平台支持的目标应用程序文件,则继续从所述可信应用管理服务器查询相应的目标应用安装包,并且如果仍然查询不到相应的目标应用安装包,则报错。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed in the present invention, the step (B3) further includes: if it is determined that the target application is not in the at least one target application file The file is the target application file supported by the secure operating platform, and then continues to query the corresponding target application installation package from the trusted application management server, and reports an error if the corresponding target application installation package is still not queried.
可选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述可信应用管理服务器据用户指令从查询相应的目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件,以及随之根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并通知所述安全性信息交互终端中的管理代理驱动模块下载并安装所确定的该安全操作平台支持的目标应用程序文件。Optionally, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the trusted application management server reads the package from the corresponding target application according to the user instruction, and decompresses accordingly And parsing the target application installation package to obtain at least one target application file, and then determining a target application file supported by the secure operation platform from the at least one target application file according to the platform type support list And notifying the management agent driver module in the security information interaction terminal to download and install the determined target application file supported by the security operation platform.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法
中,所述步骤(A3)进一步包括:所述可信应用管理服务器对所述应用安装包进行数字签名以用于所述安全性信息交互终端对其进行安全验证。Preferably, the trusted application generation and installation method for the trusted execution environment disclosed in the present invention
The step (A3) further includes: the trusted application management server digitally signing the application installation package for security verification by the security information interaction terminal.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述中间字节码包含至少由如下项组成的部件:头文件、常量池、类、域、方法、属性。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the intermediate bytecode includes components consisting of at least: a header file, a constant pool, a class, a domain, Method, attribute.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述解析并重编译所述中间字节码包括:解析所述中间字节码的各个部件,并对解析出的各个部件按预定规则进行重新排序以及对各个部件的参数重新定义,其中,所述预定规则与所述不同格式的虚拟机相适配。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the parsing and recompiling the intermediate bytecode comprises: parsing each component of the intermediate bytecode, and The parsed components are reordered according to predetermined rules and the parameters of the respective components are redefined, wherein the predetermined rules are adapted to the virtual machines of the different formats.
由上可见,本发明所公开的用于可信执行环境的可信应用生成及安装方法具有下列优点:由于能够将中间字节码转换成多个目标应用程序文件,故显著地提高了目标应用程序的平台适用性和扩展性。It can be seen from the above that the trusted application generation and installation method for the trusted execution environment disclosed by the present invention has the following advantages: the target application can be significantly improved by converting the intermediate bytecode into multiple target application files. Platform applicability and extensibility of the program.
尽管本发明是通过上述的优选实施方式进行描述的,但是其实现形式并不局限于上述的实施方式。应该认识到:在不脱离本发明主旨和范围的情况下,本领域技术人员可以对本发明做出不同的变化和修改。
Although the invention has been described in terms of the preferred embodiments described above, the implementation forms are not limited to the embodiments described above. It will be appreciated that various changes and modifications can be made in the present invention without departing from the spirit and scope of the invention.
Claims (8)
- 一种用于可信执行环境的可信应用生成及安装方法,所述用于可信执行环境的可信应用生成及安装方法包括下列步骤:A trusted application generation and installation method for a trusted execution environment, the trusted application generation and installation method for a trusted execution environment comprising the following steps:(A1)基于通用的面向对象语言编写用于实现特定应用的应用程序代码;(A1) writing application code for implementing a specific application based on a general object-oriented language;(A2)编译所述应用程序代码以生成中间字节码,并将所述中间字节码传送至可信应用管理服务器;(A2) compiling the application code to generate an intermediate bytecode, and transmitting the intermediate bytecode to a trusted application management server;(A3)所述可信应用管理服务器解析并重编译所述中间字节码以生成并存储由至少一个目标应用程序文件组成的经压缩的应用安装包,以便供安全性信息交互终端下载并安装。(A3) The trusted application management server parses and recompiles the intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file for downloading and installing by the security information interactive terminal.
- 根据权利要求1所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述至少一个目标应用程序文件是至少两个目标应用程序文件,并且所述至少两个目标应用程序文件中的每个的格式分别对应于至少两个不同格式的虚拟机。The trusted application generation and installation method for a trusted execution environment according to claim 1, wherein the at least one target application file is at least two target application files, and the at least two targets The format of each of the application files corresponds to at least two virtual machines of different formats.
- 根据权利要求2所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述安全性信息交互终端以如下方式下载并安装目标应用程序文件:The trusted application generation and installation method for a trusted execution environment according to claim 2, wherein the security information interaction terminal downloads and installs the target application file in the following manner:(B1)在下载目标应用程序文件之前,所述安全性信息交互终端中的管理代理驱动模块预先从运行于所述安全性信息交互终端上的安全操作平台中获取平台类型支持列表,该平台类型支持列表指示所述安全操作平台的类型以及其所支持的目标应用程序文件的格式;(B1) The management agent driver module in the security information interaction terminal acquires a platform type support list from a security operation platform running on the security information interaction terminal in advance, before downloading the target application file, the platform type The support list indicates the type of the secure operating platform and the format of the target application file it supports;(B2)根据用户指令从所述可信应用管理服务器查询并下载目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件;(B2) querying and downloading a target application installation package from the trusted application management server according to a user instruction, and decompressing and parsing the target application installation package to obtain at least one target application file;(B3)根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并且删除剩余的目标应用程序文件;(B3) determining, according to the platform type support list, a target application file supported by the secure operation platform from the at least one target application file, and deleting the remaining target application files;(B4)安装所确定的该安全操作平台支持的目标应用程序文件。(B4) Install the target application files supported by the secure operating platform.
- 根据权利要求3所述的用于可信执行环境的可信应用生成及安装方法, 其特征在于,所述步骤(B3)进一步包括:如果确定所述至少一个目标应用程序文件中没有一个目标应用程序文件是所述安全操作平台支持的目标应用程序文件,则继续从所述可信应用管理服务器查询相应的目标应用安装包,并且如果仍然查询不到相应的目标应用安装包,则报错。A trusted application generation and installation method for a trusted execution environment according to claim 3, The step (B3) further includes: if it is determined that none of the at least one target application file is a target application file supported by the secure operating platform, proceeding from the trusted The application management server queries the corresponding target application installation package, and reports an error if the corresponding target application installation package is still not queried.
- 根据权利要求2所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述可信应用管理服务器据用户指令从查询相应的目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件,以及随之根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并通知所述安全性信息交互终端中的管理代理驱动模块下载并安装所确定的该安全操作平台支持的目标应用程序文件。The method for generating and installing a trusted application for a trusted execution environment according to claim 2, wherein the trusted application management server queries the corresponding target application installation package according to a user instruction, and decompresses it accordingly And parsing the target application installation package to obtain at least one target application file, and then determining a target application file supported by the secure operation platform from the at least one target application file according to the platform type support list And notifying the management agent driver module in the security information interaction terminal to download and install the determined target application file supported by the security operation platform.
- 根据权利要求4所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述步骤(A3)进一步包括:所述可信应用管理服务器对所述应用安装包进行数字签名以用于所述安全性信息交互终端对其进行安全验证。The method for generating and installing a trusted application for a trusted execution environment according to claim 4, wherein the step (A3) further comprises: the trusted application management server digitizing the application installation package The signature is used for security verification by the security information interactive terminal.
- 根据权利要求6所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述中间字节码包含至少由如下项组成的部件:头文件、常量池、类、域、方法、属性。The trusted application generation and installation method for a trusted execution environment according to claim 6, wherein the intermediate bytecode comprises a component consisting of at least: a header file, a constant pool, a class, a domain. , methods, properties.
- 根据权利要求7所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述解析并重编译所述中间字节码包括:解析所述中间字节码的各个部件,并对解析出的各个部件按预定规则进行重新排序以及对各个部件的参数重新定义,其中,所述预定规则与所述不同格式的虚拟机相适配。 The trusted application generation and installation method for a trusted execution environment according to claim 7, wherein the parsing and recompiling the intermediate bytecode comprises: parsing each component of the intermediate bytecode, The parsed components are reordered according to predetermined rules and the parameters of the respective components are redefined, wherein the predetermined rules are adapted to the virtual machines of the different formats.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510793197.3A CN105590051B (en) | 2015-11-18 | 2015-11-18 | Trusted application for credible performing environment generates and installation method |
CN201510793197.3 | 2015-11-18 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017084555A1 true WO2017084555A1 (en) | 2017-05-26 |
Family
ID=55929626
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/105888 WO2017084555A1 (en) | 2015-11-18 | 2016-11-15 | Method for generating and installing trusted application for use in a trusted execution environment |
Country Status (3)
Country | Link |
---|---|
CN (1) | CN105590051B (en) |
TW (1) | TWI687867B (en) |
WO (1) | WO2017084555A1 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110442422A (en) * | 2019-07-03 | 2019-11-12 | 阿里巴巴集团控股有限公司 | Active response formula is credible Python virtual machine and its method of execution |
CN112559293A (en) * | 2020-12-22 | 2021-03-26 | 上海哔哩哔哩科技有限公司 | Application package monitoring method and device |
CN112596751A (en) * | 2020-12-29 | 2021-04-02 | Oppo广东移动通信有限公司 | Compiling method, terminal, server and storage medium of application program installation package |
US20210132925A1 (en) * | 2019-10-30 | 2021-05-06 | Red Hat, Inc. | Software provisioning agent residing in trusted execution environment |
CN113010187A (en) * | 2021-02-07 | 2021-06-22 | 上海硬通网络科技有限公司 | Application installation method and device and electronic equipment |
CN114051061A (en) * | 2021-11-09 | 2022-02-15 | 武汉虹旭信息技术有限责任公司 | Internet application protocol analysis method and system |
US11886574B2 (en) | 2019-11-26 | 2024-01-30 | Red Hat, Inc. | Using a trusted execution environment for a cryptographic key wrapping scheme that verifies remote device capabilities |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105590051B (en) * | 2015-11-18 | 2018-10-23 | ***股份有限公司 | Trusted application for credible performing environment generates and installation method |
CN107995230B (en) * | 2016-10-26 | 2019-10-18 | ***通信有限公司研究院 | A kind of method for down loading and terminal |
CN108282466B (en) * | 2017-12-29 | 2021-02-02 | 北京握奇智能科技有限公司 | Method, system for providing digital certificate functionality in a TEE |
CN108563953B (en) * | 2018-03-26 | 2021-12-21 | 南京微可信信息技术有限公司 | Safe and extensible trusted application development method |
CN109308406B (en) * | 2018-07-09 | 2021-10-22 | ***股份有限公司 | User terminal and trusted application management system |
CN115136127A (en) * | 2020-03-19 | 2022-09-30 | 深圳市欢太科技有限公司 | Distributed compiling and caching method and system |
CN116032510A (en) * | 2021-10-27 | 2023-04-28 | 北京字节跳动网络技术有限公司 | Data security protection system |
CN114036524A (en) * | 2021-10-29 | 2022-02-11 | ***股份有限公司 | Electronic equipment |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030005425A1 (en) * | 2001-06-27 | 2003-01-02 | Zee Dae Hoon | Java compile-on-demand service system for accelerating processing speed of java program in data processing system and method thereof |
CN101645018A (en) * | 2009-09-03 | 2010-02-10 | 深圳市茁壮网络股份有限公司 | Method and system for processing byte codes in multiple versions and virtual machine |
CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
CN102289378A (en) * | 2011-09-30 | 2011-12-21 | 互动在线(北京)科技有限公司 | Method for automatically generating APP (Application) |
CN103701930A (en) * | 2014-01-07 | 2014-04-02 | 浙江大学 | Mobile application program real-time updating method and system |
US20140108600A1 (en) * | 2010-12-06 | 2014-04-17 | Flexycore | Application distribution supplying a dedicated application to a terminal from an application deposited by the developer |
CN104484585A (en) * | 2014-11-26 | 2015-04-01 | 北京奇虎科技有限公司 | Application program installation package processing method and device, and mobile apparatus |
CN105590051A (en) * | 2015-11-18 | 2016-05-18 | ***股份有限公司 | Trusted application generation and installation method used for trusted execution environment |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8468594B2 (en) * | 2007-02-13 | 2013-06-18 | Cyber-Ark Software Ltd | Methods and systems for solving problems with hard-coded credentials |
CN102799444B (en) * | 2011-05-27 | 2016-06-08 | 华为软件技术有限公司 | The method of cross-platform packing program and device |
CN102289374B (en) * | 2011-08-31 | 2017-06-30 | 南京中兴新软件有限责任公司 | A kind of method and device for building multi-platform software running environment |
CN104346146B (en) * | 2013-07-29 | 2016-05-04 | 腾讯科技(深圳)有限公司 | A kind of method of cross-platform transformation applications code and device |
CN103744652B (en) * | 2013-12-19 | 2017-02-08 | 深圳市蓝凌软件股份有限公司 | Hybrid APP development method and device across mobile terminals |
-
2015
- 2015-11-18 CN CN201510793197.3A patent/CN105590051B/en active Active
-
2016
- 2016-11-15 WO PCT/CN2016/105888 patent/WO2017084555A1/en active Application Filing
- 2016-11-16 TW TW105137496A patent/TWI687867B/en active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030005425A1 (en) * | 2001-06-27 | 2003-01-02 | Zee Dae Hoon | Java compile-on-demand service system for accelerating processing speed of java program in data processing system and method thereof |
CN101645018A (en) * | 2009-09-03 | 2010-02-10 | 深圳市茁壮网络股份有限公司 | Method and system for processing byte codes in multiple versions and virtual machine |
US20140108600A1 (en) * | 2010-12-06 | 2014-04-17 | Flexycore | Application distribution supplying a dedicated application to a terminal from an application deposited by the developer |
CN102236757A (en) * | 2011-06-30 | 2011-11-09 | 北京邮电大学 | Software protection method and system applicable to Android system |
CN102289378A (en) * | 2011-09-30 | 2011-12-21 | 互动在线(北京)科技有限公司 | Method for automatically generating APP (Application) |
CN103701930A (en) * | 2014-01-07 | 2014-04-02 | 浙江大学 | Mobile application program real-time updating method and system |
CN104484585A (en) * | 2014-11-26 | 2015-04-01 | 北京奇虎科技有限公司 | Application program installation package processing method and device, and mobile apparatus |
CN105590051A (en) * | 2015-11-18 | 2016-05-18 | ***股份有限公司 | Trusted application generation and installation method used for trusted execution environment |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110442422A (en) * | 2019-07-03 | 2019-11-12 | 阿里巴巴集团控股有限公司 | Active response formula is credible Python virtual machine and its method of execution |
CN110442422B (en) * | 2019-07-03 | 2023-01-31 | 创新先进技术有限公司 | Active response type trusted Python virtual machine and execution method thereof |
US20210132925A1 (en) * | 2019-10-30 | 2021-05-06 | Red Hat, Inc. | Software provisioning agent residing in trusted execution environment |
US11886574B2 (en) | 2019-11-26 | 2024-01-30 | Red Hat, Inc. | Using a trusted execution environment for a cryptographic key wrapping scheme that verifies remote device capabilities |
CN112559293A (en) * | 2020-12-22 | 2021-03-26 | 上海哔哩哔哩科技有限公司 | Application package monitoring method and device |
CN112596751A (en) * | 2020-12-29 | 2021-04-02 | Oppo广东移动通信有限公司 | Compiling method, terminal, server and storage medium of application program installation package |
CN112596751B (en) * | 2020-12-29 | 2024-05-17 | Oppo广东移动通信有限公司 | Compiling method, terminal, server and storage medium of application program installation package |
CN113010187A (en) * | 2021-02-07 | 2021-06-22 | 上海硬通网络科技有限公司 | Application installation method and device and electronic equipment |
CN113010187B (en) * | 2021-02-07 | 2024-04-05 | 上海硬通网络科技有限公司 | Application installation method and device and electronic equipment |
CN114051061A (en) * | 2021-11-09 | 2022-02-15 | 武汉虹旭信息技术有限责任公司 | Internet application protocol analysis method and system |
Also Published As
Publication number | Publication date |
---|---|
CN105590051B (en) | 2018-10-23 |
CN105590051A (en) | 2016-05-18 |
TW201729089A (en) | 2017-08-16 |
TWI687867B (en) | 2020-03-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017084555A1 (en) | Method for generating and installing trusted application for use in a trusted execution environment | |
WO2017084266A1 (en) | Method and device for customizing multi-channel installation package | |
TWI712956B (en) | Method and device for updating mobile terminal application program | |
CN108805701B (en) | Multi-blockchain cross-chain transaction processing system and method, blockchain system and storage medium | |
US8645942B2 (en) | Software update syndication | |
US20140007074A1 (en) | Methods for updating applications | |
US20150378714A1 (en) | Providing Context-Specific Software Updates to Client Applications | |
KR20180137554A (en) | PATCH UPGRADE BASED FILE PROCESSING METHOD AND DEVICE, TERMINAL, | |
WO2017080366A1 (en) | Method and apparatus for recognising camouflage download link | |
US10127037B2 (en) | Method for recognizing application type | |
WO2012034440A1 (en) | Method and device for generating database upgrading script | |
CN104714827A (en) | Plug-in update method and device | |
US9063760B2 (en) | Employing native routines instead of emulated routines in an application being emulated | |
CN111459511B (en) | Application program downloading method and device and electronic equipment | |
CN110058864A (en) | The dispositions method and device of micro services | |
CN106657361B (en) | A kind of Android installation kit OTA upgrade method that code addition is obscured | |
JP7506266B2 (en) | Blockchain-based data processing method and device | |
CN111209001A (en) | Method, system, equipment and medium for batch generation of APKs of android channels | |
CN113986256A (en) | Method and device for issuing application program, electronic equipment and storage medium | |
CN110532016B (en) | Version management method, version updating method and version management system | |
CN112769706A (en) | Componentized routing method and system | |
CN102156650B (en) | Method and device capable of implementing automatic analysis of patch | |
CN111176685A (en) | Upgrading method and device | |
CN111782239B (en) | Method, device and storage medium for software packaging and source code version information acquisition | |
KR102141749B1 (en) | APP program execution method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16865732 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16865732 Country of ref document: EP Kind code of ref document: A1 |