WO2017084555A1 - Method for generating and installing trusted application for use in a trusted execution environment - Google Patents

Method for generating and installing trusted application for use in a trusted execution environment Download PDF

Info

Publication number
WO2017084555A1
WO2017084555A1 PCT/CN2016/105888 CN2016105888W WO2017084555A1 WO 2017084555 A1 WO2017084555 A1 WO 2017084555A1 CN 2016105888 W CN2016105888 W CN 2016105888W WO 2017084555 A1 WO2017084555 A1 WO 2017084555A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted
application
target application
execution environment
file
Prior art date
Application number
PCT/CN2016/105888
Other languages
French (fr)
Chinese (zh)
Inventor
李定洲
周钰
Original Assignee
***股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ***股份有限公司 filed Critical ***股份有限公司
Publication of WO2017084555A1 publication Critical patent/WO2017084555A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Definitions

  • the trusted application management server parses and recompiles the intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file for downloading and installing by the security information interactive terminal.
  • the security information interactive terminal downloads and installs the target application file in the following manner:
  • the security information interaction terminal downloads and installs the target application file in the following manner: (B1) downloading the target application Before the program file, the management agent driver module in the security information interaction terminal obtains a platform type support list from a security operation platform (for example, a TEE operating system) running on the security information interaction terminal, and the platform type supports The list indicates the type of the secure operating platform and the format of the target application file it supports; (B2) querying and downloading the target application installation package from the trusted application management server according to the user instruction, and decompressing and parsing accordingly Determining, by the target application installation package, at least one target application file; (B3) determining, from the at least one target application file, a target application file supported by the secure operation platform according to the platform type support list, and Delete the remaining target application files; (B4) install the determined security operations The platform supports the target application files.
  • a security operation platform for example, a TEE operating system

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

A method for generating and installing a trusted application for use in a trusted execution environment. The method comprises: on the basis of a universal object-oriented programming language, writing application code to implement a particular application (A1); compiling said application code to generate intermediate bytecode, then transmitting said intermediate bytecode to a trusted application management server (A2); said trusted application management server parsing and recompiling said intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file, in order to provide secure information for an interactive terminal to download and install (A3). The present method has high platform applicability and scalability.

Description

用于可信执行环境的可信应用生成及安装方法Trusted application generation and installation method for trusted execution environment 技术领域Technical field
本发明涉及应用生成及安装方法,更具体地,涉及用于可信执行环境的可信应用生成及安装方法。The present invention relates to application generation and installation methods, and more particularly to trusted application generation and installation methods for a trusted execution environment.
背景技术Background technique
目前,随着计算机和网络应用的日益广泛以及不同领域的业务种类的日益丰富,用于安全性信息交互(即对安全性要求较高的信息交互,例如金融领域中的交易处理过程)的设备(尤其是基于移动终端的安全性信息交互设备)变得越来越重要。At present, with the increasing popularity of computers and network applications and the growing variety of services in different fields, devices for security information interaction (ie, information interaction with high security requirements, such as transaction processing in the financial field) (especially based on mobile terminal security information interaction devices) is becoming more and more important.
在现有的基于可信执行环境的技术方案中,安全性信息交互设备(例如移动终端)通常采用从可信应用管理平台上下载并安装可信应用的方式完成特定的可信应用的安装过程。In an existing trusted execution environment-based technical solution, a security information interaction device (for example, a mobile terminal) generally completes a specific trusted application installation process by downloading and installing a trusted application from a trusted application management platform. .
然而,现有的技术方案存在如下问题:由于可信应用管理平台上所存储的可信应用一般是仅针对单一硬件平台(例如ARM平台或者Intel平台)的特定格式编码的应用程序,故难于适应多平台的使用环境,从而导致低的平台适用性和扩展性。However, the existing technical solution has the following problem: since the trusted application stored on the trusted application management platform is generally an application coded only for a specific format of a single hardware platform (for example, an ARM platform or an Intel platform), it is difficult to adapt. Multi-platform use environment, resulting in low platform applicability and scalability.
因此,存在如下需求:提供具有高的平台适用性和扩展性的用于可信执行环境的可信应用生成及安装方法。Therefore, there is a need to provide a trusted application generation and installation method for a trusted execution environment with high platform suitability and scalability.
发明内容Summary of the invention
为了解决上述现有技术方案所存在的问题,本发明提出了具有高的平台适用性和扩展性的用于可信执行环境的可信应用生成及安装方法。In order to solve the problems of the above prior art solutions, the present invention proposes a trusted application generation and installation method for a trusted execution environment with high platform applicability and scalability.
本发明的目的是通过以下技术方案实现的:The object of the invention is achieved by the following technical solutions:
一种用于可信执行环境的可信应用生成及安装方法,所述用于可信执行环境的可信应用生成及安装方法包括下列步骤:A trusted application generation and installation method for a trusted execution environment, the trusted application generation and installation method for a trusted execution environment comprising the following steps:
(A1)基于通用的面向对象语言编写用于实现特定应用的应用程序代码;(A1) writing application code for implementing a specific application based on a general object-oriented language;
(A2)编译所述应用程序代码以生成中间字节码,并将所述中间字节码传 送至可信应用管理服务器;(A2) compiling the application code to generate an intermediate bytecode and passing the intermediate bytecode Sent to the trusted application management server;
(A3)所述可信应用管理服务器解析并重编译所述中间字节码以生成并存储由至少一个目标应用程序文件组成的经压缩的应用安装包,以便供安全性信息交互终端下载并安装。(A3) The trusted application management server parses and recompiles the intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file for downloading and installing by the security information interactive terminal.
在上面所公开的方案中,优选地,所述至少一个目标应用程序文件是至少两个目标应用程序文件,并且所述至少两个目标应用程序文件中的每个的格式分别对应于至少两个不同格式的虚拟机。In the solution disclosed above, preferably, the at least one target application file is at least two target application files, and the format of each of the at least two target application files respectively corresponds to at least two Virtual machines in different formats.
在上面所公开的方案中,优选地,所述安全性信息交互终端以如下方式下载并安装目标应用程序文件:In the solution disclosed above, preferably, the security information interactive terminal downloads and installs the target application file in the following manner:
(B1)在下载目标应用程序文件之前,所述安全性信息交互终端中的管理代理驱动模块预先从运行于所述安全性信息交互终端上的安全操作平台中获取平台类型支持列表,该平台类型支持列表指示所述安全操作平台的类型以及其所支持的目标应用程序文件的格式;(B1) The management agent driver module in the security information interaction terminal acquires a platform type support list from a security operation platform running on the security information interaction terminal in advance, before downloading the target application file, the platform type The support list indicates the type of the secure operating platform and the format of the target application file it supports;
(B2)根据用户指令从所述可信应用管理服务器查询并下载目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件;(B2) querying and downloading a target application installation package from the trusted application management server according to a user instruction, and decompressing and parsing the target application installation package to obtain at least one target application file;
(B3)根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并且删除剩余的目标应用程序文件;(B3) determining, according to the platform type support list, a target application file supported by the secure operation platform from the at least one target application file, and deleting the remaining target application files;
(B4)安装所确定的该安全操作平台支持的目标应用程序文件。(B4) Install the target application files supported by the secure operating platform.
在上面所公开的方案中,优选地,所述步骤(B3)进一步包括:如果确定所述至少一个目标应用程序文件中没有一个目标应用程序文件是所述安全操作平台支持的目标应用程序文件,则继续从所述可信应用管理服务器查询相应的目标应用安装包,并且如果仍然查询不到相应的目标应用安装包,则报错。In the solution disclosed above, preferably, the step (B3) further includes: if it is determined that none of the target application files in the at least one target application file is a target application file supported by the secure operating platform, Then, the corresponding target application installation package is continuously queried from the trusted application management server, and an error is reported if the corresponding target application installation package is still not queried.
在上面所公开的方案中,可选地,所述可信应用管理服务器据用户指令从查询相应的目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件,以及随之根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并通知所述安全性信息交互终端中的管理代理驱动模块下载并安装所确定 的该安全操作平台支持的目标应用程序文件。In the solution disclosed above, optionally, the trusted application management server queries the corresponding target application installation package according to the user instruction, and then decompresses and parses the target application installation package to obtain at least one target application. a program file, and then determining, from the at least one target application file, a target application file supported by the secure operating platform according to the platform type support list, and notifying a management agent in the security information interaction terminal Driver module download and installation determined The target application file supported by the secure operating platform.
在上面所公开的方案中,优选地,所述步骤(A3)进一步包括:所述可信应用管理服务器对所述应用安装包进行数字签名以用于所述安全性信息交互终端对其进行安全验证。In the solution disclosed above, preferably, the step (A3) further comprises: the trusted application management server digitally signing the application installation package for the security information interaction terminal to secure it verification.
在上面所公开的方案中,优选地,所述中间字节码包含至少由如下项组成的部件:头文件、常量池、类、域、方法、属性。In the solution disclosed above, preferably, the intermediate bytecode includes components consisting of at least a header file, a constant pool, a class, a field, a method, and an attribute.
在上面所公开的方案中,优选地,所述解析并重编译所述中间字节码包括:解析所述中间字节码的各个部件,并对解析出的各个部件按预定规则进行重新排序以及对各个部件的参数重新定义,其中,所述预定规则与所述不同格式的虚拟机相适配In the solution disclosed above, preferably, the parsing and recompiling the intermediate bytecode comprises: parsing each component of the intermediate bytecode, and reordering the parsed components according to a predetermined rule and Redefined the parameters of the various components, wherein the predetermined rules are adapted to the virtual machines of the different formats
本发明所公开的用于可信执行环境的可信应用生成及安装方法具有下列优点:由于能够将中间字节码转换成多个目标应用程序文件,故显著地提高了目标应用程序的平台适用性和扩展性。The trusted application generation and installation method for the trusted execution environment disclosed by the present invention has the following advantages: since the intermediate bytecode can be converted into multiple target application files, the platform application of the target application is significantly improved. Sex and extensibility.
附图说明DRAWINGS
结合附图,本发明的技术特征以及优点将会被本领域技术人员更好地理解,其中:The technical features and advantages of the present invention will be better understood by those skilled in the art, in which:
图1是根据本发明的实施例的用于可信执行环境的可信应用生成及安装方法的流程图。1 is a flow diagram of a trusted application generation and installation method for a trusted execution environment, in accordance with an embodiment of the present invention.
具体实施方式detailed description
图1是根据本发明的实施例的用于可信执行环境的可信应用生成及安装方法的流程图。如图1所示,本发明所公开的用于可信执行环境的可信应用生成及安装方法包括下列步骤:(A1)基于通用的面向对象语言(例如类java语言)编写用于实现特定应用的应用程序代码;(A2)编译所述应用程序代码以生成中间字节码,并将所述中间字节码传送至可信应用管理服务器;(A3)所述可信应用管理服务器解析并重编译所述中间字节码以生成并存储由至少一个目标应用程序文件组成的经压缩的应用安装包,以便供安全性信息交互终端(例如智能手机)下载并安装。 1 is a flow diagram of a trusted application generation and installation method for a trusted execution environment, in accordance with an embodiment of the present invention. As shown in FIG. 1, the trusted application generation and installation method for a trusted execution environment disclosed by the present invention comprises the following steps: (A1) writing a specific application based on a general-purpose object-oriented language (for example, a Java-like language) Application code; (A2) compiling the application code to generate an intermediate bytecode, and transmitting the intermediate bytecode to a trusted application management server; (A3) the trusted application management server parsing and recompiling The intermediate bytecode generates and stores a compressed application installation package consisting of at least one target application file for downloading and installing by a security information interactive terminal (eg, a smart phone).
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述至少一个目标应用程序文件是至少两个目标应用程序文件,并且所述至少两个目标应用程序文件中的每个的格式分别对应于至少两个不同格式的虚拟机(例如用于Android操作***的java虚拟机、NEF虚拟机、Dalvik虚拟机、JEFF虚拟机等等)。Preferably, in the trusted application generation and installation method for a trusted execution environment disclosed by the present invention, the at least one target application file is at least two target application files, and the at least two target applications The format of each of the program files corresponds to at least two different formats of virtual machines (eg, a java virtual machine for the Android operating system, a NEF virtual machine, a Dalvik virtual machine, a JEFF virtual machine, etc.).
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述安全性信息交互终端以如下方式下载并安装目标应用程序文件:(B1)在下载目标应用程序文件之前,所述安全性信息交互终端中的管理代理驱动模块预先从运行于所述安全性信息交互终端上的安全操作平台(例如TEE操作***)中获取平台类型支持列表,该平台类型支持列表指示所述安全操作平台的类型以及其所支持的目标应用程序文件的格式;(B2)根据用户指令从所述可信应用管理服务器查询并下载目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件;(B3)根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并且删除剩余的目标应用程序文件;(B4)安装所确定的该安全操作平台支持的目标应用程序文件。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the security information interaction terminal downloads and installs the target application file in the following manner: (B1) downloading the target application Before the program file, the management agent driver module in the security information interaction terminal obtains a platform type support list from a security operation platform (for example, a TEE operating system) running on the security information interaction terminal, and the platform type supports The list indicates the type of the secure operating platform and the format of the target application file it supports; (B2) querying and downloading the target application installation package from the trusted application management server according to the user instruction, and decompressing and parsing accordingly Determining, by the target application installation package, at least one target application file; (B3) determining, from the at least one target application file, a target application file supported by the secure operation platform according to the platform type support list, and Delete the remaining target application files; (B4) install the determined security operations The platform supports the target application files.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述步骤(B3)进一步包括:如果确定所述至少一个目标应用程序文件中没有一个目标应用程序文件是所述安全操作平台支持的目标应用程序文件,则继续从所述可信应用管理服务器查询相应的目标应用安装包,并且如果仍然查询不到相应的目标应用安装包,则报错。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed in the present invention, the step (B3) further includes: if it is determined that the target application is not in the at least one target application file The file is the target application file supported by the secure operating platform, and then continues to query the corresponding target application installation package from the trusted application management server, and reports an error if the corresponding target application installation package is still not queried.
可选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述可信应用管理服务器据用户指令从查询相应的目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件,以及随之根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并通知所述安全性信息交互终端中的管理代理驱动模块下载并安装所确定的该安全操作平台支持的目标应用程序文件。Optionally, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the trusted application management server reads the package from the corresponding target application according to the user instruction, and decompresses accordingly And parsing the target application installation package to obtain at least one target application file, and then determining a target application file supported by the secure operation platform from the at least one target application file according to the platform type support list And notifying the management agent driver module in the security information interaction terminal to download and install the determined target application file supported by the security operation platform.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法 中,所述步骤(A3)进一步包括:所述可信应用管理服务器对所述应用安装包进行数字签名以用于所述安全性信息交互终端对其进行安全验证。Preferably, the trusted application generation and installation method for the trusted execution environment disclosed in the present invention The step (A3) further includes: the trusted application management server digitally signing the application installation package for security verification by the security information interaction terminal.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述中间字节码包含至少由如下项组成的部件:头文件、常量池、类、域、方法、属性。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the intermediate bytecode includes components consisting of at least: a header file, a constant pool, a class, a domain, Method, attribute.
优选地,在本发明所公开的用于可信执行环境的可信应用生成及安装方法中,所述解析并重编译所述中间字节码包括:解析所述中间字节码的各个部件,并对解析出的各个部件按预定规则进行重新排序以及对各个部件的参数重新定义,其中,所述预定规则与所述不同格式的虚拟机相适配。Preferably, in the trusted application generation and installation method for the trusted execution environment disclosed by the present invention, the parsing and recompiling the intermediate bytecode comprises: parsing each component of the intermediate bytecode, and The parsed components are reordered according to predetermined rules and the parameters of the respective components are redefined, wherein the predetermined rules are adapted to the virtual machines of the different formats.
由上可见,本发明所公开的用于可信执行环境的可信应用生成及安装方法具有下列优点:由于能够将中间字节码转换成多个目标应用程序文件,故显著地提高了目标应用程序的平台适用性和扩展性。It can be seen from the above that the trusted application generation and installation method for the trusted execution environment disclosed by the present invention has the following advantages: the target application can be significantly improved by converting the intermediate bytecode into multiple target application files. Platform applicability and extensibility of the program.
尽管本发明是通过上述的优选实施方式进行描述的,但是其实现形式并不局限于上述的实施方式。应该认识到:在不脱离本发明主旨和范围的情况下,本领域技术人员可以对本发明做出不同的变化和修改。 Although the invention has been described in terms of the preferred embodiments described above, the implementation forms are not limited to the embodiments described above. It will be appreciated that various changes and modifications can be made in the present invention without departing from the spirit and scope of the invention.

Claims (8)

  1. 一种用于可信执行环境的可信应用生成及安装方法,所述用于可信执行环境的可信应用生成及安装方法包括下列步骤:A trusted application generation and installation method for a trusted execution environment, the trusted application generation and installation method for a trusted execution environment comprising the following steps:
    (A1)基于通用的面向对象语言编写用于实现特定应用的应用程序代码;(A1) writing application code for implementing a specific application based on a general object-oriented language;
    (A2)编译所述应用程序代码以生成中间字节码,并将所述中间字节码传送至可信应用管理服务器;(A2) compiling the application code to generate an intermediate bytecode, and transmitting the intermediate bytecode to a trusted application management server;
    (A3)所述可信应用管理服务器解析并重编译所述中间字节码以生成并存储由至少一个目标应用程序文件组成的经压缩的应用安装包,以便供安全性信息交互终端下载并安装。(A3) The trusted application management server parses and recompiles the intermediate bytecode to generate and store a compressed application installation package consisting of at least one target application file for downloading and installing by the security information interactive terminal.
  2. 根据权利要求1所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述至少一个目标应用程序文件是至少两个目标应用程序文件,并且所述至少两个目标应用程序文件中的每个的格式分别对应于至少两个不同格式的虚拟机。The trusted application generation and installation method for a trusted execution environment according to claim 1, wherein the at least one target application file is at least two target application files, and the at least two targets The format of each of the application files corresponds to at least two virtual machines of different formats.
  3. 根据权利要求2所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述安全性信息交互终端以如下方式下载并安装目标应用程序文件:The trusted application generation and installation method for a trusted execution environment according to claim 2, wherein the security information interaction terminal downloads and installs the target application file in the following manner:
    (B1)在下载目标应用程序文件之前,所述安全性信息交互终端中的管理代理驱动模块预先从运行于所述安全性信息交互终端上的安全操作平台中获取平台类型支持列表,该平台类型支持列表指示所述安全操作平台的类型以及其所支持的目标应用程序文件的格式;(B1) The management agent driver module in the security information interaction terminal acquires a platform type support list from a security operation platform running on the security information interaction terminal in advance, before downloading the target application file, the platform type The support list indicates the type of the secure operating platform and the format of the target application file it supports;
    (B2)根据用户指令从所述可信应用管理服务器查询并下载目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件;(B2) querying and downloading a target application installation package from the trusted application management server according to a user instruction, and decompressing and parsing the target application installation package to obtain at least one target application file;
    (B3)根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并且删除剩余的目标应用程序文件;(B3) determining, according to the platform type support list, a target application file supported by the secure operation platform from the at least one target application file, and deleting the remaining target application files;
    (B4)安装所确定的该安全操作平台支持的目标应用程序文件。(B4) Install the target application files supported by the secure operating platform.
  4. 根据权利要求3所述的用于可信执行环境的可信应用生成及安装方法, 其特征在于,所述步骤(B3)进一步包括:如果确定所述至少一个目标应用程序文件中没有一个目标应用程序文件是所述安全操作平台支持的目标应用程序文件,则继续从所述可信应用管理服务器查询相应的目标应用安装包,并且如果仍然查询不到相应的目标应用安装包,则报错。A trusted application generation and installation method for a trusted execution environment according to claim 3, The step (B3) further includes: if it is determined that none of the at least one target application file is a target application file supported by the secure operating platform, proceeding from the trusted The application management server queries the corresponding target application installation package, and reports an error if the corresponding target application installation package is still not queried.
  5. 根据权利要求2所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述可信应用管理服务器据用户指令从查询相应的目标应用安装包,并随之解压缩并解析所述目标应用安装包以获得至少一个目标应用程序文件,以及随之根据所述平台类型支持列表从所述至少一个目标应用程序文件中确定一个所述安全操作平台支持的目标应用程序文件,并通知所述安全性信息交互终端中的管理代理驱动模块下载并安装所确定的该安全操作平台支持的目标应用程序文件。The method for generating and installing a trusted application for a trusted execution environment according to claim 2, wherein the trusted application management server queries the corresponding target application installation package according to a user instruction, and decompresses it accordingly And parsing the target application installation package to obtain at least one target application file, and then determining a target application file supported by the secure operation platform from the at least one target application file according to the platform type support list And notifying the management agent driver module in the security information interaction terminal to download and install the determined target application file supported by the security operation platform.
  6. 根据权利要求4所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述步骤(A3)进一步包括:所述可信应用管理服务器对所述应用安装包进行数字签名以用于所述安全性信息交互终端对其进行安全验证。The method for generating and installing a trusted application for a trusted execution environment according to claim 4, wherein the step (A3) further comprises: the trusted application management server digitizing the application installation package The signature is used for security verification by the security information interactive terminal.
  7. 根据权利要求6所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述中间字节码包含至少由如下项组成的部件:头文件、常量池、类、域、方法、属性。The trusted application generation and installation method for a trusted execution environment according to claim 6, wherein the intermediate bytecode comprises a component consisting of at least: a header file, a constant pool, a class, a domain. , methods, properties.
  8. 根据权利要求7所述的用于可信执行环境的可信应用生成及安装方法,其特征在于,所述解析并重编译所述中间字节码包括:解析所述中间字节码的各个部件,并对解析出的各个部件按预定规则进行重新排序以及对各个部件的参数重新定义,其中,所述预定规则与所述不同格式的虚拟机相适配。 The trusted application generation and installation method for a trusted execution environment according to claim 7, wherein the parsing and recompiling the intermediate bytecode comprises: parsing each component of the intermediate bytecode, The parsed components are reordered according to predetermined rules and the parameters of the respective components are redefined, wherein the predetermined rules are adapted to the virtual machines of the different formats.
PCT/CN2016/105888 2015-11-18 2016-11-15 Method for generating and installing trusted application for use in a trusted execution environment WO2017084555A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510793197.3A CN105590051B (en) 2015-11-18 2015-11-18 Trusted application for credible performing environment generates and installation method
CN201510793197.3 2015-11-18

Publications (1)

Publication Number Publication Date
WO2017084555A1 true WO2017084555A1 (en) 2017-05-26

Family

ID=55929626

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/105888 WO2017084555A1 (en) 2015-11-18 2016-11-15 Method for generating and installing trusted application for use in a trusted execution environment

Country Status (3)

Country Link
CN (1) CN105590051B (en)
TW (1) TWI687867B (en)
WO (1) WO2017084555A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110442422A (en) * 2019-07-03 2019-11-12 阿里巴巴集团控股有限公司 Active response formula is credible Python virtual machine and its method of execution
CN112559293A (en) * 2020-12-22 2021-03-26 上海哔哩哔哩科技有限公司 Application package monitoring method and device
CN112596751A (en) * 2020-12-29 2021-04-02 Oppo广东移动通信有限公司 Compiling method, terminal, server and storage medium of application program installation package
US20210132925A1 (en) * 2019-10-30 2021-05-06 Red Hat, Inc. Software provisioning agent residing in trusted execution environment
CN113010187A (en) * 2021-02-07 2021-06-22 上海硬通网络科技有限公司 Application installation method and device and electronic equipment
CN114051061A (en) * 2021-11-09 2022-02-15 武汉虹旭信息技术有限责任公司 Internet application protocol analysis method and system
US11886574B2 (en) 2019-11-26 2024-01-30 Red Hat, Inc. Using a trusted execution environment for a cryptographic key wrapping scheme that verifies remote device capabilities

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105590051B (en) * 2015-11-18 2018-10-23 ***股份有限公司 Trusted application for credible performing environment generates and installation method
CN107995230B (en) * 2016-10-26 2019-10-18 ***通信有限公司研究院 A kind of method for down loading and terminal
CN108282466B (en) * 2017-12-29 2021-02-02 北京握奇智能科技有限公司 Method, system for providing digital certificate functionality in a TEE
CN108563953B (en) * 2018-03-26 2021-12-21 南京微可信信息技术有限公司 Safe and extensible trusted application development method
CN109308406B (en) * 2018-07-09 2021-10-22 ***股份有限公司 User terminal and trusted application management system
CN115136127A (en) * 2020-03-19 2022-09-30 深圳市欢太科技有限公司 Distributed compiling and caching method and system
CN116032510A (en) * 2021-10-27 2023-04-28 北京字节跳动网络技术有限公司 Data security protection system
CN114036524A (en) * 2021-10-29 2022-02-11 ***股份有限公司 Electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030005425A1 (en) * 2001-06-27 2003-01-02 Zee Dae Hoon Java compile-on-demand service system for accelerating processing speed of java program in data processing system and method thereof
CN101645018A (en) * 2009-09-03 2010-02-10 深圳市茁壮网络股份有限公司 Method and system for processing byte codes in multiple versions and virtual machine
CN102236757A (en) * 2011-06-30 2011-11-09 北京邮电大学 Software protection method and system applicable to Android system
CN102289378A (en) * 2011-09-30 2011-12-21 互动在线(北京)科技有限公司 Method for automatically generating APP (Application)
CN103701930A (en) * 2014-01-07 2014-04-02 浙江大学 Mobile application program real-time updating method and system
US20140108600A1 (en) * 2010-12-06 2014-04-17 Flexycore Application distribution supplying a dedicated application to a terminal from an application deposited by the developer
CN104484585A (en) * 2014-11-26 2015-04-01 北京奇虎科技有限公司 Application program installation package processing method and device, and mobile apparatus
CN105590051A (en) * 2015-11-18 2016-05-18 ***股份有限公司 Trusted application generation and installation method used for trusted execution environment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8468594B2 (en) * 2007-02-13 2013-06-18 Cyber-Ark Software Ltd Methods and systems for solving problems with hard-coded credentials
CN102799444B (en) * 2011-05-27 2016-06-08 华为软件技术有限公司 The method of cross-platform packing program and device
CN102289374B (en) * 2011-08-31 2017-06-30 南京中兴新软件有限责任公司 A kind of method and device for building multi-platform software running environment
CN104346146B (en) * 2013-07-29 2016-05-04 腾讯科技(深圳)有限公司 A kind of method of cross-platform transformation applications code and device
CN103744652B (en) * 2013-12-19 2017-02-08 深圳市蓝凌软件股份有限公司 Hybrid APP development method and device across mobile terminals

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030005425A1 (en) * 2001-06-27 2003-01-02 Zee Dae Hoon Java compile-on-demand service system for accelerating processing speed of java program in data processing system and method thereof
CN101645018A (en) * 2009-09-03 2010-02-10 深圳市茁壮网络股份有限公司 Method and system for processing byte codes in multiple versions and virtual machine
US20140108600A1 (en) * 2010-12-06 2014-04-17 Flexycore Application distribution supplying a dedicated application to a terminal from an application deposited by the developer
CN102236757A (en) * 2011-06-30 2011-11-09 北京邮电大学 Software protection method and system applicable to Android system
CN102289378A (en) * 2011-09-30 2011-12-21 互动在线(北京)科技有限公司 Method for automatically generating APP (Application)
CN103701930A (en) * 2014-01-07 2014-04-02 浙江大学 Mobile application program real-time updating method and system
CN104484585A (en) * 2014-11-26 2015-04-01 北京奇虎科技有限公司 Application program installation package processing method and device, and mobile apparatus
CN105590051A (en) * 2015-11-18 2016-05-18 ***股份有限公司 Trusted application generation and installation method used for trusted execution environment

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110442422A (en) * 2019-07-03 2019-11-12 阿里巴巴集团控股有限公司 Active response formula is credible Python virtual machine and its method of execution
CN110442422B (en) * 2019-07-03 2023-01-31 创新先进技术有限公司 Active response type trusted Python virtual machine and execution method thereof
US20210132925A1 (en) * 2019-10-30 2021-05-06 Red Hat, Inc. Software provisioning agent residing in trusted execution environment
US11886574B2 (en) 2019-11-26 2024-01-30 Red Hat, Inc. Using a trusted execution environment for a cryptographic key wrapping scheme that verifies remote device capabilities
CN112559293A (en) * 2020-12-22 2021-03-26 上海哔哩哔哩科技有限公司 Application package monitoring method and device
CN112596751A (en) * 2020-12-29 2021-04-02 Oppo广东移动通信有限公司 Compiling method, terminal, server and storage medium of application program installation package
CN112596751B (en) * 2020-12-29 2024-05-17 Oppo广东移动通信有限公司 Compiling method, terminal, server and storage medium of application program installation package
CN113010187A (en) * 2021-02-07 2021-06-22 上海硬通网络科技有限公司 Application installation method and device and electronic equipment
CN113010187B (en) * 2021-02-07 2024-04-05 上海硬通网络科技有限公司 Application installation method and device and electronic equipment
CN114051061A (en) * 2021-11-09 2022-02-15 武汉虹旭信息技术有限责任公司 Internet application protocol analysis method and system

Also Published As

Publication number Publication date
CN105590051B (en) 2018-10-23
CN105590051A (en) 2016-05-18
TW201729089A (en) 2017-08-16
TWI687867B (en) 2020-03-11

Similar Documents

Publication Publication Date Title
WO2017084555A1 (en) Method for generating and installing trusted application for use in a trusted execution environment
WO2017084266A1 (en) Method and device for customizing multi-channel installation package
TWI712956B (en) Method and device for updating mobile terminal application program
CN108805701B (en) Multi-blockchain cross-chain transaction processing system and method, blockchain system and storage medium
US8645942B2 (en) Software update syndication
US20140007074A1 (en) Methods for updating applications
US20150378714A1 (en) Providing Context-Specific Software Updates to Client Applications
KR20180137554A (en) PATCH UPGRADE BASED FILE PROCESSING METHOD AND DEVICE, TERMINAL,
WO2017080366A1 (en) Method and apparatus for recognising camouflage download link
US10127037B2 (en) Method for recognizing application type
WO2012034440A1 (en) Method and device for generating database upgrading script
CN104714827A (en) Plug-in update method and device
US9063760B2 (en) Employing native routines instead of emulated routines in an application being emulated
CN111459511B (en) Application program downloading method and device and electronic equipment
CN110058864A (en) The dispositions method and device of micro services
CN106657361B (en) A kind of Android installation kit OTA upgrade method that code addition is obscured
JP7506266B2 (en) Blockchain-based data processing method and device
CN111209001A (en) Method, system, equipment and medium for batch generation of APKs of android channels
CN113986256A (en) Method and device for issuing application program, electronic equipment and storage medium
CN110532016B (en) Version management method, version updating method and version management system
CN112769706A (en) Componentized routing method and system
CN102156650B (en) Method and device capable of implementing automatic analysis of patch
CN111176685A (en) Upgrading method and device
CN111782239B (en) Method, device and storage medium for software packaging and source code version information acquisition
KR102141749B1 (en) APP program execution method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16865732

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16865732

Country of ref document: EP

Kind code of ref document: A1