Method for Bidirectional Access Application Between Dual Execution Environments

Abstract

The present invention relates to a method for bidirectionally accessing applications between dual execution environments, comprising: a first client application sends an access request to a first security application through a first communication module; the first security application performs a first-stage processing on the access request, to obtain the first result data and transfer it to the second communication module; the second communication module establishes at least one two-way communication channel between the first communication module and the second communication module according to the first result data, so that the first security application respectively Revisit each second client application through each two-way communication channel; the first security application performs a second-stage processing on the access request based on the revisit results obtained by revisiting each second client application, so as to generate final result data corresponding to the access request; A security application returns final result data to the first client application. It enables the TEE application to return to multiple REE applications in parallel while processing the requests from the REE application.

Description

technical field [0001] The invention relates to the technical field of intelligent mobile devices, and more specifically, relates to a method for bidirectionally accessing applications between dual execution environments. Background technique [0002] As smart mobile devices (such as smart phones) gradually become "payment tools", their existing smart operating systems can no longer meet the security requirements of payment applications for their operating environments. Due to limited system resources, improving the security of a smart operating system will almost certainly degrade functionality and user experience. In response to this, based on the technological development of the latest mobile chips, the current industry has proposed a dual execution environment solution: that is, two execution environments run simultaneously on one device, one of which is a multimedia execution environment that focuses on functions and user experience, and the other focuses on Secure tru...

AI Technical Summary

Problems solved by technology

In the above scheme, a new Request command cannot be initiated before the Response command returns to the REE application

[0005] This solution has the following problems: when the TEE application needs to perform more complicated processing on the access request of the REE application, because the new Request command cannot be inserted between the previous pair of Request-Response commands, the TEE application cannot be accessed from the multimedia execution environment. The REE application obtains the relevant basic data required for complex processing, thus requiring the trusted execution environment itself to have more and stronger capabilities to support this complex processing

For example, when a TEE application needs the participation of the background, or needs to access the smart memory card to perform complex processing, the TEE application correspondingly needs the trusted execution environment to be able to connect to the Internet, or have a smart memory card access interface, etc., which will undoubtedly make the The structure of the trusted execution environment becomes larger and more complex, which increases the difficulty of the verifiability of the secure operating system and produces more system defects, which in turn reduces the security of the system.

Images