A system including TEE and electronic signature system thereof

Abstract

The invention discloses a system comprising a TEE. The system is characterized in that a trust root of a TEE system comprises a TEE hardware system, a system ROM firmware program, an SE electronic signature module which is connected and communicated with the TEE system, and verification data which are stored in the SE electronic signature module and are used for verifying a TEE software module tobe loaded and established and need to be updated; the invention relates to an electronic signature system applied to the system comprising the TEE. The electronic signature system comprises a TEE system used for electronic signature application of the system and an SE electronic signature module connected and communicated with the TEE system. Wherein the SE electronic signature module comprises verification data which are in the TEE trust root, can be updated and is used for verifying a TEE software module to be loaded and established.

Description

technical field [0001] The present invention relates to the technical field of TEE (Trusted Execution Environment) and electronic signature system, more specifically, relates to a "system including TEE" and its electronic signature system. Background technique [0002] The idea of ​​the present invention originates from the analysis of "integrated electronic signature system and its application in mobile phone", and is applicable to all "systems including TEE and its electronic signature system". [0003] In the era of Internet communication, digital certificates and their electronic signature systems (such as USBKey digital certificates) are widely used. At the same time, mobile communication technology and smart phone technology are also booming, and the application potential of digital certificates based on smart phones is huge. [0004] However, the study found that the existing digital certificate technology and its electronic signature system have not been widely and ...

AI Technical Summary

Problems solved by technology

[0022] 3) Existing TEE systems are exclusively managed and controlled by "'systems including TEE' manufacturers (such as: mobile phone manufacturers)" and are not open to the outside world;

[0039] The disadvantage of this type of electronic signature system is: "SE security chip system comes with LCD display and key input" will take up a lot of space in the mobile phone, have a great impact on the overall structure and layout of the mobile phone, and increase costs, which is not good for the overall sales of mobile phones; at the same time , "SE security chip system comes with LCD screen" has a small display capacity and limited functions, and is only suitable for "electronic signature applications with a small amount of sensitive information" in banking, which limits application expansion; therefore, this type of electronic signature system technology does not No apps integrated into existing phones

[0042] The disadvantages of this type of electronic signature system are: the mobile phone REE system (ie: mobile phone Android system) is an open system that may have loopholes without strict certification, and it has the risk of hackers tampering with information and exceeding authority to control transaction signatures. Electronic signature system technology is not widely used in existing mobile phones

[0049] Because the existing "public key for signature verification" cannot be modified or updated, the corresponding private key used for trusted signatures cannot be updated, so that in the long run, the private key used for trusted signatures can be cracked, making hackers There is a risk that fake signatures can be used to gain trust;

[0050] At the same time, when the version of the "TEE system download module" is upgraded, it is impossible to update the Hash verification value of the "TEE system download module" in the system ROM module, and the new version of the "TEE system download module" can only be verified by verifying the electronic signature. "; but in this way, only the electronic signature can be verified, but the old and new versions cannot be identified, because the trust signatures of the old and new versions of the "TEE system download module" will be verified, so hackers can use "the old version and its signature" to replace "New version and its signature", but the vulnerability of the old version can still be exploited to attack the system;

[0051] (2) Existing mobile phone TEE systems are exclusively managed and controlled by mobile phone manufacturers, with insufficient reliability and security level

[0054] Therefore, compared with this type of "SE electronic signature system certified and controlled by an authoritative third party", the existing mobile phone TEE system has insufficient credibility and insufficient security level

[0055] It is precisely because of the above two types of defects in the existing mobile phone TEE system that the "electronic signature system that relies on the existing mobile phone TEE system" also has defects; and this type of electronic signature system cannot be widely used in mobile phones.

[0056] Based on the above analysis, it can be seen that "existing technologies of various electronic signature systems" have flaws in the integration of applications in mobile phones, making them unable to be widely and fully applied in mobile phones

Images