A secure interaction method, system and related devices
By verifying the security status of electronic devices through a security module, and ensuring that interactions are conducted in a secure state, the problem of data leakage and malicious attacks on electronic devices during attacks is solved, thereby improving the security of devices and network environments.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- HUAWEI TECH CO LTD
- Filing Date
- 2025-01-13
- Publication Date
- 2026-07-14
AI Technical Summary
When electronic devices are attacked or controlled, their security modules may be compromised or compromised, leading to data leaks, tampering, and malicious attacks. Existing technologies cannot effectively prevent this risk.
The security module verifies the security status of the primary system. Only after the security authentication credentials are verified will the security module interact with the primary system. During the interaction, the security detection information of trusted startup and running state is taken into account to ensure that the interaction is carried out in a secure state.
It effectively prevents malicious attacks and data leaks, improves the security of electronic devices, and enhances the security of distributed interconnected network environments.
Smart Images

Figure CN122389019A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communication technology, and in particular to a secure interaction method, system and related equipment. Background Technology
[0002] With the rapid development of information technology and the widespread use of electronic devices, the applications and functions of electronic devices are increasing, and security issues are becoming increasingly prominent. During the use of electronic devices, data and information are threatened for various reasons, leading to security risks such as unauthorized access, data leakage, and functional abuse. For example, if the main system of an electronic device is attacked or controlled, other modules within the device may also be attacked or controlled, resulting in information security problems such as malicious attacks, control, or data theft, leakage, tampering, or destruction. Summary of the Invention
[0003] This application provides a secure interaction method, system, and related device that can verify the security status of a first main system through a security module. Only after the first security authentication credential is verified can the security module interact with the first main system based on the security status indicated by the first security authentication credential. This ensures that the interaction between the first main system and the security module occurs when the first main system is secure, avoiding the risk of attacking the security module using the first main system of the first electronic device, and effectively preventing security issues such as malicious attacks and data leakage.
[0004] To achieve the above objectives, the embodiments of this application adopt the following technical solutions:
[0005] Firstly, a secure interaction method is provided, applicable to a first electronic device, wherein the first electronic device includes a security module and a first main system. In this method, the first main system obtains a first security authentication credential. The first security authentication credential is obtained based on security detection information of the first main system and is used to indicate the security status of the first main system. The first main system sends the first security authentication credential to the security module. After the first security authentication credential is successfully verified, the security module interacts with the first main system based on the security status indicated by the first security authentication credential.
[0006] In the above-mentioned secure interaction method, the first security authentication credential of the first main system is obtained based on the actual security detection information of the first main system and has credibility. By verifying the first security authentication credential, the security module can accurately determine the security status of the first main system and ensure that the interaction between the first main system and the security module is carried out in a secure state. This can avoid the risk of attacking the security module using the first main system of the first electronic device and effectively prevent security problems such as malicious attacks and data leakage.
[0007] At the same time, only after the first security authentication credential is verified is the security module allowed to interact with the first main system based on the security status indicated by the first security authentication credential, thereby further improving the security protection of the data of the first electronic device.
[0008] In one possible implementation, the security detection information includes boot-state software metrics, boot-state security configuration metrics, and runtime security configuration metrics. The security configuration metrics represent the security status of the boot-state and runtime security configurations of the first electronic device.
[0009] In this implementation, the first security authentication credential is obtained based on the software metric and security configuration metric of the first main system during trusted boot, as well as the security configuration metric during runtime. This not only considers the security detection information during trusted boot but also combines the security detection information during runtime, which can more accurately indicate the security status of the first main system. The security detection information has credibility, which in turn makes the first security authentication credential obtained based on the security detection information also highly credible.
[0010] In one possible implementation, the first master system sends a service request to the security module. This service request is used to request the use of security services provided by the security module. During interaction with the first master system based on the security status indicated by the first security authentication credential, the security module allows the first master system to use the security service if the first security authentication credential indicates that the first master system is secure; if the first security authentication credential indicates that the first master system is insecure, the security module refuses the first master system to use the security service; alternatively, the security module lowers the security level of the first master system and interacts with the first master system based on the lowered security level.
[0011] In this implementation, the security module interacts with the first main system based on the security status of the first main system, thereby achieving secure interaction between the first main system and the security module.
[0012] In one possible implementation, during the process of the first master system sending service request information to the security module, the first master system obtains the PIN code entered by the user and then sends the service request information to the security module. This service request information is used to request the use of the user PIN code service provided by the security module. During the process of the security module allowing the first master system to use the security service, if the entered PIN code is correct, the security module generates a decryption key based on the user PIN code service and sends the decryption key to the first master system.
[0013] In this implementation, the security module interacts with the first main system based on the security status indicated by the first security authentication credential, ensuring that the interaction between the first main system and the security module occurs when the first main system is secure. This guarantees the security of the PIN code service of the first electronic device and effectively prevents malicious attacks and data leaks.
[0014] In one possible implementation, the method further includes: the first master system sending a first security authentication credential to a second electronic device, so that the second electronic device can interconnect and interact with the first electronic device based on the security status of the first master system indicated by the first security authentication credential.
[0015] In this implementation, the first electronic device sends the first security authentication credential of the first master system to the second electronic device. After the second electronic device verifies the first security authentication credential, a secure and trusted interaction can be established between the first electronic device and the second electronic device based on the security status indicated by the first security authentication credential. This can effectively prevent malicious attackers from attacking the first electronic device and then interacting with the second electronic device, thus avoiding further attacks on the second electronic device. This greatly reduces the security risks of the distributed interconnection network environment and enhances the security of the distributed interconnection system.
[0016] In one possible implementation, the method further includes: a first master system receiving a third security authentication credential from a third electronic device. The third security authentication credential is used to indicate the security status of the third master system within the third electronic device. The first master system sends the third security authentication credential to a security module for verification. After successful verification of the third security authentication credential, the security module notifies the first master system of the security status of the third master system indicated by the third security authentication credential. Based on the security status of the third master system, the first master system interacts with the third electronic device.
[0017] In this implementation, the first master system of the first electronic device receives and verifies the third security authentication credential from the third electronic device. After successful verification, the first master system performs secure distributed interconnection and interaction with the third electronic device based on the security status in the third security authentication credential.
[0018] In one possible implementation, during the interconnection and interaction between the first master system and the third electronic device, based on the security status of the third master system, if the third security authentication credential indicates that the third master system is secure, the first master system allows the establishment of an interconnection with the third electronic device, or allows the execution of interconnection services with the third electronic device. If the third security authentication credential indicates that the third master system is insecure, the first master system refuses to establish an interconnection with the third electronic device, or refuses to execute interconnection services with the third electronic device, or the first master system lowers the security level of the third electronic device and executes interconnection services with the third electronic device based on the lowered security level.
[0019] In this implementation, when the third master system is secure, the first master system is allowed to establish distributed interconnections with the third electronic device or execute related business processes, ensuring the smooth operation of normal business processes. When the third master system is insecure, the first master system can take measures such as refusing interaction or lowering the security level before interacting, thereby avoiding interaction with the insecure third electronic device, effectively avoiding security risks, and enhancing the security of the distributed interconnection system.
[0020] In one possible implementation, the method further includes: a first master system sending a first security authentication credential to a second electronic device, such that the second electronic device determines the security status of the first master system based on the first security authentication credential. The first electronic device receives a second security authentication credential from the second electronic device and interacts with the second electronic device based on the security status of the second master system indicated by the second security authentication credential.
[0021] In this implementation, the first electronic device and the second electronic device mutually verify the security status of the peer's main system, thereby establishing a secure distributed interconnection and interaction.
[0022] In one possible implementation, the method further includes: a first master system sending security detection information to a trusted device. The trusted device includes a security module or a server, and the security module includes a Security Element (SE), a Secure Independent Core (SI), or a Trusted Execution Environment (TEE) module. During the process of the first master system obtaining a first security authentication credential, the first master system receives the first security authentication credential from the trusted device. The first security authentication credential is obtained based on the matching of the security detection information with respect to a software and security configuration baseline.
[0023] In this implementation, a first security authentication credential is obtained by a trusted device based on security detection information relative to the software and security configuration baseline, and thus has credibility.
[0024] In one possible implementation, the method further includes: a trusted device acting as a security module, which receives an OTA software package, along with a software and security configuration baseline, from an OTA server during the over-the-air (OTA) upgrade process. The security module generates a first security authentication credential based on the matching of security detection information with respect to the software and security configuration baseline. Alternatively, the trusted device may be a server configured with the software and security configuration baseline.
[0025] In this implementation, the software and security configuration baseline can be obtained either through over-the-air (OTA) upgrades or from a server, offering flexible acquisition methods. When the first electronic device cannot connect to the internet in real time, the software and security configuration baseline are sent to the security module via the OTA upgrade service. This allows the first electronic device to obtain the first security authentication credential based on the software and security configuration baseline in an offline state, enhancing the flexibility of security interaction.
[0026] In one possible implementation, security detection information is used to characterize the security status of the first electronic device in the startup and running states, and the security status of the security configuration of the first main system software. The security detection information includes startup software metrics and security configuration metrics. The startup software metrics are used to characterize the security status of the software in the startup state of the first electronic device, and the security configuration metrics are used to characterize the security status of the security configuration of the first electronic device in the startup and running states.
[0027] In one possible implementation, the first security authentication credential includes a general description of the device security certificate, a baseline verification result of the device software, and a verification result of the device security configuration. The general description of the device security certificate indicates whether the first main system is generally secure, the baseline verification result of the device software indicates whether the software of the first main system is secure, and the verification result of the device security configuration indicates whether the security configuration of the first main system is secure.
[0028] In one possible implementation, the first security authentication credential also includes a credential signature, a challenge value, and a device identifier. The method further includes: a security module decrypting the credential signature to verify the integrity of the first security authentication credential; the security module performing anti-replay verification based on the challenge value; and the security module performing device matching verification on the device identifier in the first security authentication credential.
[0029] In this implementation, the security module only engages in secure interaction with the first main system after the first security authentication credential has been verified. This interaction is based on the security status indicated by the first security authentication credential.
[0030] In one possible implementation, if the software launched by the first main system includes abnormal software, the security detection information indicates that the software security status of the first main system is abnormal, and the first security authentication credential indicates that the first main system is insecure. During interaction with the first main system based on the security status indicated by the first security authentication credential, the security module refuses the first main system access to the security services provided by the security module. Alternatively, the security module lowers the security level of the first main system and interacts with the first main system based on the lowered security level.
[0031] In this implementation, when abnormal software is present, the first security authentication credential indicates that the first main system is insecure. The security module refuses the first main system to use security services or lowers its security level, which can avoid the risk of attackers using the first main system of the first electronic device to attack the security module and effectively prevent malicious attacks and data leakage.
[0032] Secondly, a secure interaction system is provided, comprising: a first electronic device and a server. The first electronic device includes a first main system and a security module. The first main system is used to obtain a first security authentication credential. The first security authentication credential is obtained based on security detection information of the first main system and is used to indicate the security status of the first main system. The first main system sends the first security authentication credential to the security module. The security module is used to interact with the first main system based on the security status indicated by the first security authentication credential after successful verification. The server is used to obtain the first security authentication credential based on the matching of security detection information with respect to software and security configuration baselines.
[0033] Thirdly, an electronic device is provided, comprising: a memory and one or more processors; the memory and the processors are coupled; wherein the memory stores computer program code, the computer program code including computer instructions, which, when executed by the processor, cause the electronic device to perform the secure interaction method of any of the first aspects described above.
[0034] Fourthly, a computer-readable storage medium is provided, including computer instructions that, when executed on an electronic device, cause the electronic device to perform any of the secure interaction methods described in the first aspect.
[0035] Fifthly, a computer program product is provided that, when run on a computer, causes the computer to execute the secure interaction method described in any of the first aspects above.
[0036] In a sixth aspect, a chip system is provided, which is applied to an electronic device. The chip system includes one or more processors, which are used to invoke computer instructions to cause the electronic device to perform the secure interaction method described in any of the first aspects above.
[0037] Understandably, the beneficial effects that can be achieved by the second to sixth aspects provided above can be referred to the beneficial effects of the first aspect and any of its possible design methods, which will not be repeated here. Attached Figure Description
[0038] Figure 1 A schematic diagram of the architecture of a PIN code service system;
[0039] Figure 2 A schematic diagram of the architecture of a remote verification system;
[0040] Figure 3 This application provides a schematic diagram of the architecture of a secure interaction system.
[0041] Figure 4 A flowchart illustrating a secure interaction method provided in an embodiment of this application;
[0042] Figure 5 This is a schematic diagram of the structure of a secure interaction system provided in an embodiment of this application;
[0043] Figure 6 This is a schematic diagram of another secure interaction system provided in an embodiment of this application;
[0044] Figure 7 A schematic diagram illustrating a secure interaction process provided in an embodiment of this application;
[0045] Figure 8 This is a schematic diagram of the architecture of another secure interaction system provided in an embodiment of this application;
[0046] Figure 9 A schematic diagram illustrating another secure interaction process provided in an embodiment of this application;
[0047] Figure 10 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation
[0048] The technical solutions of the embodiments of this application will be described below with reference to the accompanying drawings. In the description of the embodiments of this application, unless otherwise stated, " / " means "or," for example, A / B can mean A or B; "and / or" in this text is merely a description of the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A existing alone, A and B existing simultaneously, and B existing alone. Furthermore, in the description of the embodiments of this application, "multiple" refers to two or more than two.
[0049] Hereinafter, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of this embodiment, unless otherwise stated, "a plurality of" means two or more.
[0050] In the embodiments of this application, the words "exemplarily" or "for example" are used to indicate examples, illustrations, or explanations. Any embodiment or design described as "exemplarily" or "for example" in the embodiments of this application should not be construed as being more preferred or advantageous than other embodiments or design solutions. Specifically, the use of the words "exemplarily" or "for example" is intended to present the relevant concepts in a specific manner.
[0051] In the field of smart devices, especially portable electronic devices such as mobile phones, PIN codes serve as an important means of unlocking electronic devices and participating in file encryption key protection, ensuring the security of user privacy information in electronic devices.
[0052] When a PIN code is used as a key factor in the protection of a file encryption key, an attacker needs to know the PIN code to complete the decryption. The PIN code can be stored in a security module for security protection. The PIN code service can be understood as a security module service, while the encryption key is managed by the main system. The main system refers to the main chip hardware of the electronic device and the set of software running on it, while the security module refers to a small, high-level security chip independent of the main system, running a small amount of highly secure security software. Compared to the main system, the security module provides higher security. For example, the main system can be a System-on-Chips (SoC), and the security module can be a Security Element (SE) in the electronic device or a component with a higher security level than the main system.
[0053] For example, Figure 1A schematic diagram of a PIN service system architecture is shown. In the first electronic device, the first main system includes a screen lock module, a password authentication module, and a file encryption module. The security module includes password authentication services, password storage, and decryption key derivation modules. Anti-brute-force logic can be implemented in the first main system and the security module. Specifically, the screen lock module responds to user input of the PIN code; the password authentication module verifies the correctness of the entered PIN code; the anti-brute-force logic prevents attackers from obtaining the PIN code through brute-force attacks; the file encryption module encrypts files and other information within the first electronic device; the security module's password storage and decryption key derivation module stores the user-set PIN code in encrypted form and generates a decryption key based on the user's PIN code and sends it to the first main system; the password authentication service handles the interaction between the first main system and the security module's PIN code service, and can send the decryption key to the first main system.
[0054] When the lock screen module of the first main system responds to the user's PIN code input, it obtains the PIN code and requests the user PIN code service from the security module. The security module compares the PIN code stored in the password storage module with the user-input PIN code. If the user-input PIN code matches the stored PIN code, the verification is successful. If the user-input PIN code does not match the stored PIN code, the verification fails. Then, the security module generates a decryption key based on the user PIN code service and sends it to the first main system. If the PIN code verification is successful, the first main system uses the decryption key sent by the security module to decrypt the applications and files accessed by the user on the first electronic device.
[0055] In one possible implementation, the password authentication module can be carried by multiple modules, such as a secure element, a separate secure core, or a trusted execution environment (TEE).
[0056] In the above scheme, when the primary system of the first electronic device is attacked, such as gaining control or code execution privileges, the attacker may attempt to bypass the brute-force protection measures and then exploit the normal business interface provided by the security module to attack the PIN code protection function of the security module. The security module still generates a decryption key based on the user PIN code service and sends it to the primary system. The primary system obtains the decryption key and uses it to decrypt applications and files on the first electronic device, thus threatening the security of the first electronic device. During this process, the interaction between the primary system and the security module is insecure. The primary system does not prove its security status to the security module, making it impossible for the security module to confirm whether the primary system it interacts with has been tampered with or attacked.
[0057] In distributed interconnected scenarios, data processing and flow become more efficient. Electronic devices in a distributed interconnected system are typically interconnected based on security levels generated from the device model. This ensures the security of the entire system, prevents privacy breaches due to weak security capabilities of individual nodes, and ensures that correct data is accessed by the correct electronic device. For example, two identical mobile phones with the same security level can transfer encrypted files between them. Conversely, a mobile phone connected to a watch has a lower security level than the phone; therefore, high-security data from the phone, such as payment passwords, will not be transferred to the watch.
[0058] In distributed interconnection scenarios, there exists a mobile device management (MDM) application scheme in related technologies to verify the security status of electronic devices themselves. (See [link to relevant documentation]). Figure 2 . Figure 2 A schematic diagram of a remote authentication system is shown. The architecture of the remote authentication system includes an electronic device and a server. During the process of the electronic device initiating remote authentication to the server, the electronic device signs its health information using a local trusted measurement key (such as SAK) and engages in a remote challenge response with the server. The server remotely authenticates the health information of the electronic device, generating a health credential for the electronic device. This health credential serves as the execution credential for the server or MDM management policies, such as uninstalling applications or erasing sensitive data.
[0059] This scheme obtains health credentials from electronic devices by engaging in a remote challenge-response with a server. However, during startup, the reliability of the health information generated by the electronic device cannot be guaranteed. Therefore, the reliability of the health credentials generated based on the remote challenge-response between the electronic device and the server cannot be guaranteed.
[0060] To address the aforementioned issues, this application provides a secure interaction method that can be applied to interactive systems.
[0061] In some embodiments, see Figure 3 The interactive system may include a first electronic device, which includes a first main system and a security module. The first main system may refer to the system within the first electronic device responsible for running the operating system, such as a host system or main chip. The security module may refer to a component within the first electronic device used to implement security-related functions such as storage, operation, or verification; for example, it may be a Security Element (SE), a Secure Independent Core (SI), or a Trusted Execution Environment (TEE) module. The method provided in this application embodiment enables secure interaction between the first main system and the security module.
[0062] In other embodiments, see Figure 3 The interactive system may also include other electronic devices, such as a second or third electronic device. The method provided in this application embodiment enables secure interaction between different electronic devices.
[0063] Some embodiments of this application provide a secure interaction method that can be applied to... Figure 3 The first electronic device in the interactive system shown. In this method, the first master system obtains a first security authentication credential. The first security authentication credential is obtained based on the security detection information of the first master system and is used to indicate the security status of the first master system. The first master system sends the first security authentication credential to the security module. After the first security authentication credential is successfully verified, the security module interacts with the first master system based on the security status indicated by the first security authentication credential.
[0064] In the secure interaction method provided in this application embodiment, the first security authentication credential is obtained based on the actual security detection information of the first main system and has credibility. By verifying the first security authentication credential, the security module can ensure the reliability of the first security authentication credential after successful verification, thereby accurately determining the security status of the first main system. This ensures that the interaction between the first main system and the security module occurs when the first main system is secure, avoiding the risk of attackers using the first main system of the first electronic device to attack the security module, and effectively preventing security issues such as malicious attacks and data leakage.
[0065] At the same time, only after the first security authentication credential is verified is the security module allowed to interact with the first main system based on the security status indicated by the first security authentication credential, thereby further improving the security protection of the data of the first electronic device.
[0066] For example, in a secure interaction example, a first main system of a first electronic device requests to use the user PIN code service provided by a security module. In the first electronic device, the lock screen module of the first main system responds to the user's PIN code input operation, obtains the PIN code, and requests to use the user PIN code service from the security module. After the security module verifies the first security authentication credential, it interacts with the first main system based on the security status indicated by the first security authentication credential. If the first security authentication credential indicates that the first main system is secure, the security module determines whether the PIN code entered by the user matches the PIN code stored in the security module. If they match, the PIN code verification is successful. If the PIN code entered by the user does not match the PIN code stored in the security module, the PIN code verification fails. In the case of successful PIN code verification, the security module generates a decryption key based on the user-entered PIN code service and sends it to the first main system. The first main system then uses the decryption key to decrypt encrypted files, applications, etc.
[0067] In the above interactive scenario, the first main system in the first electronic device and the security module engage in secure interaction within the interactive system. The first main system can prove its own security status to the security module, so that when the first main system requests to use the security services provided by the security module, the security module can interact with the first main system based on the security status of the first main system.
[0068] In some embodiments, the security detection information includes boot-state software metrics, boot-state security configuration metrics, and runtime security configuration metrics. The security configuration metrics represent the security status of the first electronic device's boot-state and runtime security configurations. Since the first security authentication credential is derived from the software and security configuration metrics of the first main system during trusted boot, as well as the runtime security configuration metrics, it considers not only the security detection information during trusted boot but also the security detection information during runtime, thus more accurately indicating the security status of the first main system and possessing high reliability.
[0069] In other embodiments, the first electronic device in the interactive system can prove its security status to the second electronic device so that when the first electronic device requests to use the services provided by the second electronic device, the second electronic device can interact with the first electronic device based on the security status of the first electronic device, thereby ensuring the security of the distributed interconnection network environment.
[0070] In some other embodiments, the first electronic device proves its security status to the second electronic device, and the second electronic device proves its security status to the first electronic device. The two interacting devices verify each other's security status, thereby achieving secure interconnection and interaction between the first electronic device and the second electronic device.
[0071] In other embodiments, a third electronic device in the interactive system can prove its security status to a first electronic device so that when the third electronic device requests to use the services provided by the first electronic device, the first electronic device can interact with the third electronic device based on the security status of the third electronic device, thereby ensuring the security of the distributed interconnection network environment.
[0072] The electronic devices in this application embodiment can be tablet computers, mobile phones, laptops, smart screens, televisions, in-vehicle devices, netbooks, personal digital assistants (PDAs), wearable devices, augmented reality (AR) / virtual reality (VR) devices, or personal computers, etc. This application embodiment does not impose any special limitations on the specific form of the electronic devices.
[0073] The electronic devices described in this application can be applied to various communication systems, such as wireless fidelity (WiFi) systems, vehicle-to-everything (V2X) communication systems, device-to-device (D2D) communication systems, Bluetooth systems, 4th generation (4G) mobile communication systems (such as Long Term Evolution (LTE) systems), worldwide interoperability for microwave access (WiMAX) communication systems, 5G (such as New Radio (NR) systems), and future communication systems. This application does not limit the specific form of the communication system.
[0074] The following will combine Figure 3 The interactive system and accompanying drawings illustrate the secure interaction method provided in the embodiments of this application. Figure 4 As shown, the method may include the following steps S401-S403.
[0075] S401, The first master system in the first electronic device obtains the first security authentication credential.
[0076] The first main system can be the host system, main chip, operating system, or other components of the first electronic device.
[0077] The primary system can be the party initiating the service request, and the security module can be the party receiving the service request. The primary system sends a service request to the security module, requesting to use the services provided by the security module to perform specific operations, such as generating keys, encrypting data, or performing authentication. Upon receiving the service request from the primary system, the security module can respond to the primary system's service request.
[0078] For example, the first master system sends a service request to the security element SE, requesting the generation of an encryption / decryption key. Here, the security module is the security element SE, and the service request is used to obtain the encryption / decryption key. Upon receiving the service request from the first master system, the security element SE responds by performing the encryption / decryption key generation operation according to the service request. The service provided by the security module is the execution of the encryption / decryption key generation operation.
[0079] For another example, the first master system requests to use the payment transaction service provided by the secure element SE. Here, the security module is the secure element SE, and the service request information is used to request the use of the payment transaction service. After receiving the service request information from the first master system, the secure element SE responds by providing the first master system with the payment transaction service.
[0080] The first security authentication credential is used to indicate the security status (or health status) of the first main system. The first security authentication credential can also be understood as a health certificate (token), health certificate, or security certificate for the first electronic device. The first security authentication credential is obtained based on the security detection information of the first main system. The security detection information is used to characterize the startup and running states of the first electronic device, the security status of the first main system software, and the security status of its security configuration. Because the first security authentication credential is generated based on real-time security detection information from the startup and running states of the first main system, both the security detection information and the first security authentication credential are reliable.
[0081] The following describes how the first electronic device obtains the first security authentication credential.
[0082] When the first master system of the first electronic device obtains the first security authentication credential from the server, the server needs to send a challenge value to the first electronic device. The server can provide remote authentication to the first electronic device.
[0083] The challenge value is random data generated by the server and sent to the first electronic device. It is used to label the service request information, is unique, and is valid for a short period of time. It is used to verify the identity and current status of the first electronic device, ensuring the real-time nature of the challenge and preventing replay attacks. For example, the challenge value can be any number generated by the server, such as 1, 10000, or 11111, or a random string, such as "abcde," etc. There are no specific restrictions here.
[0084] After the first electronic device obtains the challenge value, the first master system obtains the first security authentication credential from the trusted device. The trusted device can provide security proof for the first master system of the first electronic device. For example, the trusted device can be a security module or a server. The security module can include a Security Element (SE), a Secure Independent Core (SI), or a Trusted Execution Environment (TEE) module, etc. This application embodiment does not limit the specific form of the security module.
[0085] The first master system can obtain the first security authentication credential from the trusted device. The first electronic device sends security detection information to the trusted device, and the trusted device obtains the first security authentication credential based on the security detection information. The trusted device can obtain the first security authentication credential based on the matching of the security detection information with baseline information (such as software and security configuration baselines). The first security authentication credential obtained by the trusted device based on the security detection information with respect to the software and security configuration baselines has credibility.
[0086] When the trusted device is a server, the first electronic device sends security detection information to the server. The server receives the security detection information and obtains the first security authentication credential based on it. The server then sends the first security authentication credential to the first master system, thereby enabling the first master system to obtain the first security authentication credential.
[0087] When the trusted device is a security module, the first electronic device sends security detection information to the security module. The security module receives the security detection information and obtains the first security authentication credential based on it. The security module then sends the first security authentication credential to the first master system, enabling the first master system to obtain the first security authentication credential.
[0088] The following example uses a trusted device as the server to illustrate the process of the server generating the first security authentication credential.
[0089] After the primary system goes through the startup and runtime states, it sends security detection information to the server. The server receives the security detection information and, based on its match with the software and security configuration baselines, obtains the first security authentication credential. This security detection information includes software metrics and security configuration metrics from both the startup and runtime states.
[0090] In some embodiments, the security detection information includes startup software metrics and security configuration metrics. Startup software metrics characterize the security status of the startup software of the first electronic device. Security configuration metrics characterize the security status of the security configuration of the first electronic device in both startup and secure states. The security configuration metrics include startup-state security configuration metrics and runtime-state security configuration metrics.
[0091] The software and security configuration baseline is a set of measurement baseline values for a first electronic device under a known security state. In some embodiments, the software and security configuration baseline includes startup software measurement baseline values and security configuration measurement baseline values. The startup software measurement baseline values are hash values of various startup software components, such as the basic input / output system and the operating system, generated by the first electronic device during the version building phase. The security configuration measurement baseline values are the device's hardware and software security configurations, including but not limited to the enabled status of the device's security features and whether the device is in a debug state. The matching status of security detection information with the software and security configuration baseline is used to indicate the security status of the first main system of the first electronic device. The first security authentication credential generated based on this is also used to indicate the security status of the first main system.
[0092] Specifically, when the security detection information matches the software and security configuration baseline, the first security authentication credential indicates that the security status of the first main system is secure; when the security detection information does not match the software and security configuration baseline, the first security authentication credential indicates that the security status of the first main system is insecure. For example, matching the security detection information with the software and security configuration baseline can be achieved by matching the startup software metric in the security detection information with the startup software metric in the software and security configuration baseline, or by matching the security configuration metric in the security detection information with the security configuration metric in the software and security configuration baseline.
[0093] For example, when the difference between the startup software metric value in the security detection information and the startup software metric baseline value in the software and security configuration baseline is within a preset range; and when the difference between the security configuration metric value in the security detection information and the security configuration metric baseline value in the software and security configuration baseline is within a preset range, the first security authentication credential indicates that the security status of the first main system is secure. When the difference between the startup software metric value in the security detection information and the startup software metric value in the software and security configuration baseline is not within a preset range, or when the difference between the security configuration metric value in the security detection information and the security configuration metric value in the software and security configuration baseline is not within a preset range, the first security authentication credential indicates that the security status of the first main system is insecure.
[0094] In some possible implementations, the first security authentication credential includes a general description of the device security certificate, a baseline verification result of the device software, and a verification result of the device security configuration. The general description of the device security certificate indicates whether the first main system is generally secure, the baseline verification result of the device software indicates whether the software of the first main system is secure, and the verification result of the device security configuration indicates whether the security configuration of the first main system is secure.
[0095] If any one of the three conditions in the first security authentication credential—the overall description of device security proof, the device software baseline verification result, and the device security configuration verification result—is abnormal (i.e., indicating insecurity), the first security authentication credential indicates that the first primary system is insecure. When all three conditions in the first security authentication credential are normal (i.e., indicating security), the first security authentication credential indicates that the first primary system is secure. The first primary system uses the first security authentication credential to prove its security to the security module, preventing further attacks on the security module's security services should the first primary system be attacked.
[0096] It is understood that the first security authentication credential may also include other content, and this application embodiment does not limit this.
[0097] In some embodiments of this application, after each startup of the first electronic device, the first main system sends security detection information to the server. The server obtains a first security authentication credential based on the matching of the security detection information with respect to the software and security configuration baseline, and sends the first security authentication credential to the first main system. This ensures that the security of the first main system is verified each time the first electronic device starts up, effectively avoiding security risks caused by restarting the first electronic device and improving the speed of security interaction response.
[0098] In other embodiments, the first master system periodically sends security detection information to the server. The server obtains a first security authentication credential based on the match between the security detection information and the software and security configuration baseline, and sends the first security authentication credential to the first master system. By periodically sending security detection information to the server, the security of the first master system is verified, security risks arising from the first master system can be addressed promptly, and the response speed of security interactions is improved.
[0099] In some other embodiments, when the first master system requests to use the security services provided by the security module, the first master system sends security detection information to the server. The server obtains a first security authentication credential based on the matching of the security detection information with respect to the software and security configuration baseline, and sends the first security authentication credential to the first master system. This ensures the real-time security of the first master system and enhances the credibility of the first security authentication credential.
[0100] The following is an exemplary description of the process by which the first main system obtains security detection information after going through the startup and running states.
[0101] See Figure 5After the first electronic device is powered on, the first main system boots based on hardware-protected trusted startup, with the hardware-protected root of trust executing first. The root of trust (such as the device identifier composition engine (DICE)) is a program (such as BootROM) embedded in the chip at the factory, providing hardware-protected keys (such as a unique device secret (UDS)). These keys are embedded in the hardware during the manufacturing process and are uniquely bound to each electronic device. The first main system of the first electronic device begins the boot loading process from the chip's built-in BootROM and loads the bootloader (such as the BootLoader). The first electronic device sequentially loads the code of each layer of startup software (including the basic input / output system, operating system kernel, and applications), as well as the corresponding security configurations (such as startup policies and device identifiers) for each layer. Using the root of trust's key and hardware security mechanisms, it calculates the hash values of the software and security configurations to obtain the metrics for each layer of startup software and security configuration. Within the secure software environment provided by the hardware, the first main system extends the calculated hash values layer by layer into the certificate chain. The certificate chain is used by the server to verify the security detection information of the first master system. For example, the certificate chain can be a DICE integrity certificate chain. The certificate chain includes the boot software metric and security configuration metric for each layer (the security configuration metric is the security configuration metric in the boot state). The device identifier can be specified in the server as the first electronic device. In this process, each layer of boot software verifies the integrity of the next layer of boot software according to the key and extends the calculated hash value into the trusted boot module, ensuring a complete trust chain from the hardware root of trust to the operating system kernel, ensuring that the first master system of the first electronic device has not been tampered with, and ensuring the integrity of the Trusted Application (TA).
[0102] In some embodiments, see Figure 5 The first main system extends the calculated hash value layer by layer into the trusted boot module, forming a trust chain. The trusted boot module instructs the layer-by-layer extension of the boot software metric and security configuration metric to the boot metric certificate chain, thereby obtaining security detection information.
[0103] After the primary system of the first electronic device boots up, it enters the running state to load the health verification service software. During the health verification process, the root trust checks the runtime health status, including the integrity of the Trusted Execution Environment (TEE) and the read-only code and data of the operating system kernel, checks the root process of the first electronic device, and checks whether the first electronic device is running on a physical device or an emulator. This generates a running state security configuration metric (which can also be understood as the security status or running state device health check result). For example, the running state security configuration metric can be obtained based on whether any anomalies are detected in the integrity of the TEE and kernel code and data, whether the device root process is running normally and whether there are any unauthorized modifications, and whether it is a physical device check.
[0104] In some embodiments, see Figure 5 The first electronic device loads a health certificate module. Within this module, the first main system undergoes a runtime process to obtain a runtime security configuration metric. The health certificate module is a software module running on the first main system of the first electronic device. In one possible implementation, the health certificate module includes a security detection module, which performs a runtime process to obtain a runtime security configuration metric.
[0105] After the first main system of the first electronic device goes through the boot state and the running state, it obtains security detection information. This security detection information includes the startup software metrics at each layer, the security configuration metrics in the boot state, and the security configuration metrics in the running state. This ensures the reliability of the security detection information.
[0106] After receiving the security detection information, the first electronic device sends the security detection information and the challenge value sent by the server to the first main system to the server, so as to prove to the server that the security detection information and the challenge value of the first electronic device are related, and avoid confusion in the server's remote proof when the first electronic device proves to the server multiple times.
[0107] In one possible implementation, the first electronic device interacts with the server via a remote authentication client. The remote authentication client sends security detection information and a challenge value generated by the server and sent to the first main system, respectively, to the server. This remote authentication client can be integrated into the health authentication module.
[0108] After obtaining security detection information from the first electronic device, the server obtains the first security authentication credential. (See also...) Figure 5In this process, the server hosting the remote authentication obtains the software and security configuration baseline from the baseline server. The server hosting the remote authentication receives security detection information and a challenge value sent by the first electronic device. The server hosting the remote authentication verifies that the challenge value is the same challenge value sent to the first electronic device by its primary system when requesting to use the security module's security services. Upon successful verification, the server hosting the remote authentication obtains the first security authentication credential of the primary system based on the matching of the security detection information with the software and security configuration baseline. The first security authentication credential includes a general description of the device security authentication, the device software baseline verification result, the device security configuration verification result, the credential signature, the challenge value, and the device identifier.
[0109] In other embodiments, the baseline server and the remote authentication server can be the same server. The server receives security detection information and a challenge value from the first electronic device, and verifies that the challenge value is the same challenge value sent to the first electronic device by its first master system when requesting to use the security module's security services. Upon successful verification, the server directly obtains the first security authentication credential based on the matching of the security detection information with respect to the software and security configuration baseline, without needing to obtain the software and security configuration baseline from the baseline server, thus improving the efficiency of security interaction.
[0110] After generating the first security authentication credential, the server signs the credential using its private key to obtain the credential signature. The server then sends the signed first security authentication credential and a challenge value to the first electronic device. The challenge value is a credential sent by the server to the first electronic device for remote authentication, ensuring that the first security authentication credential obtained was acquired when the first main system of the first electronic device requested to use the security services provided by the security module; therefore, the first security authentication credential is reliable.
[0111] In one possible implementation, the first electronic device interacts with the server via a remote authentication client, which receives a signed first security authentication credential and a challenge value sent by the server.
[0112] The following example uses a trusted device as a security module to illustrate the process of generating the first security authentication credential.
[0113] For example, see Figure 6During an Over-the-Air (OTA) upgrade, the OTA server sends the OTA package, software, and security configuration baseline corresponding to the current version information of the first electronic device to the security module. The OTA package indicates the upgrade package encapsulated with the software and security configuration baseline, and can be the OTA package for the target upgrade version corresponding to the current version information of the first electronic device. The startup software metrics in the software and security configuration baseline can include the startup software of the first electronic device, such as the operating system and basic input / output system. The security module receives the OTA package from the server and obtains a first security authentication credential based on the matching of security detection information with the software and security configuration baseline. In some implementations, the server can also send the OTA package, software, and security configuration baseline to the security module securely offline (e.g., via USB, SD card).
[0114] This approach is suitable for situations where the first electronic device cannot connect to the internet in real time. It allows the software and security configuration baseline to be sent to the security module via OTA (Over-The-Air) upgrade service. This enables the first electronic device to obtain the first security authentication credentials offline, based on the software and security configuration baseline, thus enhancing the flexibility of security interaction.
[0115] In some embodiments, after the OTA server sends the software and security configuration baselines to the security module, the security module verifies the integrity of the software and security configuration baselines, including verifying the startup software metric baseline value and the security configuration metric baseline value. Upon successful verification, the security module stores or updates its internal software and security configuration baselines. Then, the security module obtains a first security authentication credential based on the matching of security detection information with the software and security configuration baselines.
[0116] In one possible implementation, the OTA server can obtain the software and security configuration baseline from the server where the remote credential resides or the baseline server.
[0117] The security module obtains the software and security configuration baseline from the OTA server, as well as the security detection information and challenge value sent by the first electronic device. The security module verifies that the challenge value is the one sent to the first electronic device by its primary system when requesting to use the security module's security services. Upon successful verification, the server obtains the first security authentication credential of the primary system based on the matching of the security detection information with the software and security configuration baseline. In some possible implementations, the first security authentication credential includes a general description of the device security certificate, the device software baseline verification result, the device security configuration verification result, the credential signature, the challenge value, and the device identifier.
[0118] In one possible implementation, the security module sends the first security authentication credential to the first master system.
[0119] In some embodiments, after receiving the first security authentication credential from a trusted device (including a server and a security module), the first master system may save it to the local storage of the first electronic device. In one possible implementation, the health certificate module of the first master system includes a first security certificate management module for managing the first security authentication credential stored locally.
[0120] S402, The first master system sends the first security authentication credential to the security module.
[0121] The first master system can request security services provided by the security module. The first master system obtains a first security authentication credential and sends it to the security module to verify its own security status. This first security authentication credential is obtained by the trusted device when the first master system of the first electronic device requests security services from the security module.
[0122] In some embodiments, the first host system interacts with the security module through a security module service and driver software, sending a first security authentication credential to the security module. The security module service and driver software may be a security module service agent running on the first host system.
[0123] S403. After the first security authentication credential is verified, the security module interacts with the first main system based on the security status indicated by the first security authentication credential.
[0124] After receiving the first security authentication credential from the first master system, the security module verifies it. Upon successful verification, the security module interacts with the first master system based on the security status indicated by the first security authentication credential. Only when the first security authentication credential is successfully verified will the security module interact with the first master system based on the security status indicated by the first security authentication credential. This ensures accurate and reliable determination of the security status of the first master system and guarantees that the interaction between the first master system and the security module occurs in a secure state, thereby achieving secure interaction and effectively preventing malicious attacks and data leaks.
[0125] After obtaining the first security authentication credential from the first main system, the security module verifies the first security authentication credential. For example, the security module verifies the credential signature in the first security authentication credential to verify its integrity; performs anti-replay verification based on a challenge value; and performs device matching verification on the device identifier in the first security authentication credential. Specifically, the security module uses the public key corresponding to the private key on the server side to verify the credential signature.
[0126] The first security authentication credential fails to be verified if the security module cannot verify the credential signature using the public key corresponding to the server's private key; or if the challenge value in the first security authentication credential is inconsistent with the challenge value sent by the server to the first master system when the first master system requests to obtain the first security authentication credential; or if the device identifier in the first security authentication credential does not match the device identifier of the first electronic device. Otherwise, the first security authentication credential is verified successfully.
[0127] For example, a first master system requests the user PIN code service of a secure element (SE) to unlock encrypted files on a first electronic device. The first master system sends a first security authentication credential to the security module. Upon receiving the first security authentication credential, the secure element (SE) first verifies the credential signature to ensure its integrity. The secure element (SE) then performs a replay protection verification based on a challenge value. Furthermore, the secure element (SE) performs a device matching verification against the device identifier in the first security authentication credential.
[0128] For example, the first main system requests to use the payment transaction service provided by the Secure Element (SE). The Secure Element (SE) verifies the credential signature in the first security authentication credential to verify its integrity; performs anti-replay verification based on challenge values; and performs device matching verification on the device identifier in the first security authentication credential.
[0129] After the first security authentication credential is verified, the security module interacts with the first main system based on the security status indicated by the first security authentication credential.
[0130] The first security authentication credential includes a general description of the device security certificate, the device software baseline verification result, and the device security configuration verification result. The security module determines the overall security of the primary system based on the general description of the device security certificate, the software security of the primary system based on the device software baseline verification result, and the security configuration security of the primary system based on the device security configuration verification result.
[0131] If any one of the three conditions in the first security authentication credential—the overall description of device security proof, the device software baseline verification result, and the device security configuration verification result—is abnormal (i.e., indicates insecurity), the first security authentication credential indicates that the first primary system is insecure. When all three conditions in the first security authentication credential—the overall description of device security proof, the device software baseline verification result, and the device security configuration verification result—are normal (i.e., indicate security), the first security authentication credential indicates that the first primary system is secure.
[0132] In some instances, where the software launched by the primary system includes aberrant software, security detection information indicates an abnormal software security status of the primary system, and the primary security authentication credentials indicate that the primary system is insecure. When aberrant software is present, the primary security authentication credentials indicate that the primary system is insecure, and the security module denies the primary system access to security services or lowers its security level. This effectively prevents attackers from exploiting the primary system of the first electronic device to attack the security module, thus preventing malicious attacks and data breaches.
[0133] If the first security authentication credential indicates that the first primary system is secure, the security module allows the first primary system to use security services. If the first security authentication credential indicates that the first primary system is insecure, the security module denies the first primary system from using security services, or the security module lowers the security level of the first primary system and interacts with the first primary system based on the lowered security level.
[0134] For example, if the first security authentication credential indicates that the first primary system's security status is secure, the security module allows the first primary system to use security services, including encrypted communication, sensitive data operations, authentication services, generation of encryption / decryption keys, and provision of stored secure information. If the first security authentication credential indicates that the first primary system's security status is insecure, the first primary system may have security issues such as system vulnerabilities, malware activity, or configuration errors. Based on the first security authentication credential, the security module determines that the first primary system has been tampered with or damaged. The security module takes protective measures, either denying the first primary system access to its security services or downgrading the first primary system's security level, and interacting with the first primary system based on the downgraded security level. For example, the first primary system may only be allowed to access low-sensitivity data or services from the security module.
[0135] For example, the first master system requests the user PIN code service from the security module. The first master system obtains the first security authentication credential and sends it to the security module. The security module receives and verifies the first security authentication credential. If the first security authentication credential indicates that the first master system is secure, the security module allows the first master system to use the security service and sends the user PIN code to the first master system. If the first security authentication credential indicates that the first master system is insecure, the security module refuses the first master system to use the security service and refuses to send the PIN code to the first master system, possibly notifying the first master system by returning an error code or a rejection message. In this way, the security module interacts with the first master system based on the security status indicated by the first security authentication credential, ensuring that the interaction between the first master system and the security module occurs when the first master system is secure. This guarantees the security of the PIN code service of the first electronic device and effectively prevents malicious attacks and data leaks.
[0136] For example, see Figure 7The first master system sends a request to the security module to obtain the user's PIN code service in order to unlock the encrypted image on the first electronic device. The first master system obtains the first security authentication credential and sends it to the security module. After the security module verifies the first security authentication credential, and if the first security authentication credential indicates that the first master system is secure, the security module compares the PIN code entered by the user with the PIN code stored internally. If the PIN code entered by the user matches the stored PIN code, the verification is successful. If the PIN code entered by the user does not match the stored PIN code, the verification fails. If the PIN code verification is successful, the security module generates a decryption key based on the user's PIN code service and sends it to the first master system. The first master system then uses the decryption key to decrypt the encrypted image on the first electronic device accessed by the user.
[0137] In another example, the first master system sends a service request to the security module to obtain an encryption / decryption key. The first master system obtains a first security authentication credential and sends it to the security module. If the security module verifies the first security authentication credential and it indicates that the first master system is secure, the security module allows the first master system to use the security service to obtain the encryption key, generates an encryption / decryption key, and sends it to the first master system. If the first security authentication credential indicates that the first master system is insecure, the security module refuses the first master system's use of the security service and refuses to send the encryption / decryption key to the first master system.
[0138] In another example, the primary system requests to use the payment transaction service provided by the secure element (SE). If the first security authentication credential is verified successfully, and the first security authentication credential indicates that the primary system is insecure, the security module will refuse the primary system's use of the payment transaction service provided by the security module. Alternatively, it may allow the primary system to perform some lower-security operations, but restrict its access to higher-level services such as payment transactions. By demonstrating its security status to the security module, the primary system prevents it from directly obtaining the security module's payment transaction service in the event of an attack on it.
[0139] Understandably, if the security detection information matches the software and security configuration baseline, there is no abnormally booting software in the first main system. The security detection information indicates that the booting software of the first main system is in a secure state, the first security authentication credential indicates that the first main system is secure, and the security module allows the first main system to use the security services provided by the security module. In this case, it indicates that the software and security configuration of the first electronic device have not been tampered with, which means that the overall description of device security proof, the device software baseline verification result, and the device security configuration verification result in the first security authentication credential are all normal.
[0140] For example, if abnormal startup software exists in the first main system, the security detection information indicates that the startup software of the first main system is in an insecure state. The first security authentication credential indicates that the first main system is insecure, the security module refuses the first main system to use the security services provided by the security module, or the security module lowers the security level of the first main system and interacts with the first main system based on the lowered security level. In this case, it indicates that the software and security configuration of the first electronic device have been tampered with, which means that the overall description of device security proof in the first security authentication credential is abnormal, as are the corresponding device software baseline verification results or device security configuration verification results.
[0141] In the aforementioned first electronic device, the first master system sends a first security authentication credential to the security module to verify its own security status, thereby enabling secure interaction between the first master system and the security module. Furthermore, the first electronic device can also prove its security status to the second electronic device, enabling secure interaction between the second electronic device and the first electronic device.
[0142] In a distributed interconnection scenario, a first electronic device sends a first security authentication credential to a second electronic device. The second electronic device, based on the security status indicated by the first security authentication credential, then engages in secure distributed interconnection interaction with the first electronic device. For example, Figure 8 (a) shows a schematic diagram of the first electronic device demonstrating its security status to the second electronic device.
[0143] See Figure 8 In (a), the first master system of the first electronic device sends the first security authentication credential to the second electronic device, and the second electronic device performs secure distributed interconnection and interaction with the first electronic device based on the security status of the first master system indicated by the first security authentication credential.
[0144] In this context, the first electronic device can be the party that initiates the service request, and the second electronic device can be the party that receives the service request.
[0145] In this way, by sending the first security authentication credential of the first main system to the second electronic device through the first electronic device, and after the second electronic device verifies the first security authentication credential, a secure and trusted interaction can be established between the first electronic device and the second electronic device based on the security status indicated by the first security authentication credential. This can effectively prevent malicious attackers from interacting with the second electronic device after attacking the first electronic device, thus avoiding further attacks on the second electronic device, thereby greatly reducing the security risks of the distributed interconnection network environment and enhancing the security of the distributed interconnection system.
[0146] Moreover, the first security authentication credential of the first main system is dynamic, obtained based on the actual security detection information of the first electronic device, and can reflect the real-time health status of the electronic device; rather than being generated based on the fixed static information of the electronic device model.
[0147] In a distributed interconnection scenario, based on the secure interaction method provided in this application, if one electronic device is attacked, its first security authentication credential is updated to the first security authentication credential after the attack. The attacked electronic device is not allowed to establish a connection with another electronic device, nor is it allowed to obtain encrypted files from another electronic device, thus preventing security incidents such as data leakage. However, if the security authentication credential is generated based on static information, the security authentication credential of the attacked electronic device will not be updated, and it can still establish a connection with other electronic devices, causing security incidents such as data leakage.
[0148] Alternatively, when an attacker gains control of a rooted electronic device, the device's initial security authentication credentials are dynamically updated to the new credentials. When the rooted device is in an insecure state, an electronic device with normal control, based on the updated credentials, proves the rooted device is insecure and is not allowed to interact with it, thus preventing the rooted device from being attacked. However, if the security authentication credentials are generated based on static information, the rooted device's credentials will not be updated to the new credentials, allowing it to still interact with the electronic device with normal control, making the latter vulnerable to attack.
[0149] In some embodiments, after obtaining the first security authentication credential, the second electronic device displays the security status of the first main system indicated by the first security authentication credential on the screen of the second electronic device. For example, a prompt message may be displayed on the screen of the second electronic device to indicate to the user whether the first main system is secure or insecure. Based on whether the first main system is secure or insecure, the user can select "accept" or "reject" on the second electronic device, thereby enabling secure distributed interconnection and interaction with the first electronic device.
[0150] For example, see Figure 9 The mobile phone requests the watch to establish a distributed interconnection. The mobile phone is the first electronic device, and the watch is the second electronic device. The mobile phone sends the first security authentication credential of the first main system to the watch. If the first main system is secure, as indicated by the first security authentication credential, the watch screen displays a prompt indicating that the first main system is secure. The user can then choose to "accept" based on the "first main system secure" prompt, thus enabling secure distributed interconnection interaction with the mobile phone.
[0151] In one possible implementation, see Figure 8 In (a) of the above, the first electronic device interacts with the second electronic device through a distributed service. The distributed service can be software running on the first master system of the first electronic device, responsible for providing network interconnection services for multiple distributed electronic devices.
[0152] After receiving the first security authentication credential, the second electronic device verifies it. Specifically, the second electronic device can verify the first security authentication credential through its internal security module. The specific verification process can be found in the previous embodiment, where the security module in the first electronic device verifies the first security authentication credential; details will not be repeated here. If the first security authentication credential is successfully verified and indicates that the first main system is secure, the second electronic device allows the establishment of a distributed interconnection with the first electronic device, or allows the execution of distributed interconnection services with the first electronic device. If the first security authentication credential indicates that the first main system is insecure, the second electronic device refuses to establish a distributed interconnection with the first electronic device, or the second electronic device lowers the security level of the first electronic device and executes distributed interconnection services with the first electronic device based on the lowered security level.
[0153] Specifically, if any of the three conditions in the first security authentication credential—the overall description of device security proof, the device software baseline verification result, and the device security configuration verification result—is abnormal, the first security authentication credential indicates that the first primary system is insecure, and the second electronic device refuses to interconnect with the first electronic device; alternatively, the second electronic device lowers the security level of the first electronic device and interacts with the first electronic device based on the lowered security level. When all three conditions in the first security authentication credential are normal, the first security authentication credential indicates that the first primary system of the first electronic device is secure, and the second electronic device is allowed to interconnect with the first electronic device. By demonstrating the security status of the first primary system of the first electronic device, it proves its own security to the second electronic device, preventing direct attacks on the second electronic device should the first primary system be compromised.
[0154] In some embodiments, see Figure 8In step (b), the first master system sends a first security authentication credential to the second electronic device, enabling the second electronic device to determine the security status of the first master system based on the first security authentication credential. Simultaneously, the first electronic device receives a second security authentication credential from the second electronic device and determines the security status of the second master system based on the second security authentication credential. The first and second electronic devices mutually verify the security status of the peer master system, establishing a secure distributed interconnection when both are secure.
[0155] In one possible implementation, the first master system sends a first security authentication credential to the second electronic device. If the first security authentication credential indicates that the first master system is secure, the second master system of the second electronic device sends a second security authentication credential to the first electronic device. If the second security authentication credential indicates that the second master system is secure, the first electronic device sends an interconnection request to the second electronic device to enable secure distributed interconnection interaction with the second electronic device. If the first security authentication credential indicates that the first master system is insecure, the second master system of the second electronic device does not send the second security authentication credential to the first electronic device. If the second security authentication credential indicates that the second master system is insecure, the first electronic device does not send an interconnection request to the second electronic device.
[0156] In addition, the first electronic device can also verify the security status of the third electronic device, see [link to relevant documentation]. Figure 8 In (c), the first master system of the first electronic device realizes secure distributed interaction between the first electronic device and the third electronic device based on the security status of the third master system sent by the third electronic device. The third electronic device is used to indicate the party initiating the service request, and the first electronic device is used to receive the service request.
[0157] The first master system of the first electronic device receives a third security authentication credential from the third electronic device. This third security authentication credential indicates the security status of the third master system within the third electronic device. After successful verification of the third security authentication credential, the first master system, based on the security status of the third master system indicated by the third security authentication credential, performs distributed interconnection and interaction with the third electronic device. In this way, the first master system of the first electronic device receives and verifies the third security authentication credential from the third electronic device. After successful verification, the first master system, based on the security status in the third security authentication credential, performs distributed interconnection and interaction with the third electronic device, improving the response speed of secure interactions between electronic devices.
[0158] In some embodiments, the third master system of the third electronic device obtains a third security authentication credential from a trusted device. The trusted device may be a server or a security module within the third electronic device. The process by which the third electronic device obtains the third security authentication credential is similar to the process described above for the first electronic device obtaining the first security authentication credential, and will not be repeated here.
[0159] In one possible implementation, see Figure 8 In (c), the third electronic device interacts with the first electronic device through a distributed service. The distributed service can be software running on the third main system of the third electronic device, responsible for providing network interconnection services for multiple distributed electronic devices.
[0160] In other embodiments, a first master system of a first electronic device receives a third security authentication credential from a third electronic device. This third security authentication credential indicates the security status of the third master system within the third electronic device. The first master system sends the third security authentication credential to the security module of the first electronic device for verification. After successful verification, the security module notifies the first master system of the security status of the third master system indicated by the third security authentication credential. Based on the security status of the third master system, the first master system performs distributed interconnection and interaction with the third electronic device. Thus, the first master system of the first electronic device receives the third security authentication credential from the third electronic device and sends it to the security module for verification. After successful verification, the security module notifies the first master system of the security status of the third master system. The first master system then decides whether to perform distributed interconnection and interaction with the third electronic device based on the security status of the third master system. By using the security module to verify the third security authentication credential, the risk of malicious attacks on the third security authentication credential can be reduced.
[0161] When the third security authentication credential indicates that the third master system is secure, the first master system allows the establishment of a distributed interconnection with the third electronic device, or allows the execution of distributed interconnection services with the third electronic device. When the third security authentication credential indicates that the third master system is insecure, the first master system refuses to establish a distributed interconnection with the third electronic device, or refuses to execute distributed interconnection services with the third electronic device, or lowers the security level of the third electronic device and executes distributed interconnection services based on the lowered security level. Thus, when the third master system is secure, the first master system allows the establishment of a distributed interconnection or the execution of related services with the third electronic device, ensuring the smooth operation of normal business processes. When the third master system is insecure, the first master system can take measures such as refusing interaction or lowering the security level before interaction, thereby avoiding interaction with insecure third electronic devices, effectively avoiding security risks, and enhancing the security of the distributed interconnection system.
[0162] In this embodiment, the security module can accurately determine the security status of the first main system by verifying the first security authentication credential, ensuring that the interaction between the first main system and the security module is carried out in a secure state, avoiding the risk of attackers using the first main system of the first electronic device to attack the security module, and effectively preventing malicious attacks and data leakage.
[0163] At the same time, only after the first security authentication credential is verified is the security module allowed to interact with the first main system based on the security status indicated by the first security authentication credential, thereby further improving the security protection of the data of the first electronic device.
[0164] In some embodiments, the security detection information includes startup software metrics and security configuration metrics. The security configuration metrics represent the security status of the security configuration of the first electronic device in its startup and running states. The first security authentication credential is derived based on the startup software metrics and security configuration metrics of the first main system and possesses credibility.
[0165] In other embodiments, when the security module generates the first security authentication credential, it can also store the first security authentication credential internally. The security module does not need to send the first security authentication credential to the first master system, nor does it need to receive the first security authentication credential from the first master system. The security module may also not verify the internally stored first security authentication credential. When a service request is received from the first master system, the security module can perform secure interaction with the first master system based on the security status of the first master system indicated by the internally stored first security authentication credential. Thus, while ensuring secure interaction, it can reduce information exchange, simplify the processing flow, and save resource overhead.
[0166] Furthermore, in distributed device interconnection scenarios, multiple electronic devices can send security authentication credentials to each other before establishing a connection, proving their own identity or verifying the security status of the other party, thus preventing security risks such as unauthorized access and data leakage.
[0167] This application also includes a secure interaction system, comprising a first electronic device and a server. The first electronic device includes a first main system and a security module. The first main system, the security module, and the server can be used to execute the methods and steps described in the foregoing embodiments.
[0168] This application also provides an electronic device, such as... Figure 10 As shown, the electronic device may include one or more processors 1001, memory 1002 and communication interfaces 1003.
[0169] The memory 1002, communication interface 1003, and processor 1001 are coupled together. For example, the memory 1002, communication interface 1003, and processor 1001 can be coupled together via bus 1004.
[0170] The communication interface 1003 is used for data transmission with other devices. The memory 1002 stores computer program code. The computer program code includes computer instructions, which, when executed by the processor 1001, cause the electronic device to perform the secure interaction method or steps performed by the first electronic device in the aforementioned embodiments, or to perform the secure interaction method or steps performed by the server in the aforementioned embodiments.
[0171] The processor 1001 may be a processor or controller, such as a central processing unit (CPU), a general-purpose processor, a digital signal processor (DSP), an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. It can implement or execute the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. The processor may also be a combination that implements computational functions, such as a combination of one or more microprocessors, a combination of a DSP and a microprocessor, etc.
[0172] Bus 1004 can be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus, etc. Bus 1004 can be divided into address bus, data bus, control bus, etc. For ease of representation, Figure 10 The bus is represented by a single thick line, but this does not mean that there is only one bus or one type of bus.
[0173] This application also provides a computer-readable storage medium storing computer program code. When the processor executes the computer program code, it causes a first electronic device to perform the relevant method steps in the above method embodiments, or causes a server to perform the relevant method steps in the above method embodiments.
[0174] This application also provides a computer program product that, when run on a computer, causes the computer to execute the relevant method steps executed by the first electronic device in the above method embodiments, or causes the computer to execute the relevant method steps executed by the server in the above method embodiments.
[0175] The electronic devices, computer storage media, or computer program products provided in this application are all used to execute the corresponding methods provided above. Therefore, the beneficial effects they can achieve can be referred to the beneficial effects in the corresponding methods provided above, and will not be repeated here.
[0176] Through the above description of the embodiments, those skilled in the art can clearly understand that, for the sake of convenience and brevity, only the division of the above functional modules is used as an example. In actual applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the device can be divided into different functional modules to complete all or part of the functions described above.
[0177] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of modules or units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another device, or some features may be ignored or not executed. Furthermore, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between devices or units may be electrical, mechanical, or other forms.
[0178] The units described as separate components may or may not be physically separate. A component shown as a unit can be one or more physical units; that is, it can be located in one place or distributed in multiple different locations. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0179] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.
[0180] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a readable storage medium. Based on this understanding, the technical solution of the embodiments of this application, in essence, or the part that contributes, or all or part of the technical solution, can be embodied in the form of a software product. This software product is stored in a storage medium and includes several instructions to cause a device (which may be a microcontroller, chip, etc.) or processor to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0181] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A secure interaction method, characterized in that, Applied to a first electronic device, the first electronic device including a security module and a first main system, the method includes: The first main system obtains a first security authentication credential, which is obtained based on the security detection information of the first main system, and is used to indicate the security status of the first main system. The first master system sends the first security authentication credential to the security module; After the first security authentication credential is verified, the security module interacts with the first main system based on the security status indicated by the first security authentication credential.
2. The method according to claim 1, characterized in that, The method further includes: The first main system sends a service request information to the security module, the service request information being used to request the use of the security services provided by the security module; The security module interacts with the first main system based on the security status indicated by the first security authentication credential, including: When the first security authentication credential indicates that the first main system is secure, the security module allows the first main system to use the security service; If the first security authentication credential indicates that the first master system is insecure, the security module refuses the first master system to use the security service; or, the security module lowers the security level of the first master system and interacts with the first master system based on the lowered security level.
3. The method according to claim 2, characterized in that, The first master system sends service request information to the security module, including: After the first main system obtains the PIN code entered by the user, it sends the service request information to the security module. The service request information is used to request the use of the user PIN code service provided by the security module. The security module allows the first main system to use the security service, including: If the entered PIN code is correct, the security module generates a decryption key based on the user PIN code service and sends the decryption key to the first main system.
4. The method according to any one of claims 1-3, characterized in that, The method further includes: The first master system sends the first security authentication credential to the second electronic device, so that the second electronic device can interact with the first electronic device based on the security status of the first master system indicated by the first security authentication credential.
5. The method according to any one of claims 1-4, characterized in that, The method further includes: The first master system receives a third security authentication credential from a third electronic device, the third security authentication credential being used to indicate the security status of the third master system in the third electronic device; The first main system sends the third security authentication credential to the security module for verification; After the third security authentication credential is verified, the security module notifies the first main system of the security status of the third main system indicated by the third security authentication credential. The first master system interacts with the third electronic device based on the security status of the third master system.
6. The method according to claim 5, characterized in that, The first master system, based on the security status of the third master system, interconnects and interacts with the third electronic device, including: When the third security authentication credential indicates that the third master system is secure, the first master system allows the establishment of an interconnection with the third electronic device, or allows the execution of interconnection services with the third electronic device; If the third security authentication credential indicates that the third master system is insecure, the first master system refuses to establish an interconnection with the third electronic device, or refuses to perform interconnection services with the third electronic device, or the first master system lowers the security level of the third electronic device and performs interconnection services with the third electronic device based on the lowered security level.
7. The method according to any one of claims 1-6, characterized in that, The method further includes: The first master system sends the first security authentication credential to the second electronic device, so that the second electronic device can determine the security status of the first master system based on the first security authentication credential; The first master system receives a second security authentication credential from the second electronic device; The first master system interacts with the second electronic device based on the security status of the second master system indicated by the second security authentication credential.
8. The method according to any one of claims 1-7, characterized in that, The method further includes: The first main system sends the security detection information to a trusted device; the trusted device includes the security module or a server; the security module includes a security element (SE), an independent security core, or a trusted execution environment (TEE) module. The first main system obtains the first security authentication credential, including: The first master system receives the first security authentication credential from the trusted device, the first security authentication credential being obtained based on the matching of the security detection information with respect to the software and security configuration baseline.
9. The method according to claim 8, characterized in that, The method further includes: The trusted device is the security module. During the over-the-air (OTA) upgrade download process, the security module receives the OTA software package, as well as the software and security configuration baseline, from the OTA server. The security module generates the first security authentication credential based on the matching of the security detection information with respect to the software and security configuration baseline; or, The trusted device is a server, on which the software and security configuration baseline are configured.
10. The method according to any one of claims 1-9, characterized in that, The security detection information is used to characterize the security status of the first electronic device in the startup and running states, and the security status of the security configuration of the first main system software. The security detection information includes startup software metrics and security configuration metrics. The startup software metrics are used to characterize the security status of the software in the startup state of the first electronic device, and the security configuration metrics are used to characterize the security status of the security configuration of the first electronic device in the startup and running states.
11. The method according to claim 10, characterized in that, The first security authentication credential includes a general description of the device security certificate, the device software baseline verification result, and the device security configuration verification result; The overall description of the device security certificate is used to indicate whether the first main system is generally secure, the device software baseline verification result is used to indicate whether the software of the first main system is secure, and the device security configuration verification result is used to indicate whether the security configuration of the first main system is secure.
12. The method according to claim 10, characterized in that, The first security authentication credential also includes a credential signature, a challenge value, and a device identifier, and the method further includes: The security module verifies the credential signature to verify the integrity of the first security authentication credential; The security module performs anti-replay verification based on the challenge value; The security module performs device matching verification on the device identifier in the first security authentication credential.
13. The method according to any one of claims 1-12, characterized in that, If the software launched by the first main system includes abnormal software, the security detection information indicates that the software security status of the first main system is abnormal, and the first security authentication credential indicates that the first main system is insecure. The interaction with the first main system based on the security status indicated by the first security authentication credential includes: The security module refuses the first main system from using the security services provided by the security module; Alternatively, the security module may reduce the security level of the first main system and interact with the first main system based on the reduced security level.
14. A secure interactive system, characterized in that, include: A first electronic device and a server; the first electronic device includes a first main system and a security module; The first main system is used to obtain security detection information from the first main system and send the security detection information to the server; The server is used to obtain a first security authentication credential based on the matching of the security detection information with respect to the software and security configuration baseline, and send the first security authentication credential to the first main system; The first master system is configured to, after obtaining the first security authentication credential, send the first security authentication credential to the security module, wherein the first security authentication credential is used to indicate the security status of the first master system; The security module is used to interact with the first main system based on the security status indicated by the first security authentication credential after the first security authentication credential has been verified.
15. An electronic device, characterized in that, include: A memory, one or more processors; the memory is coupled to the processors; wherein the memory stores computer program code, the computer program code including computer instructions, which, when executed by the processor, cause the electronic device to perform the secure interaction method as described in any one of claims 1-13.
16. A chip system, characterized in that, The chip system is applied to an electronic device, the chip system including one or more processors, the processors being used to invoke computer instructions to cause the electronic device to perform the secure interaction method as described in any one of claims 1-13.