[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2021035582A1 - Method for processing data during password input, data processing apparatus, and electronic device - Google Patents

Method for processing data during password input, data processing apparatus, and electronic device Download PDF

Info

Publication number
WO2021035582A1
WO2021035582A1 PCT/CN2019/103118 CN2019103118W WO2021035582A1 WO 2021035582 A1 WO2021035582 A1 WO 2021035582A1 CN 2019103118 W CN2019103118 W CN 2019103118W WO 2021035582 A1 WO2021035582 A1 WO 2021035582A1
Authority
WO
WIPO (PCT)
Prior art keywords
processor
sensor
data
sensor data
data processing
Prior art date
Application number
PCT/CN2019/103118
Other languages
French (fr)
Chinese (zh)
Inventor
赵谦
陈光跃
刘彭劼
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201980007039.7A priority Critical patent/CN112740204A/en
Priority to PCT/CN2019/103118 priority patent/WO2021035582A1/en
Publication of WO2021035582A1 publication Critical patent/WO2021035582A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • This application relates to the field of data security technology, and in particular to a data processing method, data processing device and electronic equipment in password input.
  • the embodiments of the present application provide a data processing method, data processing device, and electronic equipment in password input, which are used to protect sensor data and provide protection for the user's password security.
  • an embodiment of the present application provides a data processing device in password input, including: a low-power processor for receiving sensor data output by the sensor and transmitting the sensor data to the processor; the processor, and Low-power processor coupling, used to prevent at least one software program running by the processor from accessing sensor data during the user's password input; the power consumption of the processor is higher than that of the low-power processor .
  • the sensor includes one or more of the following: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a Hall sensor.
  • the processor prevents at least one software program running by the processor from accessing sensor data, and thus requests a specific software program for obtaining sensor data, such as an application program Then the sensor data cannot be obtained.
  • the sensor data will no longer be arbitrarily obtained by the software program, and it is difficult for an attacker to crack the user password through the sensor data.
  • the at least one software program includes an application software program.
  • at least one software program may belong to non-secure software.
  • the processor runs the software to form a secure environment and a non-secure environment, and at least one software program is non-secure software.
  • the non-secure software can initiate a data request through a secure/non-secure interface driver to obtain sensor data. Once non-secure software is prohibited from acquiring sensor data, the security of password input will be improved.
  • the processor when the processor prevents at least one software program running by the processor from accessing the sensor data, it is specifically used to discard the sensor data or replace the sensor data with fake data.
  • the sensor data can be discarded or the sensor data can be replaced with fake data, and it is difficult for an attacker to crack the user password through the sensor data.
  • the data processing device further includes a protection unit for preventing the low-power processor from continuing to receive sensor data under the control of the processor; the processor is preventing at least one software program running by the processor from pairing When the sensor data is accessed, it is specifically used for: the processor controls the protection unit to perform an operation that prevents the low-power processor from continuing to receive the sensor data.
  • a protection unit can be set between the sensor and the low-power processor, and the sensor data is cut off by the protection unit when the user enters the password, and it is difficult for an attacker to crack the user password through the sensor data.
  • the protection unit is specifically configured to prevent the sensor data connection between the low-power processor and the sensor under the control of the processor.
  • the protection unit is specifically used to: disable the interface between the sensor and the low-power processor, or disable the data transmission function of the interface, or disable the interface between the sensor and the low-power processor Or set the data line to a preset level.
  • the protection unit is specifically used to: disable the sensor.
  • the processor is further configured to: determine whether the user is performing password input.
  • the processor can trigger the aforementioned operation of preventing at least one software program from accessing sensor data when it determines that the user is performing password input.
  • the processor determines whether the user is performing password input, it is specifically used to determine whether the user is performing password input through the indication of the status flag bit.
  • the processor is further configured to: run security software, and set a status flag when the security software detects that the user performs password input.
  • the security software may include unlocking software.
  • an embodiment of the present application also provides an electronic device, including the data processing device and sensor provided in the first aspect.
  • the embodiment of the present application provides a data processing method in password input.
  • the method includes the following steps: the low-power processor receives sensor data output by the sensor, and transmits the sensor data to the processor; the processor prevents at least one software program run by the processor from accessing the sensor during the password input by the user. Data access.
  • the power consumption of the processor is higher than the power consumption of the low-power processor.
  • the at least one software program includes an application software program.
  • at least one software program may belong to non-secure software.
  • the processor preventing at least one software program run by the processor from accessing the sensor data may be implemented in the following manner: the processor discards the sensor data or replaces the sensor data with fake data.
  • the processor preventing at least one software program running by the processor from accessing the sensor data can also be implemented in the following manner: the processor controls the protection unit to perform an operation that prevents the low-power processor from continuing to receive the sensor data.
  • the method provided by the third aspect further includes: the processor judging whether the user is performing password input.
  • the specific way for the processor to determine whether the user is performing the password input may be: the processor determines whether the user is performing the password input through the indication of the status flag bit.
  • the method provided by the third aspect further includes the processor running security software, and setting a status flag when the security software detects that the user performs a password input.
  • the security software includes unlocking software.
  • the senor includes one or more of the following: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a Hall sensor.
  • FIG. 1 is a schematic structural diagram of an electronic device provided by an embodiment of this application.
  • FIG. 2 is a schematic diagram of a software module in an SoC provided by an embodiment of the application.
  • FIG. 3 is a schematic flowchart of a solution executed by each software module in an SoC according to an embodiment of the application;
  • FIG. 4 is a schematic diagram of data received by an application in each state according to an embodiment of the application
  • FIG. 5 is a schematic structural diagram of another integrated chip provided by an embodiment of the application.
  • FIG. 6 is a schematic structural diagram of a first type of protection unit provided by an embodiment of this application.
  • FIG. 7 is a schematic structural diagram of a second type of protection unit provided by an embodiment of the application.
  • FIG. 8 is a schematic structural diagram of a third type of protection unit provided by an embodiment of this application.
  • FIG. 9 is a schematic structural diagram of a fourth type of protection unit provided by an embodiment of the application.
  • FIG. 10 is a schematic structural diagram of a fifth type of protection unit provided by an embodiment of this application.
  • FIG. 11 is a schematic structural diagram of a sixth type of protection unit provided by an embodiment of the application.
  • FIG. 12 is a schematic structural diagram of an electronic device provided by an embodiment of this application.
  • FIG. 13 is a schematic flowchart of a data processing method provided by an embodiment of this application.
  • the electronic device includes a system on chip (system on chip, SoC) and a sensor.
  • SoC includes a processor, specifically an application processor (application central processing unit, ACPU), and may further include other types of processors, such as digital signal processors, artificial intelligence processors, or microcontrollers.
  • SoC also includes low-power micro-control unit (LP MCU).
  • LP MCU low-power micro-control unit
  • a low-power microprocessor may also be referred to as a low-power processor, and its power consumption is lower than the power consumption of the processor, for example, lower than the power consumption of an application processor.
  • electronic devices include, but are not limited to, smart phones, smart watches, smart TVs, tablet computers, virtual reality (VR) devices, augmented reality (AR) devices, and Internet of things (IoT) devices , Personal computers, handheld computers, personal digital assistants.
  • VR virtual reality
  • AR augmented reality
  • IoT Internet of things
  • the senor is a device used to perceive external data or environmental parameters in the electronic device.
  • the sensor can be based on an interconnected integrated circuit (inter-integrated circuit, I2C) bus or a serial peripheral interface ( Serial peripheral interface, SPI) bus and other low-speed bus devices.
  • I2C inter-integrated circuit
  • SPI Serial peripheral interface
  • the interface used by the sensor may also be an interface other than a low-speed bus, such as a high-speed bus, which is not limited in this embodiment.
  • the sensor can be used to detect the state of the electronic device and its surrounding environment (such as acceleration, magnetic field strength, light intensity, and air pressure).
  • the sensor may be one or more of a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a Hall sensor.
  • the sensor since the sensor usually needs to work in a low power consumption state, the sensor generally uses a low-speed bus to connect to the low-power processor of the SoC.
  • the low-power processor is mainly used to simply process the sensor data and then transmit it to the application processor, so that the application processor can perform subsequent processing on the data.
  • the application processor is used to process various functions and services of the electronic device, such as implementing various application software (APP) functions, providing users with unlocking services and other password operations, and performing various password operations on sensors. Control and dispatch, process sensor data, etc.
  • the application processor runs the software to form different environments, such as a secure environment and a non-secure environment, that is, the software can be divided into a secure software side and a non-secure software side.
  • a secure environment and a non-secure environment that is, the software can be divided into a secure software side and a non-secure software side.
  • data and programs that require a higher level of security such as user privacy and payment security
  • data and programs that require less security level are located on the side of non-secure software.
  • the non-safety software side can initiate a data request through the safety/non-safety interface driver to obtain data on the safety software side.
  • the unlocking application and the sensor data processing application are located on the side of the security software.
  • the non-safe software side corresponds to the normal environment
  • the safe software side corresponds to the trusted execution environment (TEE).
  • the Android system although the application software used for sensor data processing is located on the security software side, the Android system does not limit the access rights of the sensor data, that is, the security software side may not Any application, service, and process on the security software side can access sensor data when needed.
  • Sensor data as a public resource of the entire system, is open to all applications, services, and processes. Therefore, when the user executes the password input process, the attacker can easily obtain the sensor data, and based on the machine learning model and massive learning data, analyze the possible password combination of the obtained sensor data, and try to crack the mobile phone password.
  • the embodiments of the present application provide an integrated chip and data processing method to protect sensor data and prevent attackers from performing sensor-based side-channel attacks during the user's password input process, that is, to prevent user passwords from being compromised. Cracking, so as to provide protection for the user's password security and mobile phone security.
  • the data processing device in password input may include a processor and a low-power processor.
  • the processor may include the application processor in the electronic device shown in FIG. 1, and may also include other necessary types of processors, such as microcontrollers, digital signal processors or artificial intelligence processors, etc., low-power processing
  • the processor may be a low-power processor in the electronic device shown in FIG. 1.
  • the low-power processor is a sensor hub (Sensor Hub).
  • the low-power processor is used to receive sensor data output by the sensor and transmit the sensor data to the processor; the processor is coupled with the low-power processor to prevent the processor from running when the user executes the password input process Access to sensor data by at least one software program; wherein the power consumption of the processor is higher than the power consumption of the low-power processor.
  • the at least one software program includes an application software program, and can also optionally include other types of software, such as driver software or plug-ins.
  • the at least one software program may be non-secure software, that is, the processor runs the software to form a secure environment and a non-secure environment, that is, the at least one software program is non-secure software, and the non-secure software can initiate a data request through a secure/non-secure interface driver, To obtain sensor data. Preventing at least one non-secure software program running by the processor from accessing sensor data helps improve the security of password input.
  • the processor does not allow sensor data to be acquired by any application at any time as in the prior art, but prevents the processor from running when the user executes the password input process.
  • At least one software program accesses the sensor data, so the application requesting to obtain the sensor data cannot obtain the sensor data or only obtains the fixed dummy data (that is, the fixed value data, for example, such as 0x00, 0xFF, etc.).
  • the sensor data will no longer be arbitrarily obtained by software programs (applications on the security software side or applications on the non-security software side), and it is difficult for an attacker to crack the user password through the sensor data.
  • the processor can also be used to determine whether the user is performing password input. In other words, when the processor determines that the user is performing password input, it can trigger the aforementioned operation of preventing at least one software program from accessing sensor data. Specifically, the processor can determine whether the user is performing password input through the indication of the status flag bit. That is, in the embodiment of the present application, a status flag bit is set in the processor to indicate whether the user is performing password input.
  • the status flag bit may be located on the side of the security software to prevent the status flag bit from being maliciously tampered with.
  • the status flag is used to indicate whether the electronic device is successfully unlocked. In practical applications, it can be designed as follows: when the status flag bit is the first value, the status flag bit is used to indicate that the electronic device is in the unlocking state; when the status flag bit is the second value, the status flag bit is used to indicate that the electronic device is locked Status: When the status flag bit is the third value, the status flag bit is used to indicate that the electronic device is in the unlocked state.
  • the status flag bit can be represented by Lockstatus.
  • the unlocked state that is, the electronic device has been unlocked.
  • the embodiment of the present application uses an unlocking scenario as an example to describe an application scenario for inputting a password, so that this solution is better suitable for this scenario.
  • the data processing scheme when the user performs password input involved in this embodiment can also be applied to other scenarios with password input, and is not limited to the unlocking scenario.
  • the status flag bit can be set in the following manner: the processor runs the security software and sets the status flag bit when the security software (for example, unlocking software) detects that the user performs a password input.
  • the security software for example, unlocking software
  • the processor can no longer prevent the application from accessing the sensor data. That is, in the case that the user does not perform a password input operation, the sensor data can be obtained by the application on the secure software side or the non-secure software side.
  • the low-power processor and the processor may be integrated in an integrated chip.
  • the integrated chip may be the SoC in the electronic device shown in FIG. 1.
  • the low-power processor and the processor may also be integrated in different chips, for example, the processor is integrated in the SoC, and the low-power processor is coupled to the SoC as a separate chip. This embodiment does not limit various possible variations of the SoC.
  • the application software in the application processor may be on the secure software side or the non-secure software side. Then, the corresponding functions in the above-mentioned processor can also be implemented cooperatively by software modules located on the secure software side or the non-secure software side.
  • the division of software modules in the ACPU and the LP MCU may be as shown in FIG. 2.
  • ACPU includes five software modules: unlocking application and unlocking service, secure/non-secure interface driver, sensor frame service, sensor data processing module and ordinary upper-level application.
  • the above modules are software modules in the software system, and the software system is also called the system
  • the software may include other software modules, which is not limited in this embodiment.
  • Software systems include operating systems, plug-ins, middleware, and application software.
  • the LP MCU includes sensor drivers.
  • the sensor driver is also coupled with the sensor hardware, such as running on the LP MCU core coupled to the sensor hardware.
  • the sensor hardware may include various types of sensors. For details, refer to the introduction in the previous embodiment.
  • the unlocking application and the unlocking service are used to initiate the unlocking operation when the system software needs to be unlocked, guide the user to unlock, and output the status flag to the sensor data processing module;
  • the secure/non-secure interface driver is used for the secure software side and the non-secure software side.
  • the normal upper-layer application on the non-secure side initiates a data request and drives to return the requested data or status
  • the sensor framework service is the realization of the sensor software in the system software, used for higher-level software to control and schedule the sensor, and data transmission
  • the sensor data processing module After reaching the sensor data processing module, it is sent to the application on the non-safety software side through the safety/non-safety interface;
  • the sensor data processing module is used to process the sensor data transmitted by the sensor frame service, and the data processing flow is carried out under the control of the status flag;
  • the upper-level application refers to a general Android application. When the application needs to obtain sensor data, it drives to request sensor data by calling a secure/non-secure interface.
  • the sensor driver is an interactive module between sensor hardware and system software. The sensor driver realizes the control and data transmission of the low-speed bus through the underlying code, and at the same time simply processes the sensor data and sends it to the sensor frame service.
  • the unlocking application and unlocking service, the sensor frame service, and the sensor data processing module are located on the secure software side, and the common upper-layer applications are located on the non-secure software side.
  • the unlocking application and the unlocking service are used to output status flags
  • the sensor data processing module is used to process the sensor data transmitted by the sensor frame service according to the status flags.
  • the sensor data processing module can periodically poll to access the status flag (for example, the access cycle is tens of ms), if the polling result is unlocking (that is, the user is performing a password input scenario) Specific example), then the data channel between the sensor data processing module and the sensor frame service is switched to the disconnected state at this time, and the data request of the secure/non-secure interface is not responded.
  • the sensor data processing module notifies the sensor framework service to clear the sensor data, or transmits fixed sensor dummy data, such as 0x00, 0xFF, etc.
  • the data received by the ordinary upper-layer application may be as shown in FIG. 4.
  • the ordinary upper-layer application receives normal sensor data; when the electronic device is in the unlocking state, the ordinary upper-layer application cannot receive data.
  • scheme 2 shown in FIG. 5 when the electronic device is in the locked state and the unlocked state, the ordinary upper-layer application receives normal sensor data; when the electronic device is in the unlocking state, the ordinary upper-layer application receives fixed dummy data.
  • the processor preventing at least one software program running by the processor from accessing sensor data can be implemented in a software manner or in a hardware manner.
  • the two methods are introduced separately below.
  • the processor prevents at least one software program running by the processor from accessing the sensor data, it can be specifically implemented in the following manner: discarding the sensor data or replacing the sensor data with fake data.
  • the processor can discard the sensor data or replace the sensor data with dummy data when the user performs the password input. Then the application requesting the sensor data cannot obtain the sensor data or only obtain the fixed dummy data. It is also difficult for an attacker to crack user passwords through sensor data.
  • the data processing device may further include: a protection unit, configured to prevent the low-power processor from continuing to receive sensor data under the control of the processor; then, the processor is preventing at least one software program running by the processor
  • the access to sensor data is specifically implemented in the following manner: the processor controls the protection unit to perform an operation that prevents the low-power processor from continuing to receive sensor data.
  • a protection unit may be provided between the sensor and the low-power processor, as shown in FIG. 5, so that when the user enters a password, the protection unit performs an operation to prevent the low-power processor from continuing to receive sensor data. Then the application requesting to obtain the sensor data cannot obtain the sensor data or only obtain the fixed fake data, and it is difficult for an attacker to crack the user password through the sensor data.
  • the protection unit is specifically configured to prevent the sensor data connection between the low-power processor and the sensor under the control of the processor.
  • the protection unit prevents the sensor data connection between the low-power processor and the sensor, which can be implemented in different ways.
  • the protection unit can disable the interface between the sensor and the low-power processor, or the protection unit can disable the interface between the sensor and the low-power processor.
  • the data transmission function can be interfaced, or the protection unit can disable the data line between the sensor and the low-power processor, or the protection unit can set the data line to a preset level.
  • the protection unit can also directly disable the sensor.
  • the protection unit can be implemented in multiple ways, several of which are listed below.
  • the protection unit includes an active transistor, which is coupled to the data bus between the low-power processor and the sensor, and is used to switch the electronic device into the unlocking state when the unlock state flag bit indicates The level of the data bus is pulled high or low.
  • the active transistor as a metal oxide semiconductor (MOS) as an example
  • MOS metal oxide semiconductor
  • the gate of the MOS inputs a high level, so that the MOS transistor is turned on.
  • the level of the data bus between the low-power processor and the sensor is pulled up or down, depending on whether the voltage connected to the transistor is high or low.
  • the protection unit sends the low-power processor to the low-power processor. If the output is high or low, it will be difficult for an attacker to obtain sensor data and use the sensor data to crack the user's password.
  • the protection unit is an active transistor
  • the connection relationship between the active transistor, the sensor and the low-power processor may be as shown in FIG. 6.
  • the active transistor is used to pull the data bus high (high level) according to the unlock state flag output by the processor; in the example b of Figure 6, the active transistor is used for the root processor output
  • the unlocked status flag bit pulls the data bus low (GND).
  • the active transistor can also be implemented by other devices that can fix the bus level, which is not specifically limited in the embodiment of the present application.
  • the protection unit includes an analog switch, which is coupled to the data bus between the low-power processor and the sensor, and is used for enabling when the unlocking state flag indicates that the electronic device is in the unlocking state.
  • an analog switch can be added to the data bus between the sensor and the low-power processor, and the analog switch is in the enabled state by default to turn on the data bus.
  • the processor controls the enable signal of the analog switch to make the analog switch in the disabled state, and disconnect the data bus between the sensor and the low-power processor, as shown in Figure 7. Show.
  • the protection unit includes a first register, the first register is used to store the unlock state flag bit and output to the input/output (input/output, IO) interface of the low-power processor, and to control the IO interface
  • the unlock state flag indicates that the electronic device is in the unlocking state, it switches to a general-purpose input/output (GPIO) function.
  • GPIO general-purpose input/output
  • the IO interface of the processor and the low-power processor supports function multiplexing.
  • the IO interface supports the function multiplexing of the data interface and the GPIO interface.
  • the multiplexing selection signal of the IO interface can be controlled by the first register, and the IO interface is set as the data interface by default; when it is detected that the electronic device is in the unlocking state, the IO multiplexing selection signal is controlled through the first register to make the IO interface
  • the function is switched to GPIO, so as to achieve the effect of cutting off the transmission channel of sensor data, as shown in Figure 8.
  • the protection unit includes a second register, which is coupled with the processor, and is used to store the unlock state flag bit and output to the IO interface of the low-power processor, and control the IO interface in the unlock state
  • the flag bit indicates that the electronic device is disabled when it is in the unlocking state.
  • the IO interface of the processor and the low-power processor supports state switching of enabling and disabling.
  • the IO interface is in the enabled state.
  • the IO interface is controlled to switch to the disabled state through the second register, so as to achieve the effect of cutting off the transmission channel of the sensor data, as shown in FIG. 9.
  • the protection unit includes a power management unit (PMU), and the PMU is used to power off the sensor when the unlock state flag indicates that the electronic device is in the unlocking state.
  • the PMU is respectively coupled with the application processor and the sensor. If it is detected that the electronic device is unlocking, the PMU will power off the sensor under the control of the application processor, so as to cut off the sensor data transmission channel, as shown in Figure 10. Shown.
  • the application processor can send the sensor to the RST tube of the sensor.
  • the pin sends a reset signal to make the sensor in the reset state, or sends a de-enable signal to the ENA pin of the sensor to make the sensor in the de-enable state, so that the sensor cannot output sensor data, thereby achieving the effect of cutting off the sensor data transmission channel , As shown in Figure 11.
  • the processor prevents at least one software program running by the processor from accessing sensor data, so the application program that requests sensor data is convenient. Unable to obtain sensor data or only fixed fake data. Compared with the prior art, sensor data will no longer be arbitrarily obtained by software programs (applications on the secure software side or applications on the non-secure software side), and it is difficult for an attacker to crack the user password through the sensor data.
  • an embodiment of the present application also provides an electronic device, which includes the aforementioned data processing device and sensor, as shown in FIG. 12.
  • the data processing device may correspond to the system-on-chip shown in FIG. 1, and the sensor corresponds to the description of FIG. 1 and the previous embodiment.
  • the electronic device can be a complete device or part of its components. This electronic device includes but is not limited to a smart phone.
  • the embodiment of the present application also provides a data processing method in password input. As shown in Figure 13, the method includes the following steps.
  • the low-power processor receives sensor data output by the sensor, and transmits the sensor data to the processor.
  • the processor prevents at least one software program run by the processor from accessing the sensor data during the password input process by the user.
  • the power consumption of the processor is higher than the power consumption of the low-power processor.
  • the data processing method shown in FIG. 13 can be regarded as the method performed by the aforementioned data processing device, and the implementation of the data processing method shown in FIG. 13 that is not described in detail can be referred to the relevant description in the aforementioned data processing device. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Telephone Function (AREA)
  • Power Sources (AREA)

Abstract

A method for processing data during password input, a data processing apparatus, and an electronic device, which are used to protect sensor data and which guarantee password security for a user. The data processing apparatus comprises: a low-power processor, which is used to receive sensor data that is outputted by a sensor and transmit the sensor data to a processor; and the processor, which is coupled with the low-power processor and which is used when a user executes password input to stop at least one software program run by the processor from accessing the sensor data. The power consumption of the processor is higher than that of the low-power processor.

Description

在密码输入中的数据处理方法、数据处理装置及电子设备Data processing method, data processing device and electronic equipment in password input 技术领域Technical field
本申请涉及数据安全技术领域,尤其涉及一种在密码输入中的数据处理方法、数据处理装置及电子设备。This application relates to the field of data security technology, and in particular to a data processing method, data processing device and electronic equipment in password input.
背景技术Background technique
目前电子设备(比如手机)中保存的用户数据越来越多,用户隐私也越来越重要,因而对电子设备的安全性的要求也在不断提升。电子设备从开始的滑动解锁发展到密码解锁、图案解锁,到现在的生物识别解锁,解锁方式也在不断演进。但无论使用哪种解锁方式,数字密码是所有解锁方式的基础,原因主要有以下几点:1、在设置指纹/面容之前需要优先设置密码解锁;2、在手机重启后要求输入密码解锁;3、手机每隔一段时间需要输入密码解锁;4、生物识别解锁失败后,只能通过密码解锁。因此,针对手机密码进行攻击时,可以针对数字密码进行攻击。At present, more and more user data are stored in electronic devices (such as mobile phones), and user privacy is becoming more and more important. Therefore, the requirements for the security of electronic devices are constantly increasing. From the beginning of sliding unlocking to unlocking with passwords and pattern unlocking of electronic devices, to the current biometric unlocking, unlocking methods are constantly evolving. However, no matter which unlocking method is used, the digital password is the basis of all unlocking methods. The main reasons are as follows: 1. Priority is required to set the password to unlock before setting the fingerprint/face; 2. The password is required to be unlocked after the phone is restarted; 3. , The mobile phone needs to enter a password to unlock at intervals; 4. After the biometric unlocking fails, it can only be unlocked with a password. Therefore, when attacking the mobile phone password, you can attack the digital password.
目前,存在这样一种针对手机密码的攻击方式:为了实现更多的功能,电子设备上通常配置有各种类型的传感器。在目前的各类操作系统,如Android版本中,系统并没有针对传感器权限的要求,即任何有应用、进程和服务均可以在需要时申请获取传感器数据,传感器数据作为系统的公共资源,对所有应用、进程和服务开放。攻击者诱导用户安装分析手机密码的app,由于传感器数据为系统的公共资源,因而该app可以采集到电子设备解锁过程中各种传感器的信息(包括手机倾角、旋转角度、光线等),再根据机器学习模型和海量学习数据,分析出几种可能的密码组合,然后对手机密码进行尝试破解。这种攻击方式也可以称为基于传感器的侧信道攻击(side channel attack,SCA)。Currently, there is such an attack method against mobile phone passwords: in order to achieve more functions, electronic devices are usually equipped with various types of sensors. In the current various operating systems, such as the Android version, the system does not have requirements for sensor permissions, that is, any application, process, and service can apply for sensor data when needed. Sensor data is a public resource of the system, for all Open applications, processes and services. The attacker induces users to install an app that analyzes mobile phone passwords. Since sensor data is a public resource of the system, the app can collect information from various sensors (including mobile phone inclination, rotation angle, light, etc.) during the unlocking process of the electronic device. The machine learning model and massive learning data analyze several possible password combinations, and then try to crack the mobile phone password. This attack method can also be called a sensor-based side channel attack (SCA).
有数据表明,利用加速度计和陀螺仪这两类传感器的数据组合后进行侧信道密码分析,密码破解成功率70%。因此,不难看出,在Android设备密码解锁过程中,攻击者可以很容易地通过获取传感器数据来破解手机密码,对用户隐私和电子设备的安全性带来威胁。Data shows that using the combination of accelerometer and gyroscope data to perform side-channel cryptanalysis, the success rate of cipher cracking is 70%. Therefore, it is not difficult to see that in the process of unlocking the Android device password, an attacker can easily crack the mobile phone password by obtaining sensor data, which poses a threat to user privacy and the security of electronic devices.
发明内容Summary of the invention
本申请实施例提供了一种在密码输入中的数据处理方法、数据处理装置及电子设备,用以对传感器数据进行保护,为用户的密码安全提供保障。The embodiments of the present application provide a data processing method, data processing device, and electronic equipment in password input, which are used to protect sensor data and provide protection for the user's password security.
第一方面,本申请实施例提供一种在密码输入中的数据处理装置,包括:低功耗处理器,用于接收传感器输出的传感器数据,并将传感器数据传输至处理器;处理器,与低功耗处理器耦合,用于在用户执行密码输入的过程中,阻止处理器所运行的至少一个软件程序对传感器数据的访问;其中处理器的功耗高于低功耗处理器的功耗。可选地,传感器包括以下一种或多种:指南针、陀螺仪、加速度计、环境光传感器、接近光传感器、气压计、或霍尔传感器。In the first aspect, an embodiment of the present application provides a data processing device in password input, including: a low-power processor for receiving sensor data output by the sensor and transmitting the sensor data to the processor; the processor, and Low-power processor coupling, used to prevent at least one software program running by the processor from accessing sensor data during the user's password input; the power consumption of the processor is higher than that of the low-power processor . Optionally, the sensor includes one or more of the following: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a Hall sensor.
采用第一方面提供的数据处理装置,在用户执行密码输入的过程中,处理器阻止处理器所运行的至少一个软件程序对传感器数据的访问,因而请求获取传感器数据的特定软件程序,如应用程序便无法获取传感器数据。与现有技术相比,传感器数据不会再被所述软件程序任意获取,攻击者也就难以通过传感器数据破解用户密码。With the data processing device provided in the first aspect, during the password input process of the user, the processor prevents at least one software program running by the processor from accessing sensor data, and thus requests a specific software program for obtaining sensor data, such as an application program Then the sensor data cannot be obtained. Compared with the prior art, the sensor data will no longer be arbitrarily obtained by the software program, and it is difficult for an attacker to crack the user password through the sensor data.
在一种可能的设计中,至少一个软件程序包括应用软件程序。具体地,至少一个软件程序可以属于非安全软件。采用上述方案,处理器运行软件形成安全环境和非安全环境,至少一个软件程序为非安全软件,该非安全软件可以通过安全/非安全接口驱动发起数据请求,以获取传感器数据。一旦非安全软件被禁止获取传感器数据,密码输入的安全性将得到提升。In one possible design, the at least one software program includes an application software program. Specifically, at least one software program may belong to non-secure software. With the above solution, the processor runs the software to form a secure environment and a non-secure environment, and at least one software program is non-secure software. The non-secure software can initiate a data request through a secure/non-secure interface driver to obtain sensor data. Once non-secure software is prohibited from acquiring sensor data, the security of password input will be improved.
在一种可能的设计中,处理器在阻止处理器所运行的至少一个软件程序对传感器数据的访问时,具体用于:丢弃传感器数据或者将传感器数据用伪数据代替。采用上述方案,可以丢弃传感器数据或者将传感器数据用伪数据代替,攻击者也就难以通过传感器数据破解用户密码。In a possible design, when the processor prevents at least one software program running by the processor from accessing the sensor data, it is specifically used to discard the sensor data or replace the sensor data with fake data. With the above solution, the sensor data can be discarded or the sensor data can be replaced with fake data, and it is difficult for an attacker to crack the user password through the sensor data.
在一种可能的设计中,数据处理装置中还包括保护单元,用于在处理器的控制下阻止低功耗处理器继续接收传感器数据;处理器在阻止处理器所运行的至少一个软件程序对传感器数据的访问时,具体用于:处理器控制保护单元执行阻止低功耗处理器继续接收传感器数据的操作。采用上述方案,可以在传感器和低功耗处理器之间设置保护单元,在用户输入密码时通过保护单元执行传感器数据的切断操作,攻击者也就难以通过传感器数据破解用户密码。In a possible design, the data processing device further includes a protection unit for preventing the low-power processor from continuing to receive sensor data under the control of the processor; the processor is preventing at least one software program running by the processor from pairing When the sensor data is accessed, it is specifically used for: the processor controls the protection unit to perform an operation that prevents the low-power processor from continuing to receive the sensor data. With the above solution, a protection unit can be set between the sensor and the low-power processor, and the sensor data is cut off by the protection unit when the user enters the password, and it is difficult for an attacker to crack the user password through the sensor data.
具体地,保护单元具体用于:在处理器的控制下阻止低功耗处理器和传感器之间的传感器数据连接。在第一种实现方式中,保护单元具体用于:去使能传感器与低功耗处理器之间的接口或去使能接口的数据传输功能或去使能传感器与低功耗处理器之间的数据线或将数据线设置为预设电平。在第二种实现方式中,保护单元具体用于:去使能传感器。Specifically, the protection unit is specifically configured to prevent the sensor data connection between the low-power processor and the sensor under the control of the processor. In the first implementation, the protection unit is specifically used to: disable the interface between the sensor and the low-power processor, or disable the data transmission function of the interface, or disable the interface between the sensor and the low-power processor Or set the data line to a preset level. In the second implementation manner, the protection unit is specifically used to: disable the sensor.
可选地,处理器还用于:判断用户是否正在执行密码输入。采用上述方案,处理器在判断用户正在执行密码输入的情况下,可以触发前述阻止至少一个软件程序对传感器数据的访问的操作。其中,处理器在判断用户是否正在执行密码输入时,具体用于:通过状态标志位的指示判断用户是否正在执行密码输入。Optionally, the processor is further configured to: determine whether the user is performing password input. With the above solution, the processor can trigger the aforementioned operation of preventing at least one software program from accessing sensor data when it determines that the user is performing password input. Wherein, when the processor determines whether the user is performing password input, it is specifically used to determine whether the user is performing password input through the indication of the status flag bit.
可选地,处理器还用于:运行安全软件,并在安全软件检测到用户执行密码输入时设置状态标志位。其中,安全软件可以包括解锁软件。Optionally, the processor is further configured to: run security software, and set a status flag when the security software detects that the user performs password input. Among them, the security software may include unlocking software.
第二方面,本申请实施例还提供一种电子设备,包括第一方面提供的数据处理装置和传感器。In a second aspect, an embodiment of the present application also provides an electronic device, including the data processing device and sensor provided in the first aspect.
第三方面,本申请实施例提供一种在密码输入中的数据处理方法。该方法包括如下步骤:低功耗处理器接收传感器输出的传感器数据,并将传感器数据传输至处理器;处理器在用户执行密码输入的过程中,阻止处理器所运行的至少一个软件程序对传感器数据的访问。其中,处理器的功耗高于低功耗处理器的功耗。In the third aspect, the embodiment of the present application provides a data processing method in password input. The method includes the following steps: the low-power processor receives sensor data output by the sensor, and transmits the sensor data to the processor; the processor prevents at least one software program run by the processor from accessing the sensor during the password input by the user. Data access. Among them, the power consumption of the processor is higher than the power consumption of the low-power processor.
其中,至少一个软件程序包括应用软件程序。具体地,至少一个软件程序可以属于非安全软件。Wherein, the at least one software program includes an application software program. Specifically, at least one software program may belong to non-secure software.
可选地,处理器阻止处理器所运行的至少一个软件程序对传感器数据的访问可以通过如下方式实现:处理器丢弃传感器数据或者将传感器数据用伪数据代替。Optionally, the processor preventing at least one software program run by the processor from accessing the sensor data may be implemented in the following manner: the processor discards the sensor data or replaces the sensor data with fake data.
可选地,处理器阻止处理器所运行的至少一个软件程序对传感器数据的访问也可以通过如下方式实现:处理器控制保护单元执行阻止低功耗处理器继续接收传感器数据的操作。Optionally, the processor preventing at least one software program running by the processor from accessing the sensor data can also be implemented in the following manner: the processor controls the protection unit to perform an operation that prevents the low-power processor from continuing to receive the sensor data.
可选地,第三方面提供的方法还包括:处理器判断用户是否正在执行密码输入。具体地,处理器判断用户是否正在执行密码输入的具体方式可以是:处理器通过状态标志位的指示判断用户是否正在执行密码输入。Optionally, the method provided by the third aspect further includes: the processor judging whether the user is performing password input. Specifically, the specific way for the processor to determine whether the user is performing the password input may be: the processor determines whether the user is performing the password input through the indication of the status flag bit.
可选地,第三方面提供的方法还包括处理器运行安全软件,并在安全软件检测到用户执行密码输入时设置状态标志位。其中,安全软件包括解锁软件。Optionally, the method provided by the third aspect further includes the processor running security software, and setting a status flag when the security software detects that the user performs a password input. Among them, the security software includes unlocking software.
可选地,传感器包括以下一种或多种:指南针、陀螺仪、加速度计、环境光传感器、接近光传感器、气压计、或霍尔传感器。Optionally, the sensor includes one or more of the following: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a Hall sensor.
附图说明Description of the drawings
图1为本申请实施例提供的一种电子设备的结构示意图;FIG. 1 is a schematic structural diagram of an electronic device provided by an embodiment of this application;
图2为本申请实施例提供的一种SoC中的软件模块的示意图;2 is a schematic diagram of a software module in an SoC provided by an embodiment of the application;
图3为本申请实施例提供的一种SoC中各软件模块所执行方案的流程示意图;FIG. 3 is a schematic flowchart of a solution executed by each software module in an SoC according to an embodiment of the application;
图4为本申请实施例提供的一种各个状态下应用接收到的数据的示意图;FIG. 4 is a schematic diagram of data received by an application in each state according to an embodiment of the application;
图5为本申请实施例提供的另一种集成芯片的结构示意图;FIG. 5 is a schematic structural diagram of another integrated chip provided by an embodiment of the application;
图6为本申请实施例提供的第一种保护单元的结构示意图;FIG. 6 is a schematic structural diagram of a first type of protection unit provided by an embodiment of this application;
图7为本申请实施例提供的第二种保护单元的结构示意图;FIG. 7 is a schematic structural diagram of a second type of protection unit provided by an embodiment of the application;
图8为本申请实施例提供的第三种保护单元的结构示意图;FIG. 8 is a schematic structural diagram of a third type of protection unit provided by an embodiment of this application;
图9为本申请实施例提供的第四种保护单元的结构示意图;FIG. 9 is a schematic structural diagram of a fourth type of protection unit provided by an embodiment of the application;
图10为本申请实施例提供的第五种保护单元的结构示意图;FIG. 10 is a schematic structural diagram of a fifth type of protection unit provided by an embodiment of this application;
图11为本申请实施例提供的第六种保护单元的结构示意图;FIG. 11 is a schematic structural diagram of a sixth type of protection unit provided by an embodiment of the application;
图12为本申请实施例提供的一种电子设备的结构示意图;FIG. 12 is a schematic structural diagram of an electronic device provided by an embodiment of this application;
图13为本申请实施例提供的一种数据处理方法的流程示意图。FIG. 13 is a schematic flowchart of a data processing method provided by an embodiment of this application.
具体实施方式detailed description
下面,首先对本申请实施例的应用场景进行介绍。本申请实施例可以应用于图1所示的电子设备中。如图1所示,该电子设备包括片上系统(system on chip,SoC)和传感器。其中,SoC包括处理器,具体包括应用处理器(application central processing unit,ACPU),也可进一步包括其他类型的处理器,如数字信号处理器、人工智能处理器或微控制器等。SoC还包括低功耗微处理器(low power micro control unit,LP MCU)。本申请实施例中,低功耗微处理器也可以称为低功耗处理器,其功耗低于所述处理器的功耗,例如低于应用处理器的功耗。其中,电子设备包括但不限于智能手机、智能手表、智能电视、平板电脑、虚拟现实(virtual reality,VR)设备、增强现实(augmented reality,AR)设备、物联网(internet of things,IoT)设备、个人计算机、手持式计算机、个人数字助理。In the following, the application scenario of the embodiment of the present application will be introduced first. The embodiments of the present application can be applied to the electronic device shown in FIG. 1. As shown in Figure 1, the electronic device includes a system on chip (system on chip, SoC) and a sensor. Among them, the SoC includes a processor, specifically an application processor (application central processing unit, ACPU), and may further include other types of processors, such as digital signal processors, artificial intelligence processors, or microcontrollers. SoC also includes low-power micro-control unit (LP MCU). In the embodiments of the present application, a low-power microprocessor may also be referred to as a low-power processor, and its power consumption is lower than the power consumption of the processor, for example, lower than the power consumption of an application processor. Among them, electronic devices include, but are not limited to, smart phones, smart watches, smart TVs, tablet computers, virtual reality (VR) devices, augmented reality (AR) devices, and Internet of things (IoT) devices , Personal computers, handheld computers, personal digital assistants.
在图1所示的电子设备中,传感器是电子设备中的用于感知外界数据或环境参数的设备,传感器可以是基于互联集成电路(inter-integrated circuit,I2C)总线或串行外设接口(serial peripheral interface,SPI)总线等接口的低速总线设备。可以理解,传感器使用的接口也可以是低速总线之外的接口,如高速总线,本实施例不做限定。传感器可用于对电子设备及其周围环境的状态(例如加速度、磁场强度、光强、气压)进行检测。示例性地,传感器可以是指南针、陀螺仪、加速度计、环境光传感器、接近光传感器、气压计、或霍尔传感器中的一种或多种。In the electronic device shown in Figure 1, the sensor is a device used to perceive external data or environmental parameters in the electronic device. The sensor can be based on an interconnected integrated circuit (inter-integrated circuit, I2C) bus or a serial peripheral interface ( Serial peripheral interface, SPI) bus and other low-speed bus devices. It can be understood that the interface used by the sensor may also be an interface other than a low-speed bus, such as a high-speed bus, which is not limited in this embodiment. The sensor can be used to detect the state of the electronic device and its surrounding environment (such as acceleration, magnetic field strength, light intensity, and air pressure). Exemplarily, the sensor may be one or more of a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, or a Hall sensor.
在图1所示的电子设备中,由于传感器通常需要在低功耗状态下工作,所以传感器一般使用低速总线挂接在SoC的低功耗处理器上。低功耗处理器主要用于对传感器数据进行 简单处理后传输至应用处理器,以便应用处理器对数据做后续处理。In the electronic device shown in FIG. 1, since the sensor usually needs to work in a low power consumption state, the sensor generally uses a low-speed bus to connect to the low-power processor of the SoC. The low-power processor is mainly used to simply process the sensor data and then transmit it to the application processor, so that the application processor can perform subsequent processing on the data.
在图1所示的电子设备中,应用处理器用于对电子设备各种功能及业务的处理,例如实现各应用软件(APP)的功能、为用户提供解锁服务等各类密码操作、对传感器进行控制和调度、对传感器数据进行处理等。特别地,应用处理器运行软件形成不同环境,如安全环境和非安全环境,即该软件可以分为安全软件侧和非安全软件侧。其中,涉及用户隐私以及支付安全等对安全级别要求较高的数据和程序位于安全软件侧,对安全级别要求不高的数据和程序位于非安全软件侧。非安全软件侧可以通过安全/非安全接口驱动发起数据请求,以获取安全软件侧的数据。本申请实施例中,解锁应用以及传感器数据处理应用位于安全软件侧。非安全软件侧对应普通环境,安全软件侧对应可信执行环境(TEE)。In the electronic device shown in Figure 1, the application processor is used to process various functions and services of the electronic device, such as implementing various application software (APP) functions, providing users with unlocking services and other password operations, and performing various password operations on sensors. Control and dispatch, process sensor data, etc. In particular, the application processor runs the software to form different environments, such as a secure environment and a non-secure environment, that is, the software can be divided into a secure software side and a non-secure software side. Among them, data and programs that require a higher level of security, such as user privacy and payment security, are located on the side of secure software, and data and programs that require less security level are located on the side of non-secure software. The non-safety software side can initiate a data request through the safety/non-safety interface driver to obtain data on the safety software side. In the embodiments of the present application, the unlocking application and the sensor data processing application are located on the side of the security software. The non-safe software side corresponds to the normal environment, and the safe software side corresponds to the trusted execution environment (TEE).
在现有技术中,以Android系统为例,用于进行传感器数据处理的应用软件虽然位于安全软件侧,但是Android系统中并未对传感器数据的访问权限做限定,也就是说安全软件侧或非安全软件侧的任何应用、服务和进程均可以在需要的时候访问传感器数据,传感器数据作为整个系统的公共资源,对所有应用、服务和进程开放。因此,在用户执行密码输入的过程中,攻击者可以轻易地获取传感器数据,并基于机器学习模型和海量学习数据,分析出获取的传感器数据可能对应的密码组合,对手机密码进行尝试破解。有鉴于此,本申请实施例提供一种集成芯片及数据处理方法,用以对传感器数据进行保护,避免攻击者在用户执行密码输入的过程中进行基于传感器的侧信道攻击,即避免用户密码被破解,从而为用户的密码安全和手机安全提供保障。In the prior art, taking the Android system as an example, although the application software used for sensor data processing is located on the security software side, the Android system does not limit the access rights of the sensor data, that is, the security software side may not Any application, service, and process on the security software side can access sensor data when needed. Sensor data, as a public resource of the entire system, is open to all applications, services, and processes. Therefore, when the user executes the password input process, the attacker can easily obtain the sensor data, and based on the machine learning model and massive learning data, analyze the possible password combination of the obtained sensor data, and try to crack the mobile phone password. In view of this, the embodiments of the present application provide an integrated chip and data processing method to protect sensor data and prevent attackers from performing sensor-based side-channel attacks during the user's password input process, that is, to prevent user passwords from being compromised. Cracking, so as to provide protection for the user's password security and mobile phone security.
具体地,本申请实施例提供的在密码输入中的数据处理装置可以包括处理器和低功耗处理器。其中,处理器可以是包括图1所示的电子设备中的应用处理器,还可包括必要的其他类型处理器,如微控制器、数字信号处理器或人工智能处理器等,低功耗处理器可以是图1所示的电子设备中的低功耗处理器。可选地,低功耗处理器是传感器集线器(Sensor Hub)。Specifically, the data processing device in password input provided in the embodiment of the present application may include a processor and a low-power processor. Among them, the processor may include the application processor in the electronic device shown in FIG. 1, and may also include other necessary types of processors, such as microcontrollers, digital signal processors or artificial intelligence processors, etc., low-power processing The processor may be a low-power processor in the electronic device shown in FIG. 1. Optionally, the low-power processor is a sensor hub (Sensor Hub).
其中,低功耗处理器用于接收传感器输出的传感器数据,并将传感器数据传输至处理器;处理器与低功耗处理器耦合,用于在用户执行密码输入的过程中,阻止处理器所运行的至少一个软件程序对传感器数据的访问;其中处理器的功耗高于低功耗处理器的功耗。Among them, the low-power processor is used to receive sensor data output by the sensor and transmit the sensor data to the processor; the processor is coupled with the low-power processor to prevent the processor from running when the user executes the password input process Access to sensor data by at least one software program; wherein the power consumption of the processor is higher than the power consumption of the low-power processor.
其中,至少一个软件程序包括应用软件程序,也可选择性包括其他类型软件,如驱动软件或插件等。该至少一个软件程序可以是非安全软件,即处理器运行软件形成安全环境和非安全环境,即该至少一个软件程序为非安全软件,该非安全软件可以通过安全/非安全接口驱动发起数据请求,以获取传感器数据。阻止处理器所运行的至少一个非安全软件程序对传感器数据的访问,有助于提高密码输入的安全性。Among them, the at least one software program includes an application software program, and can also optionally include other types of software, such as driver software or plug-ins. The at least one software program may be non-secure software, that is, the processor runs the software to form a secure environment and a non-secure environment, that is, the at least one software program is non-secure software, and the non-secure software can initiate a data request through a secure/non-secure interface driver, To obtain sensor data. Preventing at least one non-secure software program running by the processor from accessing sensor data helps improve the security of password input.
在本申请实施例提供的数据处理装置中,处理器并不是像现有技术那样允许传感器数据在任何时刻被任一应用获取,而是在用户执行密码输入的过程中,阻止处理器所运行的至少一个软件程序对传感器数据的访问,因而请求获取传感器数据的应用程序便无法获取传感器数据或者仅获取到固定的伪数据(即固定数值的数据,例如可以是如0x00、0xFF等)。这样的话,传感器数据不会再被软件程序(安全软件侧的应用或非安全软件侧的应用)任意获取,攻击者也就难以通过传感器数据破解用户密码。In the data processing device provided by the embodiment of the present application, the processor does not allow sensor data to be acquired by any application at any time as in the prior art, but prevents the processor from running when the user executes the password input process. At least one software program accesses the sensor data, so the application requesting to obtain the sensor data cannot obtain the sensor data or only obtains the fixed dummy data (that is, the fixed value data, for example, such as 0x00, 0xFF, etc.). In this case, the sensor data will no longer be arbitrarily obtained by software programs (applications on the security software side or applications on the non-security software side), and it is difficult for an attacker to crack the user password through the sensor data.
此外,在该数据处理装置中,处理器还可以用于:判断用户是否正在执行密码输入。 也就是说,处理器在判断用户正在执行密码输入的情况下,可以触发前述阻止至少一个软件程序对传感器数据的访问的操作。具体地,处理器可以通过状态标志位的指示判断用户是否正在执行密码输入。也就是说,本申请实施例中在处理器中设置一个状态标志位,用于指示用户是否正在执行密码输入。In addition, in the data processing device, the processor can also be used to determine whether the user is performing password input. In other words, when the processor determines that the user is performing password input, it can trigger the aforementioned operation of preventing at least one software program from accessing sensor data. Specifically, the processor can determine whether the user is performing password input through the indication of the status flag bit. That is, in the embodiment of the present application, a status flag bit is set in the processor to indicate whether the user is performing password input.
具体地,本申请实施例中,状态标志位可以位于安全软件侧,以防该状态标志位被恶意篡改。示例性地,状态标志位用于指示电子设备是否解锁成功。实际应用中可以这样设计:当状态标志位为第一数值时,状态标志位用于指示电子设备处于正在解锁状态;当状态标志位为第二数值时,状态标志位用于指示电子设备处于锁定状态;当状态标志位为第三数值时,状态标志位用于指示电子设备处于解锁状态。Specifically, in the embodiment of the present application, the status flag bit may be located on the side of the security software to prevent the status flag bit from being maliciously tampered with. Exemplarily, the status flag is used to indicate whether the electronic device is successfully unlocked. In practical applications, it can be designed as follows: when the status flag bit is the first value, the status flag bit is used to indicate that the electronic device is in the unlocking state; when the status flag bit is the second value, the status flag bit is used to indicate that the electronic device is locked Status: When the status flag bit is the third value, the status flag bit is used to indicate that the electronic device is in the unlocked state.
示例性地,状态标志位可以用Lockstatus表示。当Lockstatus=0时,表示电子设备处于锁定状态,即电子设备已被锁定;当Lockstatus=1时,表示电子设备处于正在解锁状态,即用户正在进行解锁操作;当Lockstatus=2时,表示电子设备处于解锁状态,即电子设备已解除锁定。需要说明的是,本申请实施例以解锁场景为例描述用于输入密码的一种应用场景,使得本方案较好适用于这种场景。需理解,本实施例涉及的用户执行密码输入时的数据处理方案也可适用于其他具有密码输入的场景,而不仅限于解锁场景。Exemplarily, the status flag bit can be represented by Lockstatus. When Lockstatus=0, it means that the electronic device is locked, that is, the electronic device has been locked; when Lockstatus=1, it means that the electronic device is unlocking, that is, the user is unlocking; when Lockstatus=2, it means that the electronic device is unlocked. In the unlocked state, that is, the electronic device has been unlocked. It should be noted that the embodiment of the present application uses an unlocking scenario as an example to describe an application scenario for inputting a password, so that this solution is better suitable for this scenario. It should be understood that the data processing scheme when the user performs password input involved in this embodiment can also be applied to other scenarios with password input, and is not limited to the unlocking scenario.
本申请实施例中,状态标志位可以通过如下方式设置:处理器运行安全软件,并在安全软件(例如可以是解锁软件)检测到用户执行密码输入时设置该状态标志位。In the embodiment of the present application, the status flag bit can be set in the following manner: the processor runs the security software and sets the status flag bit when the security software (for example, unlocking software) detects that the user performs a password input.
此外,在状态标志位指示电子设备处于锁定状态或解锁状态时,处理器可以不再阻止应用程序对传感器数据的访问。也就是说,在用户未执行密码输入操作的情况下,传感器数据可以被安全软件侧或非安全软件侧的应用程序获取。In addition, when the status flag indicates that the electronic device is in a locked state or an unlocked state, the processor can no longer prevent the application from accessing the sensor data. That is, in the case that the user does not perform a password input operation, the sensor data can be obtained by the application on the secure software side or the non-secure software side.
如前所述,攻击者在进行基于传感器的侧信道攻击时,需要利用用户执行密码输入时的传感器数据。若处理器确定用户未执行密码输入过程,则此时攻击者无法进行基于传感器的侧信道攻击,因而可以通过安全/非安全接口响应至少一个软件程序获取传感器数据的请求,实现正常的应用功能。As mentioned earlier, when an attacker conducts a sensor-based side-channel attack, he needs to use the sensor data when the user performs a password input. If the processor determines that the user has not performed the password input process, the attacker cannot perform a sensor-based side-channel attack at this time, and therefore can respond to at least one software program's request for sensor data through the secure/non-secure interface to achieve normal application functions.
在本申请实施例提供的数据处理装置中,低功耗处理器和处理器可以集成在一个集成芯片中。示例性地,该集成芯片可以是图1所示的电子设备中的SoC。当然,实际应用中,低功耗处理器和处理器也可以分别集成在不同芯片中,例如处理器集成在SoC,低功耗处理器作为单独芯片与SoC耦合。本实施例对SoC存在的各种可能的变形不做限定。In the data processing device provided by the embodiment of the present application, the low-power processor and the processor may be integrated in an integrated chip. Exemplarily, the integrated chip may be the SoC in the electronic device shown in FIG. 1. Of course, in practical applications, the low-power processor and the processor may also be integrated in different chips, for example, the processor is integrated in the SoC, and the low-power processor is coupled to the SoC as a separate chip. This embodiment does not limit various possible variations of the SoC.
如图1所示的电子设备中的描述,应用处理器中的应用软件可以处于安全软件侧或非安全软件侧。那么,对于上述处理器中的相应功能,也可以通过位于安全软件侧或非安全软件侧的软件模块来配合实现。As described in the electronic device shown in FIG. 1, the application software in the application processor may be on the secure software side or the non-secure software side. Then, the corresponding functions in the above-mentioned processor can also be implemented cooperatively by software modules located on the secure software side or the non-secure software side.
示例性地,以处理器为ACPU、低功耗处理器为LP MCU,且ACPU和LP MCU集成在SoC中为例,ACPU和LP MCU中的软件模块划分可以如图2所示。ACPU中包括五个软件模块:解锁应用与解锁服务、安全/非安全接口驱动、传感器框架服务、传感器数据处理模块和普通上层应用,以上各个模块是软件系统内的软件模块,软件系统也叫系统软件,可以包括其他软件模块,本实施例不限定。软件系统包括操作系统、插件、中间件和应用软件等。LP MCU中包括传感器驱动。此外,传感器驱动还与传感器硬件耦合,例如运行于耦合在传感器硬件上的LP MCU核上。传感器硬件中可以包括各种类型的传感器,具体参照之前实施例介绍。Illustratively, taking the processor as the ACPU, the low-power processor as the LP MCU, and the ACPU and the LP MCU are integrated in the SoC as an example, the division of software modules in the ACPU and the LP MCU may be as shown in FIG. 2. ACPU includes five software modules: unlocking application and unlocking service, secure/non-secure interface driver, sensor frame service, sensor data processing module and ordinary upper-level application. The above modules are software modules in the software system, and the software system is also called the system The software may include other software modules, which is not limited in this embodiment. Software systems include operating systems, plug-ins, middleware, and application software. The LP MCU includes sensor drivers. In addition, the sensor driver is also coupled with the sensor hardware, such as running on the LP MCU core coupled to the sensor hardware. The sensor hardware may include various types of sensors. For details, refer to the introduction in the previous embodiment.
其中,解锁应用与解锁服务用于在系统软件需要解锁时发起解锁操作,引导用户解锁, 输出状态标志位至传感器数据处理模块;安全/非安全接口驱动用于安全软件侧与非安全软件侧的数据传输交互,非安全侧的普通上层应用发起数据请求,驱动返回请求的数据或状态;传感器框架服务是传感器软件在系统软件中的实现,用于更高层软件对传感器的控制与调度,数据传送到传感器数据处理模块后,通过安全/非安全接口发送至非安全软件侧的应用;传感器数据处理模块用于处理传感器框架服务传输的传感器数据,在状态标志位的控制下进行数据处理流程;普通上层应用是指一般的Android应用,该应用需要获取传感器数据时通过调用安全/非安全接口驱动请求传感器数据。传感器驱动是传感器硬件与系统软件的交互模块,传感器驱动通过底层代码实现对低速总线的控制和数据传输,同时简单处理传感器数据后送到传感器框架服务。Among them, the unlocking application and the unlocking service are used to initiate the unlocking operation when the system software needs to be unlocked, guide the user to unlock, and output the status flag to the sensor data processing module; the secure/non-secure interface driver is used for the secure software side and the non-secure software side. Data transmission interaction, the normal upper-layer application on the non-secure side initiates a data request and drives to return the requested data or status; the sensor framework service is the realization of the sensor software in the system software, used for higher-level software to control and schedule the sensor, and data transmission After reaching the sensor data processing module, it is sent to the application on the non-safety software side through the safety/non-safety interface; the sensor data processing module is used to process the sensor data transmitted by the sensor frame service, and the data processing flow is carried out under the control of the status flag; The upper-level application refers to a general Android application. When the application needs to obtain sensor data, it drives to request sensor data by calling a secure/non-secure interface. The sensor driver is an interactive module between sensor hardware and system software. The sensor driver realizes the control and data transmission of the low-speed bus through the underlying code, and at the same time simply processes the sensor data and sends it to the sensor frame service.
在图2所示的模块架构中,解锁应用与解锁服务、传感器框架服务以及传感器数据处理模块位于安全软件侧,普通上层应用位于非安全软件侧。其中,解锁应用与解锁服务用于输出状态标志位,传感器数据处理模块用于根据状态标志位对传感器框架服务传输的传感器数据进行处理。In the module architecture shown in Figure 2, the unlocking application and unlocking service, the sensor frame service, and the sensor data processing module are located on the secure software side, and the common upper-layer applications are located on the non-secure software side. Among them, the unlocking application and the unlocking service are used to output status flags, and the sensor data processing module is used to process the sensor data transmitted by the sensor frame service according to the status flags.
具体地,传感器数据处理模块可以周期性地轮询访问该状态标志位(例如访问周期为几十ms),如果轮询到的结果为正在解锁状态(即用户正在执行密码输入这一场景的一个具体示例),那么此时将传感器数据处理模块与传感器框架服务之间的数据通道切换为断开状态,不响应安全/非安全接口的数据请求。可选地,传感器数据处理模块通知传感器框架服务清空传感器数据,或向安全/非安全接口驱动传输固定的传感器伪数据,如0x00,0xFF等,同时通知传感器框架服务清空传感器数据;如果轮询到的结果指示电子设备处于解锁状态或锁定状态,那么将数据通道设置为正常状态,使得普通上层应用可以通过安全/非安全接口驱动正常请求、获取到传感器数据,实现正常的应用功能,如图3所示。Specifically, the sensor data processing module can periodically poll to access the status flag (for example, the access cycle is tens of ms), if the polling result is unlocking (that is, the user is performing a password input scenario) Specific example), then the data channel between the sensor data processing module and the sensor frame service is switched to the disconnected state at this time, and the data request of the secure/non-secure interface is not responded. Optionally, the sensor data processing module notifies the sensor framework service to clear the sensor data, or transmits fixed sensor dummy data, such as 0x00, 0xFF, etc. to the secure/non-secure interface driver, and at the same time notifies the sensor framework service to clear the sensor data; if polled The result indicates that the electronic device is in the unlocked state or locked state, then the data channel is set to the normal state, so that ordinary upper-layer applications can drive normal requests through the secure/non-secure interface, obtain sensor data, and achieve normal application functions, as shown in Figure 3. Shown.
示例性地,在电子设备处于不同状态(正在解锁状态、解锁状态、锁定状态)时,普通上层应用接收到的数据可以如图4所示。在图4所示的方案1中,电子设备处于锁定状态和解锁状态时,普通上层应用接收到正常的传感器数据;电子设备处于正在解锁状态时,普通上层应用无法接收到数据。在图5所示的方案2中,电子设备处于锁定状态和解锁状态时,普通上层应用接收到正常的传感器数据;电子设备处于正在解锁状态时,普通上层应用接收到固定的伪数据。Exemplarily, when the electronic device is in different states (unlocking state, unlocked state, locked state), the data received by the ordinary upper-layer application may be as shown in FIG. 4. In the scheme 1 shown in FIG. 4, when the electronic device is in the locked state and the unlocked state, the ordinary upper-layer application receives normal sensor data; when the electronic device is in the unlocking state, the ordinary upper-layer application cannot receive data. In scheme 2 shown in FIG. 5, when the electronic device is in the locked state and the unlocked state, the ordinary upper-layer application receives normal sensor data; when the electronic device is in the unlocking state, the ordinary upper-layer application receives fixed dummy data.
具体地,本申请实施例中,处理器在阻止处理器所运行的至少一个软件程序对传感器数据的访问,可以通过软件方式实现,也可以通过硬件方式实现。下面对这两种方式分别进行介绍。Specifically, in the embodiment of the present application, the processor preventing at least one software program running by the processor from accessing sensor data can be implemented in a software manner or in a hardware manner. The two methods are introduced separately below.
一、软件方式1. Software method
处理器在阻止处理器所运行的至少一个软件程序对传感器数据的访问时,具体可通过如下方式实现:丢弃传感器数据或者将传感器数据用伪数据代替。也就是说,处理器在用户执行密码输入的过程中,可以丢弃传感器数据或者将传感器数据用伪数据代替,那么请求获取传感器数据的应用程序便无法获取传感器数据或者仅获取到固定的伪数据,攻击者也就难以通过传感器数据破解用户密码。When the processor prevents at least one software program running by the processor from accessing the sensor data, it can be specifically implemented in the following manner: discarding the sensor data or replacing the sensor data with fake data. In other words, the processor can discard the sensor data or replace the sensor data with dummy data when the user performs the password input. Then the application requesting the sensor data cannot obtain the sensor data or only obtain the fixed dummy data. It is also difficult for an attacker to crack user passwords through sensor data.
二、硬件方式Second, the hardware method
本申请实施例提供的数据处理装置还可以包括:保护单元,用于在处理器的控制下阻止低功耗处理器继续接收传感器数据;那么,处理器在阻止处理器所运行的至少一个软件程序对传感器数据的访问时,具体通过如下方式实现:处理器控制保护单元执行阻止低功 耗处理器继续接收传感器数据的操作。本申请实施例中,可以在传感器和低功耗处理器之间设置保护单元,如图5所示,从而在用户输入密码时通过保护单元执行阻止低功耗处理器继续接收传感器数据的操作,那么请求获取传感器数据的应用程序便无法获取传感器数据或者仅获取到固定的伪数据,攻击者也就难以通过传感器数据破解用户密码。The data processing device provided by the embodiment of the present application may further include: a protection unit, configured to prevent the low-power processor from continuing to receive sensor data under the control of the processor; then, the processor is preventing at least one software program running by the processor The access to sensor data is specifically implemented in the following manner: the processor controls the protection unit to perform an operation that prevents the low-power processor from continuing to receive sensor data. In the embodiment of the present application, a protection unit may be provided between the sensor and the low-power processor, as shown in FIG. 5, so that when the user enters a password, the protection unit performs an operation to prevent the low-power processor from continuing to receive sensor data. Then the application requesting to obtain the sensor data cannot obtain the sensor data or only obtain the fixed fake data, and it is difficult for an attacker to crack the user password through the sensor data.
具体地,保护单元具体用于:在处理器的控制下阻止低功耗处理器和传感器之间的传感器数据连接。保护单元阻止低功耗处理器和传感器之间的传感器数据连接,可以通过不同的方式实现,例如保护单元可以去使能传感器与低功耗处理器之间的接口,或者,保护单元可以去使能接口的数据传输功能,或者,保护单元可以去使能传感器与低功耗处理器之间的数据线,或者,保护单元可以将数据线设置为预设电平。此外,保护单元还可以直接去使能传感器。Specifically, the protection unit is specifically configured to prevent the sensor data connection between the low-power processor and the sensor under the control of the processor. The protection unit prevents the sensor data connection between the low-power processor and the sensor, which can be implemented in different ways. For example, the protection unit can disable the interface between the sensor and the low-power processor, or the protection unit can disable the interface between the sensor and the low-power processor. The data transmission function can be interfaced, or the protection unit can disable the data line between the sensor and the low-power processor, or the protection unit can set the data line to a preset level. In addition, the protection unit can also directly disable the sensor.
具体应用中,保护单元有多种实现方式,下面列举其中的几种。In specific applications, the protection unit can be implemented in multiple ways, several of which are listed below.
第一种实现方式The first way to achieve
在第一种实现方式中,保护单元包括有源晶体管,该有源晶体管与低功耗处理器与传感器之间的数据总线耦合,用于在解锁状态标志位指示电子设备处于正在解锁状态时将该数据总线的电平拉高或拉低。In the first implementation manner, the protection unit includes an active transistor, which is coupled to the data bus between the low-power processor and the sensor, and is used to switch the electronic device into the unlocking state when the unlock state flag bit indicates The level of the data bus is pulled high or low.
具体地,以有源晶体管为金属氧化物半导体(metal oxide semiconductor,MOS)为例,若解锁状态标志位指示电子设备处于正在解锁状态时,MOS的栅极输入高电平,从而使得MOS管导通,将低功耗处理器与传感器之间的数据总线的电平拉高或拉低,这取决于晶体管连接的电压是高电平还是低电平,此时保护单元向低功耗处理器输出高电平或低电平,那么攻击者就难以获取传感器数据并通过传感器数据破解用户密码。本申请实施例中,有源晶体管的类型可以有多种,例如可以是MOS或者双极结型晶体管(bipolar junction transistor,BJT),本申请实施例中对有源晶体管的具体类型不做限定。Specifically, taking the active transistor as a metal oxide semiconductor (MOS) as an example, if the unlock state flag indicates that the electronic device is in the unlocking state, the gate of the MOS inputs a high level, so that the MOS transistor is turned on. Through, the level of the data bus between the low-power processor and the sensor is pulled up or down, depending on whether the voltage connected to the transistor is high or low. At this time, the protection unit sends the low-power processor to the low-power processor. If the output is high or low, it will be difficult for an attacker to obtain sensor data and use the sensor data to crack the user's password. In the embodiments of the present application, there may be multiple types of active transistors, such as MOS or bipolar junction transistor (BJT). The specific types of active transistors are not limited in the embodiments of the present application.
示例地,保护单元为有源晶体管时,有源晶体管与传感器以及低功耗处理器之间的连接关系可以如图6所示。在图6的示例a中,有源晶体管用于根据处理器输出的解锁状态标志位将数据总线拉高(高电平);在图6的示例b中,有源晶体管用于根处理器输出的解锁状态标志位将数据总线拉低(GND)。For example, when the protection unit is an active transistor, the connection relationship between the active transistor, the sensor and the low-power processor may be as shown in FIG. 6. In the example a of Figure 6, the active transistor is used to pull the data bus high (high level) according to the unlock state flag output by the processor; in the example b of Figure 6, the active transistor is used for the root processor output The unlocked status flag bit pulls the data bus low (GND).
此外,在第一种实现方式中,有源晶体管也可以采用能将总线电平固定的其他器件实现,本申请实施例对此不做具体限定。In addition, in the first implementation manner, the active transistor can also be implemented by other devices that can fix the bus level, which is not specifically limited in the embodiment of the present application.
第二种实现方式The second way to achieve
在第二种实现方式中,保护单元包括模拟开关,该模拟开关与低功耗处理器与传感器之间的数据总线耦合,用于在解锁状态标志位指示电子设备处于正在解锁状态时使能。In the second implementation manner, the protection unit includes an analog switch, which is coupled to the data bus between the low-power processor and the sensor, and is used for enabling when the unlocking state flag indicates that the electronic device is in the unlocking state.
也就是说,可以在传感器与低功耗处理器之间的数据总线上增加模拟开关,该模拟开关默认处于使能状态,使数据总线导通。在检测到电子设备处于正在解锁状态时,通过处理器控制模拟开关的使能信号,使模拟开关处于去使能状态,断开传感器与低功耗处理器之间的数据总线,如图7所示。That is to say, an analog switch can be added to the data bus between the sensor and the low-power processor, and the analog switch is in the enabled state by default to turn on the data bus. When it is detected that the electronic device is in the unlocking state, the processor controls the enable signal of the analog switch to make the analog switch in the disabled state, and disconnect the data bus between the sensor and the low-power processor, as shown in Figure 7. Show.
第三种实现方式The third way to achieve
在第三种实现方式中,保护单元包括第一寄存器,第一寄存器用于存储解锁状态标志位并输出至低功耗处理器的输入/输出(input/output,IO)接口,并控制IO接口在解锁状态标志位指示电子设备处于正在解锁状态时切换为通用输入输出(general-purpose input/output,GPIO)功能。In the third implementation manner, the protection unit includes a first register, the first register is used to store the unlock state flag bit and output to the input/output (input/output, IO) interface of the low-power processor, and to control the IO interface When the unlock state flag indicates that the electronic device is in the unlocking state, it switches to a general-purpose input/output (GPIO) function.
在第三种实现方式中,处理器和低功耗处理器的IO接口支持功能复用,具体地,IO接口支持数据接口和GPIO接口功能复用。具体实现中,IO接口的复用选择信号可以由第一寄存器控制,IO接口默认设置为数据接口;检测到电子设备处于正在解锁状态时,通过第一寄存器控制IO复用选择信号,使得IO接口的功能切换到GPIO,从而达到切断传感器数据的传输通道的效果,如图8所示。In the third implementation manner, the IO interface of the processor and the low-power processor supports function multiplexing. Specifically, the IO interface supports the function multiplexing of the data interface and the GPIO interface. In specific implementation, the multiplexing selection signal of the IO interface can be controlled by the first register, and the IO interface is set as the data interface by default; when it is detected that the electronic device is in the unlocking state, the IO multiplexing selection signal is controlled through the first register to make the IO interface The function is switched to GPIO, so as to achieve the effect of cutting off the transmission channel of sensor data, as shown in Figure 8.
第四种实现方式The fourth way to achieve
在第四种实现方式中,保护单元包括第二寄存器,该第二寄存器与处理器耦合,用于存储解锁状态标志位并输出至低功耗处理器的IO接口,并控制IO接口在解锁状态标志位指示电子设备处于正在解锁状态时去使能。In the fourth implementation manner, the protection unit includes a second register, which is coupled with the processor, and is used to store the unlock state flag bit and output to the IO interface of the low-power processor, and control the IO interface in the unlock state The flag bit indicates that the electronic device is disabled when it is in the unlocking state.
在第四种实现方式中,处理器和低功耗处理器的IO接口支持使能与去使能的状态切换。在默认情况下,IO接口处于使能状态。检测到电子设备处于正在解锁状态时,通过第二寄存器控制IO接口切换到去使能状态,从而达到切断传感器数据的传输通道的效果,如图9所示。In the fourth implementation manner, the IO interface of the processor and the low-power processor supports state switching of enabling and disabling. By default, the IO interface is in the enabled state. When it is detected that the electronic device is in the unlocking state, the IO interface is controlled to switch to the disabled state through the second register, so as to achieve the effect of cutting off the transmission channel of the sensor data, as shown in FIG. 9.
第五种实现方式The fifth way to achieve
在第五种实现方式中,保护单元包括电源管理单元(power management unit,PMU),PMU用于在解锁状态标志位指示电子设备处于正在解锁状态时将传感器下电。具体地,PMU分别与应用处理器和传感器耦合,若检测到电子设备处于正在解锁状态,PMU在应用处理器的控制下给传感器下电,从而达到切断传感器数据的传输通道的效果,如图10所示。In the fifth implementation manner, the protection unit includes a power management unit (PMU), and the PMU is used to power off the sensor when the unlock state flag indicates that the electronic device is in the unlocking state. Specifically, the PMU is respectively coupled with the application processor and the sensor. If it is detected that the electronic device is unlocking, the PMU will power off the sensor under the control of the application processor, so as to cut off the sensor data transmission channel, as shown in Figure 10. Shown.
此外,在第五种实现方式中,存在一种可替换的实现方式,如果传感器支持通过复位信号上电复位,那么在检测到电子设备处于正在解锁状态时,应用处理器可以向传感器的RST管脚发送复位信号,使传感器处于复位态,或者向传感器的ENA管脚发送去使能信号,使传感器处于去使能状态,从而使得传感器无法输出传感器数据,从而达到切断传感器数据的传输通道的效果,如图11所示。In addition, in the fifth implementation, there is an alternative implementation. If the sensor supports power-on reset through the reset signal, then when it is detected that the electronic device is in the unlocking state, the application processor can send the sensor to the RST tube of the sensor. The pin sends a reset signal to make the sensor in the reset state, or sends a de-enable signal to the ENA pin of the sensor to make the sensor in the de-enable state, so that the sensor cannot output sensor data, thereby achieving the effect of cutting off the sensor data transmission channel , As shown in Figure 11.
综上,采用本申请实施例提供的数据处理装置,在用户执行密码输入的过程中,处理器阻止处理器所运行的至少一个软件程序对传感器数据的访问,因而请求获取传感器数据的应用程序便无法获取传感器数据或者仅获取到固定的伪数据。与现有技术相比,传感器数据不会再被软件程序(安全软件侧的应用或非安全软件侧的应用)任意获取,攻击者也就难以通过传感器数据破解用户密码。In summary, using the data processing device provided by the embodiment of the present application, during the password input process of the user, the processor prevents at least one software program running by the processor from accessing sensor data, so the application program that requests sensor data is convenient. Unable to obtain sensor data or only fixed fake data. Compared with the prior art, sensor data will no longer be arbitrarily obtained by software programs (applications on the secure software side or applications on the non-secure software side), and it is difficult for an attacker to crack the user password through the sensor data.
基于同一发明构思,本申请实施例还提供一种电子设备,该电子设备包括前述数据处理装置和传感器,如图12所示。所述数据处理装置可对应图1所示的片上系统,传感器对应图1和之前实施例的描述。该电子设备可以是设备整机也可以是其中部分组件。该电子设备包括但不限于智能手机。Based on the same inventive concept, an embodiment of the present application also provides an electronic device, which includes the aforementioned data processing device and sensor, as shown in FIG. 12. The data processing device may correspond to the system-on-chip shown in FIG. 1, and the sensor corresponds to the description of FIG. 1 and the previous embodiment. The electronic device can be a complete device or part of its components. This electronic device includes but is not limited to a smart phone.
基于同一发明构思,本申请实施例还提供一种在密码输入中的数据处理方法。如图13所示,该方法包括如下步骤。Based on the same inventive concept, the embodiment of the present application also provides a data processing method in password input. As shown in Figure 13, the method includes the following steps.
S1301:低功耗处理器接收传感器输出的传感器数据,并将传感器数据传输至处理器。S1301: The low-power processor receives sensor data output by the sensor, and transmits the sensor data to the processor.
S1302:处理器在用户执行密码输入的过程中,阻止处理器所运行的至少一个软件程序对传感器数据的访问。其中处理器的功耗高于低功耗处理器的功耗。S1302: The processor prevents at least one software program run by the processor from accessing the sensor data during the password input process by the user. The power consumption of the processor is higher than the power consumption of the low-power processor.
需要说明的是,图13所示的数据处理方法可以视为前述数据处理装置所执行的方法,图13所示的数据处理方法中未详尽描述的实现方式可以参见前述数据处理装置中的相关 描述。It should be noted that the data processing method shown in FIG. 13 can be regarded as the method performed by the aforementioned data processing device, and the implementation of the data processing method shown in FIG. 13 that is not described in detail can be referred to the relevant description in the aforementioned data processing device. .
显然,本领域的技术人员可以对本申请实施例进行各种改动和变型而不脱离本申请实施例的范围。这样,倘若本申请实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the scope of the embodiments of the present application. In this way, if these modifications and variations of the embodiments of the present application fall within the scope of the claims of the present application and their equivalent technologies, the present application also intends to include these modifications and variations.

Claims (15)

  1. 一种在密码输入中的数据处理装置,其特征在于,包括:A data processing device in password input, which is characterized in that it comprises:
    低功耗处理器,用于接收传感器输出的传感器数据,并将所述传感器数据传输至处理器;A low-power processor for receiving sensor data output by the sensor and transmitting the sensor data to the processor;
    所述处理器,与所述低功耗处理器耦合,用于在用户执行密码输入的过程中,阻止所述处理器所运行的至少一个软件程序对所述传感器数据的访问;其中所述处理器的功耗高于所述低功耗处理器的功耗。The processor is coupled with the low-power processor, and is configured to prevent at least one software program run by the processor from accessing the sensor data during the password input process by the user; wherein the processing The power consumption of the processor is higher than the power consumption of the low-power processor.
  2. 如权利要求1所述的数据处理装置,其特征在于,所述至少一个软件程序包括应用软件程序。The data processing device according to claim 1, wherein the at least one software program includes an application software program.
  3. 如权利要求1或2所述的数据处理装置,其特征在于,所述至少一个软件程序属于非安全软件。The data processing device according to claim 1 or 2, wherein the at least one software program is non-secure software.
  4. 如权利要求1~3任一项所述的数据处理装置,其特征在于,所述处理器在阻止所述处理器所运行的至少一个软件程序对所述传感器数据的访问时,具体用于:丢弃所述传感器数据或者将所述传感器数据用伪数据代替。The data processing device according to any one of claims 1 to 3, wherein the processor is specifically configured to prevent at least one software program running by the processor from accessing the sensor data: Discard the sensor data or replace the sensor data with dummy data.
  5. 如权利要求1~4任一项所述的数据处理装置,其特征在于,还包括:保护单元,用于在所述处理器的控制下阻止所述低功耗处理器继续接收所述传感器数据;The data processing device according to any one of claims 1 to 4, further comprising: a protection unit configured to prevent the low-power processor from continuing to receive the sensor data under the control of the processor ;
    所述处理器在阻止所述处理器所运行的至少一个软件程序对所述传感器数据的访问时,具体用于控制所述保护单元执行阻止所述低功耗处理器继续接收所述传感器数据的操作。When the processor prevents at least one software program running by the processor from accessing the sensor data, it is specifically configured to control the protection unit to execute a function that prevents the low-power processor from continuing to receive the sensor data. operating.
  6. 如权利要求5所述的数据处理装置,其特征在于,所述保护单元具体用于:在所述处理器的控制下阻止所述低功耗处理器和所述传感器之间的传感器数据连接。5. The data processing device according to claim 5, wherein the protection unit is specifically configured to block the sensor data connection between the low power consumption processor and the sensor under the control of the processor.
  7. 如权利要求6所述的数据处理装置,其特征在于,所述保护单元在阻止所述传感器数据连接时,具体用于:去使能所述传感器与所述低功耗处理器之间的接口或去使能所述接口的数据传输功能或去使能所述传感器与所述低功耗处理器之间的数据线或将所述数据线设置为预设电平。The data processing device according to claim 6, wherein the protection unit is specifically configured to: disable the interface between the sensor and the low-power processor when the protection unit prevents the sensor data connection Or disabling the data transmission function of the interface or disabling the data line between the sensor and the low-power processor or setting the data line to a preset level.
  8. 如权利要求6所述的数据处理装置,其特征在于,所述保护单元在阻止所述传感器数据连接时,具体用于:去使能所述传感器。7. The data processing device according to claim 6, wherein the protection unit is specifically configured to: disable the sensor when preventing the sensor from connecting to data.
  9. 如权利要求1~8任一项所述的数据处理装置,其特征在于,所述处理器还用于:判断用户是否正在执行所述密码输入。8. The data processing device according to any one of claims 1 to 8, wherein the processor is further configured to determine whether the user is performing the password input.
  10. 如权利要求9所述的数据处理装置,其特征在于,所述处理器在判断用户是否正 在执行所述密码输入时,具体用于:通过状态标志位的指示判断用户是否正在执行所述密码输入。The data processing device according to claim 9, wherein when the processor determines whether the user is performing the password input, it is specifically configured to determine whether the user is performing the password input through the indication of the status flag bit .
  11. 如权利要求10所述的数据处理装置,其特征在于,所述处理器还用于:运行安全软件,并在所述安全软件检测到用户执行所述密码输入时设置所述状态标志位。The data processing device according to claim 10, wherein the processor is further configured to run security software, and set the status flag when the security software detects that the user performs the password input.
  12. 如权利要求11所述的数据处理装置,其特征在于,所述安全软件包括解锁软件。The data processing device according to claim 11, wherein the security software includes unlocking software.
  13. 如权利要求1~12任一项所述的数据处理装置,其特征在于,所述传感器包括以下一种或多种:指南针、陀螺仪、加速度计、环境光传感器、接近光传感器、气压计、或霍尔传感器。The data processing device according to any one of claims 1 to 12, wherein the sensor comprises one or more of the following: a compass, a gyroscope, an accelerometer, an ambient light sensor, a proximity light sensor, a barometer, Or Hall sensor.
  14. 一种电子设备,其特征在于,包括如1~13任一项所述的数据处理装置和传感器。An electronic device, characterized by comprising the data processing device and sensor according to any one of 1-13.
  15. 一种在密码输入中的数据处理方法,其特征在于,包括:A data processing method in password input, which is characterized in that it includes:
    低功耗处理器接收传感器输出的传感器数据,并将所述传感器数据传输至处理器;The low-power processor receives sensor data output by the sensor, and transmits the sensor data to the processor;
    所述处理器在用户执行密码输入的过程中,阻止处理器所运行的至少一个软件程序对所述传感器数据的访问;其中所述处理器的功耗高于所述低功耗处理器的功耗。The processor prevents at least one software program run by the processor from accessing the sensor data during the password input by the user; wherein the power consumption of the processor is higher than that of the low-power processor. Consumption.
PCT/CN2019/103118 2019-08-28 2019-08-28 Method for processing data during password input, data processing apparatus, and electronic device WO2021035582A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201980007039.7A CN112740204A (en) 2019-08-28 2019-08-28 Data processing method, data processing device and electronic equipment in password input
PCT/CN2019/103118 WO2021035582A1 (en) 2019-08-28 2019-08-28 Method for processing data during password input, data processing apparatus, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/103118 WO2021035582A1 (en) 2019-08-28 2019-08-28 Method for processing data during password input, data processing apparatus, and electronic device

Publications (1)

Publication Number Publication Date
WO2021035582A1 true WO2021035582A1 (en) 2021-03-04

Family

ID=74684961

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/103118 WO2021035582A1 (en) 2019-08-28 2019-08-28 Method for processing data during password input, data processing apparatus, and electronic device

Country Status (2)

Country Link
CN (1) CN112740204A (en)
WO (1) WO2021035582A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106790988A (en) * 2016-11-23 2017-05-31 惠州Tcl移动通信有限公司 Fingerprint sensor false triggering control method and system are prevented based on mobile terminal
CN108347528A (en) * 2018-01-30 2018-07-31 广东欧珀移动通信有限公司 Electronic equipment falls based reminding method and Related product
CN108377293A (en) * 2018-01-31 2018-08-07 广东欧珀移动通信有限公司 Electronic device falls control method and Related product
CN108781234A (en) * 2017-06-09 2018-11-09 华为技术有限公司 Function control method and terminal
CN109101155A (en) * 2013-09-09 2018-12-28 苹果公司 The device and method of user interface are manipulated for inputting based on fingerprint sensor

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102013003205A1 (en) * 2013-02-26 2014-08-28 Giesecke & Devrient Gmbh Secure access code entry procedure

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109101155A (en) * 2013-09-09 2018-12-28 苹果公司 The device and method of user interface are manipulated for inputting based on fingerprint sensor
CN106790988A (en) * 2016-11-23 2017-05-31 惠州Tcl移动通信有限公司 Fingerprint sensor false triggering control method and system are prevented based on mobile terminal
CN108781234A (en) * 2017-06-09 2018-11-09 华为技术有限公司 Function control method and terminal
CN108347528A (en) * 2018-01-30 2018-07-31 广东欧珀移动通信有限公司 Electronic equipment falls based reminding method and Related product
CN108377293A (en) * 2018-01-31 2018-08-07 广东欧珀移动通信有限公司 Electronic device falls control method and Related product

Also Published As

Publication number Publication date
CN112740204A (en) 2021-04-30

Similar Documents

Publication Publication Date Title
EP3198516B1 (en) Method for privileged mode based secure input mechanism
US9026712B2 (en) USB device control using endpoint type detection during enumeration
US10360369B2 (en) Securing sensor data
KR101952226B1 (en) Secure interaction method and device
US8893295B2 (en) Secure and private location
US8738904B2 (en) Electronic devices and methods for sharing encryption settings in dual operating systems
US8954747B2 (en) Protecting keystrokes received from a keyboard in a platform containing embedded controllers
KR101654778B1 (en) Hardware-enforced access protection
EP2181394B1 (en) Method of protecting input/output packet of usb device and apparatus thereof
CN101535957A (en) System and method for sharing atrusted platform module
US20150271160A1 (en) System and method for provisioning secrets to an application (ta) on a device
CN113192237B (en) Internet of things equipment supporting TEE and REE and method for realizing communication between TEE and REE
US9537738B2 (en) Reporting platform information using a secure agent
EP3646180A1 (en) Camera usage notification
CN108090376B (en) CAN bus data protection method and system based on TrustZone
US20160180080A1 (en) Protecting user input against focus change
CN110276214A (en) A kind of credible SOC framework of double-core and method based on slave access protection
WO2021035582A1 (en) Method for processing data during password input, data processing apparatus, and electronic device
EP3044721B1 (en) Automatic pairing of io devices with hardware secure elements
WO2017107053A1 (en) Isolated remotely-virtualized mobile computing environment
CN114826785B (en) Dynamic protection method, system-on-chip, electronic device and medium
US20190356655A1 (en) Techniques of using facial recognition to authenticate kvm users at service processor
CN110851885A (en) Embedded system safety protection architecture system
CN105260678A (en) Mobile equipment and equipment operating method
CA3165290A1 (en) Systems and methods for secure face authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19943632

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19943632

Country of ref document: EP

Kind code of ref document: A1