[go: up one dir, main page]

WO2017047904A1 - Procédé et appareil d'installation d'une application de confiance sur un dispositif électronique - Google Patents

Procédé et appareil d'installation d'une application de confiance sur un dispositif électronique Download PDF

Info

Publication number
WO2017047904A1
WO2017047904A1 PCT/KR2016/005388 KR2016005388W WO2017047904A1 WO 2017047904 A1 WO2017047904 A1 WO 2017047904A1 KR 2016005388 W KR2016005388 W KR 2016005388W WO 2017047904 A1 WO2017047904 A1 WO 2017047904A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
electronic device
trusted
application package
package
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2016/005388
Other languages
English (en)
Korean (ko)
Inventor
야우아놀드
한찬규
선크술라사다
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB1516326.4A external-priority patent/GB2542355B/en
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Priority to EP16846726.4A priority Critical patent/EP3321802A4/fr
Priority to US15/760,457 priority patent/US10379833B2/en
Publication of WO2017047904A1 publication Critical patent/WO2017047904A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Definitions

  • the present disclosure is directed to a method and apparatus for installing a trusted application (TA) on an electronic device.
  • TA trusted application
  • a trusted application is an application that provides security services to applications running on a normal OS, such as mobile banking applications.
  • An application can increase its security level by using a trusted application.
  • Trusted applications can be distributed and managed to client devices through a server-based system called a Trusted Services Manager (TSM).
  • TSM Trusted Services Manager
  • server-based systems such as TSM can take a long time to deploy, can be expensive to set up, and can incur overhead in management.
  • TSM Trusted Services Manager
  • the present disclosure relates to a method of installing a trusted application in an electronic device, and more particularly, to a method of installing a trusted application in an electronic device by using a method of distributing and installing an existing application.
  • a trusted application may be distributed to one or more electronic devices using an application package without necessarily having a server-based system for distributing trusted applications to one or more electronic devices.
  • FIG. 1 is a block diagram illustrating a system for distributing trusted applications, according to one embodiment.
  • FIG. 2 is a block diagram illustrating an internal structure of a processor in which a trusted application is installed, according to an embodiment.
  • 3 and 4 are flowcharts illustrating a method of installing a trusted application according to an exemplary embodiment.
  • FIG. 5 is a block diagram illustrating an apparatus for distributing a trusted application to an electronic device, according to an embodiment.
  • FIG. 6 is a block diagram illustrating an application package including a plurality of trusted applications of different types according to an embodiment.
  • FIG. 7 is a block diagram illustrating a system including paired electronic devices according to an embodiment.
  • FIG. 8 is a flowchart illustrating a method of transmitting a trusted application to another electronic device paired with an electronic device according to an embodiment.
  • FIG. 9 is a flowchart illustrating a method of distributing an application package including a trusted application according to an embodiment.
  • FIG. 10 is a block diagram illustrating an electronic device in which an application is installed, according to an exemplary embodiment.
  • a method of installing an application in an electronic device includes: obtaining an application package for installing the application; Determining whether the application package includes a trusted application that can be installed on the electronic device; And if the application package includes the trusted application, installing the trusted application on the electronic device.
  • the installing may include installing in the security area of the electronic device based on a type of the security area of the electronic device when the application package includes a plurality of trusted applications respectively corresponding to different types of security areas. Selecting a trusted application that can be trusted; Installing the selected trusted application in a secure area of the electronic device.
  • the other electronic device includes a wearable electronic device paired with the electronic device.
  • the determining may include obtaining a flag value indicating whether to include the trusted application in the application package; And determining whether the application package includes a trusted application that can be installed in a security area of the electronic device based on the obtained flag value.
  • an electronic device in which an application is installed may include a network interface for obtaining an application package for installing the application; Determine whether the application package includes a trusted application that can be installed on the electronic device, and if the application package includes the trusted application, install the trusted application on the electronic device. It includes a processor.
  • a method of distributing an application to an electronic device includes: obtaining a normal application to be installed on the electronic device and a trusted application to be installed on the electronic device; Combining the normal application and the trusted application into an application package; And transmitting the application package to the electronic device.
  • a computer-readable recording medium having recorded thereon a program for implementing a method of installing an application on an electronic device.
  • first and second may be used to describe various components, but the components should not be limited by these terms. These terms are used to distinguish one component from another.
  • Some embodiments of the present disclosure may be represented by functional block configurations and various processing steps. Some or all of these functional blocks may be implemented in various numbers of hardware and / or software configurations that perform particular functions.
  • the functional blocks of the present disclosure may be implemented by one or more microprocessors or by circuit configurations for a given function.
  • the functional blocks of the present disclosure may be implemented in various programming or scripting languages.
  • the functional blocks may be implemented in algorithms running on one or more processors.
  • the present disclosure may employ the prior art for electronic configuration, signal processing, and / or data processing. Terms such as “mechanism”, “element”, “means” and “configuration” may be used broadly and are not limited to mechanical and physical configurations.
  • connecting lines or connecting members between the components shown in the drawings are merely illustrative of functional connections and / or physical or circuit connections. In an actual device, the connections between components may be represented by various functional connections, physical connections, or circuit connections that are replaceable or added.
  • FIG. 1 is a block diagram illustrating a system for distributing trusted applications, according to one embodiment.
  • a system for distributing trusted applications includes an electronic device 100, an application distribution service apparatus 110, and a network 120.
  • the application distribution service apparatus 110 may transmit an application package for installing an application to the electronic device to the at least one electronic device 100 through the network 120.
  • the application distribution service apparatus 110 may transmit an application package to the electronic device 100 according to a request of the electronic device 100.
  • the electronic device 100 includes a processor 101, a network interface 102 for connecting to a network, and a memory 103 for storing a computer program that can be executed by the processor 101.
  • the processor 101 may include at least one of a rich OS environment 101a and a trusted execution environment (TEE) 101b shown in FIG. 2.
  • Rich OS environment 101a and trusted execution environment 101b may provide an environment in which normal and trusted applications can run.
  • an application installed in the rich OS environment 101a will be referred to as a normal application.
  • the memory 103 may include a computer readable recording medium.
  • the memory 103 of the electronic device 100 includes an application manager 104 and a trusted application installation service unit 105.
  • the application manager 104 and the trusted application installation service unit 105 may be software programs stored in the memory 103.
  • the application manager 104 and the trusted application installation service unit 105 may be embedded in the electronic device 100.
  • the application manager 104 may obtain an application package from the application distribution service device 110.
  • the application package may include a normal application that may be installed in the rich OS environment 101a.
  • the trusted application installation service unit 105 may check whether the application package obtained from the application distribution service apparatus 110 includes a trusted application. When the application package includes a trusted application, the trusted application installation service unit 105 may extract the trusted application from the application package and install the trusted application in the trusted execution environment 101b.
  • the trusted application installation service unit 105 may be provided in advance in the electronic device 100 by the manufacturer of the electronic device 100. Accordingly, the trusted application installation service unit 105 may be provided in the electronic device 100 to be adapted to the architecture of the trusted execution environment 101b. The trusted application installation service unit 105 may extract a trusted application from the application package and install the trusted application. Therefore, according to an embodiment, a separate server-based system for distributing and managing a trusted application to the plurality of electronic devices 100 may not be required.
  • FIG. 2 is a block diagram illustrating an internal structure of a processor in which a trusted application is installed, according to an embodiment.
  • the processor 101 of the electronic device 100 may include at least one of a rich OS environment 101a and a trusted execution environment 101b on which a normal application and a trusted application may be installed and executed, respectively. Can be.
  • a normal application can be executed on an operating system (OS).
  • the rich OS environment 101a may include an operating system on which conventional normal applications of the electronic device 100 may run.
  • the normal applications executed in the rich OS environment 101a may be isolated from each other by the operating system and executed. Thus, normal applications can be protected against external attacks.
  • the operating system of the rich OS environment 101a is not relatively high in security level, there is a possibility that the operating system of the rich OS environment 101a is contaminated by malware. Since the security level of the application is dependent on the underlying operating system, if the operating system of the rich OS environment 101a is contaminated, the normal application is also likely to be contaminated. Thus, in the rich OS environment 101a, processes that handle relatively insignificant data may be performed by the normal application.
  • a trusted application can be executed on a secure operating system (OS).
  • the security operating system further includes additional security features and can strongly control external access to trusted execution environments.
  • the trusted execution environment 101b may include a secure operating system to provide an isolated environment in which trusted applications can run.
  • Rich OS environment 101a and trusted execution environment 101b may be separate operating system environments that run in parallel. As the data flow between the rich OS environment 101a and the trusted execution environment 101b is strictly controlled, the data of the trusted execution environment 101b can be protected. External access to trusted execution environment 101b as compared to rich OS environment 101a may be strictly limited for the protection of data processed in trusted execution environment 101b.
  • the trusted application can be invoked and executed by one or more normal applications running on the operating system of the rich OS environment 101a.
  • a mobile banking application may request access to a trusted application to process sensitive and sensitive data, such as private information of a user.
  • 3 and 4 are flowcharts illustrating a method of installing a trusted application according to an exemplary embodiment.
  • the electronic device 100 may obtain an application package for installing an application in the electronic device 100 through the network 120.
  • the application package may include a normal application installed in the rich OS environment 101a.
  • the electronic device 100 may determine whether the application package obtained in operation S310 includes a trusted application. For example, the electronic device 100 may determine whether the application package includes a trusted application based on a flag value indicating whether a trusted application is included. The flag may be included in the application package. According to an embodiment, regardless of whether the application package includes a trusted application, the electronic device 100 may install a normal application in the rich OS environment 101a using the application package.
  • the electronic device 100 may extract a trusted application from the application package and install the installed application in the electronic device 100.
  • the trusted application may be installed in the secure area of the electronic device 100.
  • the secure area of the electronic device 100 may provide a high security level environment to trusted applications.
  • the security zone may include a trusted execution environment 101b. Trusted execution environment 101b can provide a highly secure environment to trusted applications by strictly restricting access from the outside. Trusted applications can be installed in the security domain to handle sensitive and sensitive data in high security environments.
  • the electronic device 100 may obtain an application package for installing an application in the electronic device 100 through the network 120.
  • the electronic device 100 may access an app store provided by the application distribution service apparatus 110.
  • the app store may provide the electronic device 100 with at least one of information about an application installed in the electronic device 100 and information about a new application that may be installed in the electronic device 100.
  • the electronic device 100 may download an application package for installing the selected application in the electronic device 100 through the app store.
  • the electronic device 100 may install a normal application in the rich OS environment 101a using an application package.
  • the electronic device 100 may recognize that a new application is installed in the rich OS environment 101a. For example, the electronic device 100 may use 'New App Installed' (“android.intent.action.PACKAGE_ADDED”) that is an event notification indicating that a new application is installed. 'New App Installed' (“android.intent.action.PACKAGE_ADDED”) may be used by the electronic device 100 to recognize that a new application is installed.
  • 'New App Installed' (“android.intent.action.PACKAGE_ADDED”) may be used by the electronic device 100 to recognize that a new application is installed.
  • the above-described event notification is merely an example, and different types of event notifications may be used according to the type of OS used in the electronic device 100.
  • the electronic device 100 may determine whether an application package of a new application installed in the rich OS environment 101a includes a trusted application. For example, the electronic device 100 may determine whether the application package includes a trusted application based on a flag value indicating whether the application package includes a trusted application. In one embodiment, if the application package does not include a trusted application, installation of the trusted application is not necessary, so the installation of the application may be terminated.
  • the electronic device 100 may determine whether a plurality of trusted applications are included in the application package. For example, the electronic device 100 may determine whether a plurality of trusted applications are included in the application package based on identification information indicating a trusted application included in the application package.
  • An application package may include a plurality of trusted applications that may be installed in different types of trusted execution environments 101b or different types of electronic devices 100. Different types of trusted execution environments may be from different versions provided by different vendors or from the same vendor.
  • the electronic device 100 may extract, from an application package, a trusted application that may be installed in the trusted execution environment 101b of the electronic device 100 among a plurality of trusted applications.
  • the electronic device 100 may install the extracted trusted application in the trusted execution environment 101b.
  • the electronic device 100 may select a trusted application that may be installed in the trusted execution environment 101b in which the trusted application is to be installed. For example, the electronic device 100 may select a trusted application that can be installed and executed in the trusted execution environment 101b among a plurality of trusted applications.
  • the electronic device 100 may be installed in each trusted execution environment 101b. You can select more than one.
  • the electronic device 100 may extract the trusted application selected in operation S460 from the application package and install the trusted application in the trusted execution environment 101b.
  • the trusted application may be installed after the normal application is installed in the rich OS environment 101a or before the normal application is installed in the rich OS environment 101a.
  • the normal application and the trusted application may be installed in parallel.
  • a trusted application is installed after the application is installed in the rich OS environment 101a. This is because, by the system notification, the electronic device 100 may recognize that a new application is installed and perform installation of a trusted application.
  • the electronic device 100 may install the trusted application included in the application package in the trusted execution environment 101b.
  • the trusted application installation service unit 105 may terminate the process of installing the trusted application without installing the trusted application.
  • the trusted application installation service unit 105 may terminate the process of installing the trusted application without installing the trusted application. Can be.
  • FIG. 5 is a block diagram illustrating an apparatus for distributing a trusted application to an electronic device, according to an embodiment.
  • the apparatus illustrated in FIG. 5 may be included in the embodiment of the application distribution service apparatus 110 of FIG. 1.
  • the application distribution service apparatus 110 includes an application package generator 111 that combines at least one of a flag 114, a normal application 115, and a trusted application 116 to generate an application package 113. do.
  • the application package generator 111 may generate the application package 113 using a software development kit based on a predetermined operating system.
  • Software development kits are a set of development tools that enable you to create applications for hardware platforms, computer systems, operating systems, and more.
  • the application package generator 111 may generate an application package 113 that may be installed in an operating system installed in the electronic device 100 using a software development kit.
  • the application package generator 111 may generate an application package 113 including the trusted application 116 so that the trusted application 116 may be installed in the electronic device 100 together with the normal application 115. have.
  • the application package generator 111 may set a state of the flag 114 to indicate whether the trusted application 116 is included in the application package 113. For example, the flag 114 may be set to 'TRUE' if the trusted application 116 is included or to 'FALSE' if the trusted application 116 is not included.
  • the flag 114 may be defined using custom android permission.
  • Custom Android credential information is an option to set the necessary permissions when a given activity is executed.
  • the presence of the above-mentioned authorization information may be checked by the electronic device 100.
  • the credential information may be used to indicate the presence or absence of trusted application 116 for application package 113.
  • the authorization information may appear as a sentence (eg, "com.samsung.sec.TA_EXISTS").
  • the authority information may be stored in a manifest file including information related to the normal application.
  • the flag 114 may be defined in the application package 113 in various ways.
  • the information indicating whether the application package 113 includes the trusted application 116 may be included in the application package 113 as various types of information as well as the flag 144.
  • the electronic device 100 may determine whether the application package 113 includes a trusted application 116 by checking the state of the flag 114. If the value of the flag 114 is 'TRUE', the electronic device 100 may perform a process for installing the trusted application 116.
  • authentication tokens for management of trusted execution environments may be embedded in the application package 113.
  • various management functions eg, trusted application deletion, update and status update
  • the authentication token is electronically representing authenticated instructions issued by a privileged entity associated with the trusted execution environment or trusted application 116 of the electronic device 100, such as a vendor of a trusted execution environment or a secure domain owner. Signed binary data.
  • the flag 114 may signal the presence and absence of the trusted application 116.
  • the existence and absence of the trusted application 116 may include a package name attribute by including a suffix, for example, ".TA PKG", which is a signal indicating the existence of the trusted application 116. Signaled via
  • the application distribution service apparatus 110 may include an application distribution unit 112 that transmits an application package 113 to the electronic device 100.
  • the application distributor 112 may transmit the application package 113 generated by the application package generator 111 to the electronic device 100.
  • the application distributor 112 may transmit the application package 113 to the electronic device 100 according to a request of the electronic device 100.
  • FIG. 6 is a block diagram illustrating an application package including a plurality of trusted applications of different types according to an embodiment.
  • the application package 600 may include a flag 610, a normal application 620, and a plurality of trusted applications 630 and 640.
  • the flag 610 may include information about whether the application package 600 includes a trusted application.
  • Each trusted application 630, 640 may correspond to a type 1 trusted execution environment 101b and a type 2 trusted execution environment 101b. Alternatively, each trusted application 630, 640 may correspond to a type 1 and type 2 electronic device 100, respectively.
  • the developer of the application may provide the same application package 600 to different types of electronic devices 100.
  • Different types of electronic devices 100 may include different types of trusted execution environments 101b.
  • the application package 600 may include a plurality of trusted applications 630 and 640 that may be installed in different types of trusted execution environments 101b.
  • one application package 600 may be provided to the electronic devices 100.
  • the electronic device 100 extracts from the application package 600 a trusted application 630, 640 that matches the type of the electronic device 100 and trustworthy execution environment 101b of the electronic device 100. ) Can be installed.
  • FIG. 7 is a block diagram illustrating a system including paired electronic devices according to an embodiment.
  • a mobile electronic device 720 such as a smart phone may be paired with a wearable electronic device 710 such as a smart watch.
  • a wearable electronic device 710 such as a smart watch.
  • Various types of electronic devices may be paired with each other, not limited to the wearable electronic device 710 and the mobile electronic device 720.
  • the second application package may refer to an application package included in the first application package.
  • the third application package may refer to an application package included in the second application package.
  • the first application package may be an application package that may be directly connected to a network or installed in an electronic device used as a main apparatus.
  • the second application package may be an application package that may be installed in an electronic device that is not directly connected to the network but is connected to the network through another electronic device or used as an auxiliary device.
  • the electronic device in which the first application package and the second application package may be installed, respectively may be devices that are connected or paired with each other by wire or wireless.
  • the second application package may be installed in an electronic device of a type that may be connected or paired with an electronic device of the type in which the first application package may be installed.
  • the second application package 723, 726 may be included in the first application package 721, and the second application package 723, 726 may include another application package, for example, a third application package.
  • the second application package 723 may be installed in the type 1 wearable electronic device 710 paired with the mobile electronic device 720.
  • the second application package may include at least one of a normal application 724 and a trusted application 725 that may be installed in the wearable electronic device 710.
  • the third application package which may be included in the second application package 723, 726, may be installed in an electronic device of the type that may be paired or connected with an electronic device of the type in which the second application package 723, 726 may be installed.
  • the application package may include application packages that can be installed repeatedly on another electronic device as in the above-described embodiment.
  • the mobile electronic device 720 extracts the normal application 729 and the trusted application 730 from the first application package 721 to extract the normal application 729 and the trusted application 730 from the rich OS environment 731. And trusted execution environment 732, respectively.
  • the mobile electronic device 720 determines, based on the value of the flag 722, whether a trusted application 730 exists in the first application package 721, and sends the trusted application 730 to the mobile electronic device 720. Can be installed.
  • the first application package 721 may further include a second application package 723 for the type 1 wearable electronic device 710 and an application package 726 for the type 2 wearable electronic device.
  • Different types of wearable electronic devices may include different operating systems or different trusted execution environments.
  • the application package 723 for the type 1 wearable electronic device and the application package 726 for the type 2 wearable electronic device are respectively provided for normal applications 724 and 727 that can be installed on different operating systems and different trusted execution environments. It may include at least one of trusted applications 725, 728 that may be installed.
  • the first application package 721 obtained by the mobile electronic device 720 may include an Android package for the Android Wear smart work as a second application package, or may include a widget for the Samsung Gear Smart Watch. have.
  • Each second application package 723, 726 may further include flags 741, 742 indicating whether the trusted applications 725, 728 are included.
  • the electronic device in which the second application packages 723 and 726 are installed may determine whether the trusted applications 725 and 728 exist using the flags 741 and 742.
  • the mobile electronic device 720 may extract a second application package 723, which may be installed in the type 1 wearable electronic device 710, from the first application package 721.
  • the mobile electronic device 720 may transmit the second application package 723 to the type 1 wearable electronic device 710.
  • the type 1 trusted application 725 included in the second application package 723 may be installed in the trusted execution environment 715 of the type 1 wearable electronic device 710.
  • the second application package 723 may further include a type 1 normal application 724 to be installed in the rich OS environment 714 of the wearable electronic device 710.
  • the second application package 723 may include at least one of a type 1 normal application 725 and a trusted application 725 that may be installed in the type 1 wearable electronic device 710. have.
  • At least one of the normal application 724 and the trusted application 725 included in the second application package 723 may be related to the normal application 729 or the trusted application 730 installed in the mobile electronic device 720.
  • the second application package 723 may include at least one of the type 1 normal application 724 and the trusted application 725 that may be executed in conjunction with the normal application 729 installed in the mobile electronic device 720. It may include.
  • FIG. 8 is a flowchart illustrating a method of transmitting a trusted application to another electronic device paired with an electronic device according to an embodiment.
  • the electronic device may acquire a first application package.
  • the electronic device and the other electronic device may be paired with each other or connected in a wired or wireless manner.
  • the electronic device may determine a second application package to be transmitted to another electronic device among one or more second application packages included in the first application package.
  • the second application package may be determined according to whether the application of the second application package can be installed in another electronic device.
  • At least one of a normal application and a trusted application included in the second application package may be installed in another electronic device that receives the second application package.
  • the other electronic device may install the trusted application based on the flag included in the second application package.
  • the first application package for the mobile electronic device may include one or more second application packages for different types of wearable electronic devices.
  • a second application package that may be installed in the paired wearable electronic device may be selected.
  • the second application package may be transmitted to the paired wearable electronic device.
  • the electronic device may extract the second application package determined in operation S820 from the first application package to be transmitted to another electronic device.
  • the extracted second application package may be transmitted to another electronic device.
  • the second application package may include at least one of a normal application that may be installed in a rich OS environment and a trusted application that may be installed in a trusted execution environment.
  • the second application package may further include a flag indicating whether a trusted application is included.
  • the trusted application may not be included in the second application package but may be transmitted by itself to another electronic device extracted and paired by the electronic device.
  • the second application package sent to the other paired electronic device may include one or more third application packages.
  • the other paired electronic device may extract the third application package from the second application package and transmit the third application package to the electronic device where the application of the third application package is to be installed.
  • the electronic device in which the third application package is to be installed may be another electronic device paired with the electronic device in which the application of the second application package is installed.
  • FIG. 9 is a flowchart illustrating a method of distributing an application including a trusted application, according to an exemplary embodiment.
  • an apparatus for distributing an application may acquire a normal application to be installed in an electronic device and a trusted application to be installed in a secure area of the electronic device.
  • the apparatus for distributing the application may combine the normal application and the trusted application into the application package.
  • the application package may further include a flag indicating whether to include a trusted application.
  • the application package may include a plurality of trusted applications corresponding to the types of the plurality of trusted execution environments.
  • the apparatus may transmit the application package to the electronic device where the application is to be installed.
  • the apparatus may transmit the application package to the electronic device at the request of the electronic device.
  • FIG. 10 is a block diagram illustrating an electronic device in which an application is installed, according to an exemplary embodiment.
  • the electronic device 1000 may include, for example, a network interface 1010 and a processor 1020.
  • the network interface 1010 may obtain an application package for installing an application through an external network.
  • the application package may be provided to the electronic device 1000 through an app store that provides an application package that can be installed in the electronic device 1000.
  • the processor 1020 may extract a trusted application from an application package obtained through the network interface 1010, and install the trusted application in a security area of the electronic device 1000.
  • the secure area of the electronic device 1000 may include a trusted execution environment with limited external access. Trusted applications can work with sensitive and sensitive data. Trusted applications run in a trusted execution environment, allowing them to perform their tasks with a high level of security.
  • a trusted application may be distributed to one or more electronic devices using an application package without necessarily having a server-based system for distributing trusted applications to one or more electronic devices.
  • the above-described embodiments can be written as a program that can be executed in a computer, and can be implemented in a general-purpose digital computer which operates the program using a computer-readable medium.
  • the structure of the data used in the above-described embodiment can be recorded on the computer-readable medium through various means.
  • the above-described embodiments may be implemented in the form of a recording medium including instructions executable by a computer, such as a program module executed by the computer.
  • methods implemented with a software module or algorithm may be stored on a computer readable recording medium as code or program instructions that the computer can read and execute.
  • Computer readable media can be any recording media that can be accessed by a computer, and can include volatile and nonvolatile media, removable and non-removable media.
  • Computer-readable media may include, but are not limited to, magnetic storage media such as ROM, floppy disks, hard disks, and the like, and optical storage media such as CD-ROMs, DVDs, etc. Do not.
  • the computer readable medium may include computer storage media and communication media.
  • a plurality of computer-readable recording media may be distributed in networked computer systems, and data stored in the distributed recording media, for example, program instructions and code, may be executed by at least one computer. have.
  • ... unit refers to a unit for processing at least one function or operation, which may be implemented in hardware or software, or a combination of hardware and software.
  • the "unit” and “module” may be implemented by a program stored in a storage medium that can be addressed and executed by a processor.
  • module means components such as software components, object-oriented software components, class components, and task components, and processes, functions, properties, pros, etc. It can be implemented by procedures, subroutines, segments of program code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays and variables.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention concerne un procédé permettant d'installer une application sur un dispositif électronique, ledit procédé consistant à : obtenir un progiciel d'application pour l'installation d'une application ; déterminer si le progiciel d'application comprend une application de confiance qui peut être installée sur un dispositif électronique ; et, lorsque le progiciel d'application comprend une application de confiance, installer l'application de confiance sur le dispositif électronique.
PCT/KR2016/005388 2015-09-15 2016-05-20 Procédé et appareil d'installation d'une application de confiance sur un dispositif électronique Ceased WO2017047904A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP16846726.4A EP3321802A4 (fr) 2015-09-15 2016-05-20 Procédé et appareil d'installation d'une application de confiance sur un dispositif électronique
US15/760,457 US10379833B2 (en) 2015-09-15 2016-05-20 Method and apparatus for installation of trusted application in electronic device

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB1516326.4 2015-09-15
GB1516326.4A GB2542355B (en) 2015-09-15 2015-09-15 Methods and apparatus for distributing and installing trusted applications
KR10-2016-0057812 2016-05-11
KR1020160057812A KR102548900B1 (ko) 2015-09-15 2016-05-11 신뢰된 어플리케이션을 전자 디바이스에 설치하는 방법 및 장치

Publications (1)

Publication Number Publication Date
WO2017047904A1 true WO2017047904A1 (fr) 2017-03-23

Family

ID=58289030

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/005388 Ceased WO2017047904A1 (fr) 2015-09-15 2016-05-20 Procédé et appareil d'installation d'une application de confiance sur un dispositif électronique

Country Status (1)

Country Link
WO (1) WO2017047904A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110032246A (ko) * 2009-09-22 2011-03-30 삼성전자주식회사 디스플레이 장치 및 휴대폰의 제어방법
WO2013065915A1 (fr) * 2011-11-04 2013-05-10 에스케이플래닛 주식회사 Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant
US20130160147A1 (en) * 2011-12-16 2013-06-20 Dell Products L.P. Protected application programming interfaces
KR20150032906A (ko) * 2012-07-19 2015-03-30 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 애플리케이션 설치 방법 및 시스템
KR20150052068A (ko) * 2012-09-05 2015-05-13 마이크로소프트 코포레이션 애플리케이션에 대한 중간 언어 코드로부터 네이티브 코드를 생성하는 기법

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110032246A (ko) * 2009-09-22 2011-03-30 삼성전자주식회사 디스플레이 장치 및 휴대폰의 제어방법
WO2013065915A1 (fr) * 2011-11-04 2013-05-10 에스케이플래닛 주식회사 Procédé d'interfonctionnement de confiance entre une région de confiance et une région non de confiance, procédé, serveur et terminal pour commander le téléchargement d'applications de confiance, et système de commande les appliquant
US20130160147A1 (en) * 2011-12-16 2013-06-20 Dell Products L.P. Protected application programming interfaces
KR20150032906A (ko) * 2012-07-19 2015-03-30 텐센트 테크놀로지(센젠) 컴퍼니 리미티드 애플리케이션 설치 방법 및 시스템
KR20150052068A (ko) * 2012-09-05 2015-05-13 마이크로소프트 코포레이션 애플리케이션에 대한 중간 언어 코드로부터 네이티브 코드를 생성하는 기법

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3321802A4 *

Similar Documents

Publication Publication Date Title
WO2021060853A1 (fr) Système de contrôle d'accès au réseau et procédé associé
WO2018056601A1 (fr) Dispositif et procédé de blocage de rançongiciel à l'aide d'une commande d'accès à un fichier de contenu
WO2019225921A1 (fr) Procédé de stockage de clé numérique, et dispositif électronique
EP3610404A1 (fr) Procédés et appareil permettant de surveiller un comportement d'application sensible masquée commandée par autorisation lors d'une exécution
WO2010087678A2 (fr) Système et procédé de sécurité de presse-papier
JP5631940B2 (ja) 情報処理装置、方法、プログラム
WO2020045826A1 (fr) Dispositif électronique pour traiter une clé numérique et son procédé de fonctionnement
WO2019039730A1 (fr) Dispositif et méthode pour empêcher les logiciels de rançon
WO2018212474A1 (fr) Unité de mémoire auxiliaire ayant une zone de restauration indépendante, et dispositif appliqué à celle-ci
WO2016064041A1 (fr) Terminal d'utilisateur utilisant une valeur de hachage pour détecter si un programme d'application a été altéré et procédé de détection d'altération utilisant le terminal d'utilisateur
WO2019225849A1 (fr) Dispositif de sécurité et procédé de fourniture d'un service de sécurité par commande de l'entrée/sortie de fichier et de l'intégrité d'un système d'exploitation invité
WO2023113081A1 (fr) Procédé, appareil et support d'enregistrement lisible par ordinateur servant à commander l'exécution d'une charge de travail de conteneur dans un schéma de diffusion en continu d'événements dans un environnement infonuagique
WO2014157826A1 (fr) Système et procédé de blocage d'attaque de code malveillant basé sur dispositif intelligent
WO2014200201A1 (fr) Appareil de gestion de sécurité de fichier et procédé de gestion de protection de système
WO2016085050A1 (fr) Terminal utilisateur fonctionnant conjointement avec des dispositifs périphériques, et procédé pour empêcher une fuite d'informations à l'aide de ce dernier
WO2020111517A1 (fr) Serveur et procédé d'identification d'intégrité d'application
KR100790602B1 (ko) 디바이스 제어기, 디바이스 제어 방법 및 디바이스 제어프로그램이 저장된 기록 매체
WO2011065768A2 (fr) Procédé de protection d'application et procédé d'exécution de l'application utilisant ledit procédé
WO2016064040A1 (fr) Terminal utilisateur utilisant des informations de signature pour détecter si programme d'application a été altéré et procédé de détection de fraude à l'aide du terminal utilisateur
WO2018101656A1 (fr) Dispositif électronique, procédé de commande associé, et support d'enregistrement
WO2015099287A1 (fr) Procédé pour authentifier un utilisateur par utilisation d'un mot de passe à usage unique, et dispositif correspondant
WO2020060101A1 (fr) Dispositif électronique de fourniture de service par utilisation d'un élément sécurisé, et son procédé de fonctionnement
WO2017047904A1 (fr) Procédé et appareil d'installation d'une application de confiance sur un dispositif électronique
WO2019066099A1 (fr) Système de détection de comportement anormal sur la base d'un modèle d'analyse intégré, et procédé associé
CN119293863A (zh) 内存保护方法、系统、计算机设备、存储介质及产品

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16846726

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2016846726

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 15760457

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE