With rapid development of mobile networks and mobile terminals, application software is widely used in various fields, and more types of application software emerge. Software such as financial application software related to an electronic payment service, content copyright protection application software, or security application software for a thin client in cloud computing is related to immediate interests of users, and therefore has a relatively high security requirement.
However, a design of an operating system of a mobile terminal (also referred to as a terminal device) is originally intended to meet some functional requirements instead of high security. In addition, as the operating system is quite open, large, complex, and inevitably exposed to a corresponding system vulnerability, some malware attacks application software or intercepts information of application software by exploiting the system vulnerability. As a result, security of the application software is lowered. Currently, although the application software can be protected by using firewalls, anti-virus software, or the like, the application software cannot be thoroughly protected due to frequent system update and ever-emerging malware.
To address this issue, a solution is: An execution environment of a mobile terminal is divided into two mutually independent execution environments: a rich execution environment (REE) and a trusted execution environment (TEE) by using, for example, a TrustZone technology or a multi-central processing unit (CPU) technology. A currently common mobile operating system (for example, Android) is executed in the REE, and a secure operating system that is isolated is executed in the TEE, has simple functions and a small amount of code, and can be manually audited and controlled. A client application (CA) having a low security requirement runs in the REE. A trusted application (TA) having a high security requirement runs in the TEE, and provides a security service for a CA installed in a mobile operating system. For example, when a user uses the CA in a mobile terminal, if a sensitive operation such as electronic payment needs to be performed, the CA sends a request to the TA. After receiving the request, the TA performs a payment-related verification operation (for example, verifies whether a password is correct), and returns a verification success result to the CA. The CA proceeds with a subsequent step. In this way, leakage of data (for example, the foregoing password) is avoided.
A TEE technology can ensure security of data stored in the TEE and security of the TA. The TA can actually implement a same function as the CA. In an actual operating process, for a user, there is no significant difference between the TA and the CA, and security of the TA is higher than that of the CA. However, both TEE software and REE software run on an application processor (AP). Currently, the TA merely provides a security service for the CA. However, for a mobile terminal, a communication function is crucial, and most data of a user needs to be exchanged with the AP by using a peripheral such as a communications modem, a display screen, or a keyboard. Although the communications modem has an independent running environment and isolated software code, and the display screen and the keyboard may also be set to a security mode, a data transmission channel between the AP and the communications modem is open and insecure. Therefore, malware can still intercept related data when data is transmitted between the AP and the communications modem. Consequently, user data is leaked out, and security of a mobile terminal is lowered.