laitimes

vivo, hardware security love with thunder

"Thor 4" has just released a trailer, and "Thor's Weight Loss Success" has been on the hot search. Many small partners say that people and immortals are so hard to lose weight, what reason do we mortals have not to work hard?

The movie has an interesting name, "Love and Thunder". These four words remind me of the highest requirements in the field of information security. To do security is to give users love, respect and understanding, but also need to thunder the momentum, do not leave a little dead end to security risks, and do not give illegal activities any opportunities to take advantage of.

In the context of national anti-fraud, the importance of software security has been continuously strengthened. If you want to build a three-dimensional information security barrier, the importance of hardware security should not be underestimated.

On April 20-22, the 2022 Boao Forum for Asia was held in Boao, Hainan. During the meeting, vivo officially became the strategic partner of the Boao Forum for Asia 2022 Annual Conference, and the folding screen flagship vivo X Fold and the large-screen business flagship X Note became the "official designated machine of the Boao Forum for Asia". Lu Jinghui, Chief Security Officer of Vivo, attended the boao forum for Asia "Digital Economy: Born to the Sun" sub-forum and shared the "Vivo Data Protection Compliance Trend White Paper" and vivo's practices and achievements in the field of data security and personal privacy protection.

vivo, hardware security love with thunder

In the important industrial stage of the Boao Forum, vivo has brought a security concept that compares hearts and minds and communicates all walks of life in the industry through research such as the "White Paper"; in terms of product technology, the architecture-level security system that shows the thunderous momentum through vivo X Fold.

About safety, about protection, vivo's love and thunder have been staged first.

On the road of scientific and technological anti-fraud, hardware security cannot be ignored

In 2021, the public security organs cracked more than 441,000 cases of telecommunications network fraud, arrested more than 690,000 suspects, and recovered and returned 12 billion yuan of defrauded funds. Through the unremitting efforts of the police and the people and the continuous publicity of the society, China has entered a new stage of national anti-fraud.

However, it should also be noted that the road to anti-fraud is still long, and lawbreakers are still frequently changing their fronts, testing the weak key to information security and anti-fraud awareness. On April 18, the Jinzhou Internet Police Patrol Law Enforcement released a message saying that recently, online fraud against primary and secondary school students has occurred in Guangdong, Jiangxi, Jiangsu and other places. A primary school student was seduced by criminals within 1 hour and purchased nearly 120,000 yuan of game point cards in continuous operation.

From impersonating customer service, public officials, falling in love with "pig killing plates", network part-time jobs, and then to various network scams for the elderly and primary school students, scammers can always break through the dead corner of security awareness from unexpected directions, which reminds us that anti-fraud and security can not only rely on user awareness, but also need to cast a scientific and technological defense line.

Today, the technology industry is investing in more and more diverse ways and means of counter-fraud. For example, Baidu AI has built an AI anti-fraud platform relying on threat intelligence big data and knowledge graph technology; Tencent has launched anti-fraud functions in various software products, such as "WeChat FireEye Anti-Fraud System", WeChat "Money Bag Guardian Plan" and so on. Major operators have also joined the anti-fraud army, such as China Mobile's continuous "broken card 2.0" operation, cat fighting operation and so on.

vivo, hardware security love with thunder

In the strengthening of security and anti-fraud actions in the scientific and technological community, the improvement of hardware security capabilities and the strengthening of anti-fraud capabilities are absolutely indispensable links. Take the "transfer" of a key link in the anti-fraud scenario as an example. Many online scams require scammers to transfer money to some high-risk accounts. If the hardware side can effectively identify the risk account, it can cut off the risk in this crucial link.

The Thousand Mirrors Trusted Engine in the X Fold/X Note series can accomplish this task. Through cooperation with Alipay, the trusted security judgment capability of the Thousand Mirror Trusted Engine is combined with the AntDTX trusted terminal extension scheme of the payment APP, which upgrades the local risk perception ability of the mobile phone. When a user uses a payment APP on X Fold/X Note to transfer money to a suspicious fraudulent account, the Thousand Mirror Trust Engine can locally assess and identify the risk of the transaction and feedback the risk result, alipay based on the results to make a comprehensive judgment, and then prompt the user with an early warning.

Hardware is the closest interactive platform to users and the place where all data and privacy are stored. All-round, three-dimensional hardware security is the construction direction that the industry cannot ignore. In order to achieve this goal, Vivo's strategic approach is to have both "love and thunder".

Love, create a heart-to-heart digital world

Creating real, perceptible and universal development of hardware security requires the joint efforts of the industry and more sharing and exchange.

Lu Jinghui attended the Boao Forum for Asia and shared Vivo's cutting-edge thinking in the field of data protection with the "Vivo Data Protection Compliance Trend White Paper" as the window. The "Data Protection Compliance Trend White Paper" jointly compiled by the Academy of Information and Communications Technology and Vivo shared the data compliance trends and dynamics of various countries and regions around the world, how various industries can carry out data compliance and security protection, and shared vivo's data protection compliance governance strategy, showing vivo's data security practice exploration.

vivo, hardware security love with thunder

The core value of this White Paper is to promote the latest industry consensus on data compliance and information security based on understanding and communication. Open vivo's information and practices to the industry, so that consumers can finally reap the security value from the development of the industry.

Lu Jinghui, chief security officer of vivo, said: In the technical exploration of user privacy and data security, we "will be heart-to-heart" and we "spare no effort". Our leadership and innovation are only to build a digital world where users can live in peace of mind and safety.

Comparing heart to heart may be an expression of "love". To be safe requires love, and it includes—

Have a loving understanding of the industry;

Responsibility for consumer data;

We look forward to the future of data security and privacy protection.

Thunder, building an architectural level security that "stands on top of the sky"

In the industry communication and industrial development, love is used to light up the future, and in the landing of product strength and technology, it is necessary to use thunder to guard the present. During the meeting, vivo officially became a strategic partner of the Boao Forum for Asia 2022 Annual Conference, and vivo X flagship series became the official designated machine of the Boao Forum for Asia.

One of the product strengths included in this honor is the "top three-dimensional" system built by vivo in the field of security.

Hardware security is a systematic project, because every component, every link may become a security architecture, which makes hardware-level security must be designed from the "top" level of the overall architecture, and the overall security door needs to be firmly grasped; at the same time, it is also necessary to point directly to the security needs and dynamics of consumers, give the most practical "standing" capabilities, so that security can really be followed.

To create a thunderous momentum in the field of security, the officially designated machine vivo X Fold of the Boao Forum for Asia has built 1 chip, 1 architecture, 5 major privacy protection functions, and 1 privacy portal".

At the overall architecture level security level, vivo has developed a user-centered "thousand mirrors security paradigm". From chip to core, from framework to application, enable end-to-end architecture-level security. Based on the architecture capabilities of Thousand Mirrors, vivo has created dozens of security functions and products, realized systematic security capabilities, and collaborated more closely between layers, which can open up many security functions.

Such an architecture-level security policy minimizes the fundamental problem that security capabilities are limited to single-point products or functions, and risks always have the opportunity to take advantage of, bringing holistic, full-link security protection capabilities to mobile devices.

vivo, hardware security love with thunder

At the chip layer, the Thousand Mirrors architecture provides financial-grade hardware security capabilities for the upper layer, such as key storage, hardware encryption and decryption, etc., to ensure that whether it is a transfer transaction or ordinary information browsing, it is protected by hardware; at the kernel layer, the architecture guarantees the correctness of the system for resource calls and allows the mobile phone to run in a high-security kernel environment; at the framework layer, the architecture controls application permissions and application behavior to prevent sensitive permissions from being abused.

Under the thousand mirror architecture, vivo also gives the security application function according to the user's needs and security risk development. For example, the above-mentioned Thousand Mirrors security engine can be comprehensively analyzed and calculated at all levels of the mobile phone chip, core, framework and application, so as to judge and score the overall security of the mobile phone and ensure that data access is safe and credible. This makes a large number of mobile fraud use of untrustworthy websites, APP model nowhere to stay, truly protect the rights and interests of consumers.

In addition, vivo also launched a remote lock card function in X Fold/X Note, which can help users lock the SIM card remotely; the minimalist browser can achieve intelligent interception and early warning when encountering malicious ads and risk URLs to prevent network fraud; the local input method Jovi input method Pro, which can ensure that the user input information is only running locally on the mobile phone after opening the local mode, protecting personal data; in important and sensitive occasions, vivo also supports one-click on stealth mode and turns off the phone microphone 2. Camera and location service functions to prevent information leakage from the source.

From chips, architectures to application functions, vivo's security capabilities are like thunder that leaves no dead ends, illuminating every blind spot of information security.

A long-term view of security

Security is not a selling point or a gimmick, but a fundamental concept that needs to be pursued for a long time. Just as people need a world view and values, a technology company with long-term ideals must have a security concept from itself to the industry.

Whether it is the industry-leading efforts made by vivo, or the security capabilities and security thinking shown by vivo products, we can see how a company creates a long-term security concept.

Perhaps we can understand vivo's security concept as starting from technology, starting from products, standardization, and industry consensus layer by layer, and ultimately promoting the security upgrade of the entire digital world.

At the level of product safety level, vivo X Fold and X Note two products have both passed the "Mobile Intelligent Terminal Security Capability Grading Test" of China Thiel Lab, becoming a mobile phone that meets the requirements of five levels of security capabilities. vivo OriginOS obtained the certificate of the first five-star product of personal information protection ability of mobile intelligent terminal operating system in China Thiel Lab.

vivo, hardware security love with thunder

In the field of mobile phone security standardization, Vivo has led and participated in the compilation of more than 60 personal information protection and data security standards, and has participated in the formulation of a number of data security compliance and personal privacy protection management regulations issued by the Ministry of Industry and Information Technology and the Cyberspace Administration of China.

Moving towards the level of industry consensus, vivo has promoted the industry first of many key security trends such as data compliance, architecture-level security, and information localization, driving the entire mobile phone industry to a high level of data and privacy security, and actively protecting user value in multiple ways.

Every vivo-driven security capability upgrade adheres to the logic of continuous superposition, continuous upward, and non-stop action.

In the unshirkable work of safety, Vivo played a song of love and thunder for a long time.

Read on