DOCSLIB.ORG

HUAWEI Mobile Services (HMS) Security Technical White Paper

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
HUAWEI Mobile Services (HMS) Security Technical White Paper HUAWEI Mobile Services (HMS) Security Technical White Paper Issue V1.0 Date 2020-03-31 Huawei Device Co., Ltd. Secure and Trustworthy HUAWEI Mobile Services (HMS) Huawei Device Co., Ltd. Address: No.2 of Xincheng Road, Songshan Lake Zone, Dongguan, Guangdong, P.R. China Website: https://consumer.huawei.com/en/ PSIRT Email: [email protected] Fax: +86-0769-23839866 Issue V1.0 (2020-03-31) Copyright © Huawei Device Co., Ltd. i HUAWEI Mobile Services (HMS) Security Technical White Paper Contents Contents 1 Introduction ..................................................................................................................... 1 Security & Privacy Protection Are Huawei's Top Priorities ................................................................................ 2 2 Chip-based Hardware and OS Security ........................................................................ 4 Security Chip Integrated into the Kirin Processor .............................................................................................. 4 Sensitive Personal Data Processed in Secure Encrypted Zones...................................................................... 5 EMUI Security Hardening & Enforced Management ......................................................................................... 6 3 Secure Service Access ................................................................................................... 7 Password Complexity ........................................................................................................................................ 7 Image Verification Code..................................................................................................................................... 7 Account Protection and Multi-factor Authentication ........................................................................................... 8 Risky Operation Notification .............................................................................................................................. 8 Heuristic Security Authentication ....................................................................................................................... 8 Accounts for Children ........................................................................................................................................ 8 Account Anti-Fraud ............................................................................................................................................ 8 Account Privacy Protection ................................................................................................................................ 9 4 Encryption and Data Protection .................................................................................. 10 Data Security Empowered by EMUI ................................................................................................................ 10 Encryption Key Management and Distribution ................................................................................................ 10 Certification and Digital Signature .................................................................................................................... 11 Trusted Identity Authentication and Integrity Protection .................................................................................. 12 TCIS ................................................................................................................................................................. 13 5 Network Security........................................................................................................... 14 Secure Transmission Channel ......................................................................................................................... 14 Cloud Network Border Protection .................................................................................................................... 14 VPN-based Fine-grained Security Protection .................................................................................................. 15 Host and Virtualization Container Protection ................................................................................................... 16 Multi-layer Intrusion Prevention ....................................................................................................................... 16 Zero Trust Architecture .................................................................................................................................... 17 Vulnerability Management ............................................................................................................................... 17 Operation Audit ................................................................................................................................................ 17 6 Service Security ............................................................................................................ 19 Issue V1.0 (2020-03-31) Copyright © Huawei Device Co., Ltd. ii HUAWEI Mobile Services (HMS) Security Technical White Paper Contents HUAWEI Mobile Cloud .................................................................................................................................... 19 HUAWEI SkyTone ............................................................................................................................................ 20 Find My Phone ................................................................................................................................................. 21 HUAWEI Browser ............................................................................................................................................ 21 HUAWEI Wallet/Huawei Pay ........................................................................................................................... 22 Service Anti-Fraud ........................................................................................................................................... 24 7 AppGallery and App Security....................................................................................... 25 Overview of AppGallery and App Security ....................................................................................................... 25 Developer Identity Verification ......................................................................................................................... 25 Four-Layer Malicious App Detection System................................................................................................... 26 Download and Installation Assurance .............................................................................................................. 27 Runtime Defense Mechanism ......................................................................................................................... 28 Age Rating of Apps .......................................................................................................................................... 29 Security of Quick Apps ..................................................................................................................................... 29 Software Green Alliance .................................................................................................................................. 29 Open Security Cloud Test ................................................................................................................................ 30 8 HMS Core (Developer Kits) .......................................................................................... 32 HMS Core Framework ..................................................................................................................................... 32 Authentication Credentials ........................................................................................................................... 33 Service DR ................................................................................................................................................... 33 Account Kit ....................................................................................................................................................... 34 Authorized Developer Login ........................................................................................................................ 34 Anti-fraud ..................................................................................................................................................... 34 Push Kit............................................................................................................................................................ 34 Identity Authentication .................................................................................................................................. 35 Push Message Protection ............................................................................................................................ 35 Secure Transmission of Push Messages..................................................................................................... 35 In-App Purchases (IAP) ................................................................................................................................... 35 Merchant and Transaction Service Authentication .....................................................................................
Load more

Recommended publications
  • Huawei Appgallery Security Target
    17 March 2021 Document Version 1.0 Huawei AppGallery Security Target DOCUMENT VERSION 0.3 DOCUMENT DATE 15 JUNE 2020 Page i Document management Document identification Document title Huawei AppGallery Security Target Document date 17 March 2021 Prepared by Securelytics Release Authority Huawei Product version 10.4.0.301 Document history Version Date Description 0.1 10 June 2020 Initial Released. 0.2 13 June 2020 Content Updated. 0.3 15 June 2020 Content Updated based on Evaluation Test Lab feedback. 0.4 7 July 2020 Content Updated based on Evaluation Test Lab feedback. 0.4.1 10 July 2020 Minor content Updated based on Evaluation Test Lab feedback. 0.5 23 July 2020 Update based on EOR. 0.6 13 Aug 2020 Update based on EOR. 0.7 28 Aug 2020 Update based on EOR. 0.8 4 Sept 2020 Update based on EOR. 0.9 5 Nov 2020 Content Updated. 0.10 19 Nov 2020 Update based on EOR. 0.11 30 Nov 2020 Content Updated. 0.12 10 Feb 2021 Update identification and Authentication operation. 0.13 24 Feb 2021 Content Updated. Page i Version Date Description 0.14 8 Mar 2021 Content Updated 1.0 17 Mar 2021 Final. Page ii Table of Contents 1 Security Target Introduction ................................................................................................... 1 1.1 ST Reference ........................................................................................................................... 1 1.2 TOE Reference ........................................................................................................................ 1 1.3 Document Organization
    [Show full text]
  • Ubi Banca Available on Appgallery Easier and Faster Payments for All Huawei Mobile Services Devices
    UBI BANCA AVAILABLE ON APPGALLERY EASIER AND FASTER PAYMENTS FOR ALL HUAWEI MOBILE SERVICES DEVICES Milan, 19th June 2020 – The Huawei AppGallery continues to grow. The company’s store now has over 420 million active users per month in the world and 26 million of these are in Europe. UBI Banca’s app is also now available for download on all devices with Huawei Mobile Services: the HUAWEI P40 series, HUAWEI Mate Xs, HUAWEI Mate 30 Pro or the latest HUAWEI Y5P and HUAWEI Y6P devices. UBI BANCA is enhancing its customers’ mobile banking experience on all HMS devices to ensure transactions can be carried out with ease and simplicity even on a smartphone. The app gives all users access to UBI Banca’s digital services at their fingertips so they can use them easily and intuitively with just one tap. You can view your account, make credit transfers, load prepaid cards and compile postal payment slips by photographing the bar code, all with perfect ease using your Huawei smartphone. It is extremely easy to use UBI Banca’s app. Just download it from the Huawei AppGallery, set your preferred mode of access and you can enter the world of UBI Banca services with a password, fingerprint or face recognition for a fast, reliable and secure customer experience. Also you can use the main functions such as viewing your balance or making a credit transfer even before you gain access to the app’s secure area. “We know it is essential for our customers to be able to manage all aspects of their finances and that is why we are making huge efforts to bring all the banking service apps most in demand from users onto our platform.
    [Show full text]
  • EMUI 9.0 Security Technical White Paper
    EMUI 9.0 Security Technical White Paper Issue 1.0 Date 2018-11-30 HUAWEI TECHNOLOGIES CO., LTD. Copyright © Huawei Technologies Co., Ltd. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied. Huawei Technologies Co., Ltd. Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: http://www.huawei.com PSIRT Email: [email protected] Issue 1.0 (2018-11-30) Huawei Proprietary and Confidential i Copyright © Huawei Technologies Co., Ltd. EMUI 9.0 Security Technical White Paper Contents Contents 1 Overview ......................................................................................................................................... 1 2 Hardware Security .......................................................................................................................
    [Show full text]
  • The App Development Roadmap 2020
    The App Development Roadmap 2020 What to consider when it comes to developing or commissioning a world-class app in 2020 and beyond. 1 Foreword What makes a great app? Fulfilling your customer’s need So what’s changing? As is the case with any digital and a great user experience are the two biggest traits economy, the app marketplace is constantly evolving your app needs to demonstrate, but there’s a lot more to with new trends, new rules, new tools and new players. think about as the fast moving app economy continues These constant changes impact the way you have to to evolve. Whether you’re launching or running an approach building, launching, marketing and maintaining existing app that is consumer facing or adding value to your app. This report will explore the important changes users within your business, there are a lot of questions that have taken place in 2019 and will continue to that you need to be asking when it comes to ensuring influence the world of app development in 2020 your app has a successful impact. and beyond. How can you ensure your app gets the prominent For anybody facing the increasingly challenging task position it deserves in the app store chart? How can of commissioning or running a successful app, The you be certain you’re providing a world-class user App Development Roadmap 2020 will serve as your experience? And how can you make sure users continue trusty guide when it comes to what to consider and to open and engage with your app instead of dropping how to think ahead to ensure your app is delivering off or, worse, removing it from their device? Which new on your business goals as well as generating a buzz technologies and middlewares are worth investing your and achieving strong downloads and increasing time in and which are worth bypassing completely? For engagement.
    [Show full text]
  • Aktion Gültig Vom 17.06. - 28.06
    Aktion gültig vom 17.06. - 28.06. SCHNÄPPCHEN FEIERN XIAOMI Mi Note 10 Lite Smartphone • Quad-Hauptkamera (64 MP + 8 MP + 5 MP + 2 MP) und 16 MP Frontkamera Preis mit • 128 GB Speicher und 6 GB Arbeitsspeicher 1) Vertrag • 5.260 mAh Akku mit 30 W fast charging • Fingerabdrucksensor Preis ohne Vertrag Art. Nr.: Nebula Purple 2651676 | Midnight Oderm): Black 2651678 359,- 12 Monate x 29,92 € green LTE 3 GB Aktion € 14.99 monatlich1) • 3GB Datenvolumen inkl. LTE OLED Display • Bis zu 21,6 Mbit/s maximale Bandbreite 16,4 cm / 6,4" • Flat Telefonie in alle deutschen Netze Farbauswahl Entspiegeltes39,62 Full cm HD / Display 15.6" ACER Aspire 3 (A315-56-3515) Notebook • Neuester Intel® Core™ i3-1005G1 Prozessor (bis zu 3,40 GHz mit Intel® Turbo-Boost-Technik 2.0, 4 MB Intel® Cache) • 8 GB Arbeitsspeicher • 512 GB SSD Speicher • Intel® UHD-Grafik • Microsoft® Windows® 10 im S-Modus vorinstalliertw) Art. Nr.: 2643468 33.25 12 1) Gilt bei gleichzeitigem Abschluss eines Mobilfunkvertrags im Tarif green LTE 3 GB Aktion im Mobilfunknetz der Vodafone. Mit Online-Rechnung, 24 Monate Mindestvertragslaufzeit, Anschlusspreis € 39,99. Der monatliche Paketpreis beträgt in den ersten 24 Monaten € 14,99, ab dem 25. Monat € 21,99. SMS kosten ab 19 Cent/SMS. Die Internet Flat enthält eine max. Bandbreite von 21,6 MBit/s. Nach Verbrauch eines Datenvolumens von 3 GB in einem Abrechnungszeitraum wird die Bandbreite auf max. 64 kbit/s (Download) und 64 kbit/s (Upload) beschränkt. Alle Preise inkl. gesetzl. MwSt. Anbieter: mobilcom-debitel GmbH, Hollerstr. 126, 24782 Büdelsdorf.
    [Show full text]
  • FAQ – Huawei Mate Pro 30 Najczęściej Zadawane Pytania
    FAQ – Huawei Mate Pro 30 najczęściej zadawane pytania 1. Jaki system operacyjny jest zainstalowany na telefonach Mate 30 Pro? Smartfon Huawei Mate 30 Pro działa na systemie operacyjnym Android 10, natomiast ekosystem telefonu oparty jest na autorskim rozwiązaniu Huawei Mobile Services (HMS) zapewniającym dostęp do usług i aplikacji własnych oraz partnerów. Instalowanie aplikacji odbywa się za pomocą sklepu AppGallery. Interfejsem użytkownika jest najnowsza nakłada systemowa EMUI 10.0, dobrze znana z pozostałych modeli Huawei. 2. Czy telefon będzie otrzymywać aktualizacje? Mate 30 Pro, tak samo jak inne telefony Huawei, będzie otrzymywał aktualizacje, dotyczy to zarówno aktualizacji oprogramowania, jak i aktualizacji bezpieczeństwa. 3. Czy Huawei Mate 30 Pro będzie miał preinstalowane aplikacje Google oraz środowisko GMS? Mate 30 Pro nie ma preinstalowanych aplikacji Google i usług GMS. Oznacza to, że ekosystemem dla telefonów Mate 30 Pro jest Huawei Mobile Services, odpowiednik Google Mobile Services. Pobieranie aplikacji możliwe będzie dzięki sklepowi Huawei AppGallery. 4. Czy dotychczas używane aplikacje będą dostępne na Mate 30 Pro? Najszybszą metodą jest przeniesienie swoich aplikacji za pomocą Phone Clone. Aplikacja Phone Clone jest preinstalowana na urządzeniach Huawei, jak również dostępna do pobrania z Google Play oraz AppStore w przypadku innych modeli. Odbywa się to w 3 prostych krokach: • Uruchomienie aplikacji Phone Clone na starym i nowym telefonie • Zaznaczenie elementów, które chcemy skopiować np. Aplikacje, kontakty, wiadomości, zdjęcia • Skopiowanie danych ze starego telefonu na nowy Nowe i alternatywne aplikacje możemy instalować z oficjalnego sklepu z aplikacjami AppGallery – oferta aplikacji dynamicznie się powiększa. Jeżeli aplikacja nie jest dostępna w AppGallery można ją pobrać z oficjalnej strony producenta aplikacji – np.
    [Show full text]
  • Huawei Pay Frequently Asked Questions (“Faqs”)
    Huawei Pay Frequently Asked Questions (“FAQs”) 1. What is Huawei Pay? Huawei Pay is a mobile payment service launched by Huawei. Huawei Pay allows on-the-go payments with phones capable of Near Field Communication (NFC), instead of using your physical ICBC cards. With Huawei Pay, you can make secured and convenient payments, simply by tapping your NFC-capable phone against a contactless payment terminal or card reader. To use Huawei Pay, simply download Huawei Wallet Application (“Wallet”) from Huawei AppGallery (“AppGallery”) and complete the registration process. 2. Does my phone support Huawei Pay or Access card? Among phones purchased outside of the Chinese mainland, the following models support Huawei Pay or Access card: HUAWEI Mate Xs, Mate X, Mate 40 Pro, Mate 30, Mate 30 Pro, PORSCHE DESIGN Mate 30 RS, Mate 20 X (5G), Mate 20, Mate 20 Pro, PORSCHE DESIGN Mate 20 RS, PORSCHE DESIGN Mate RS, Mate 10, Mate 10 Pro, PORSCHE DESIGN Mate 10, Mate 9, Mate 9 Pro, PORSCHE DESIGN Mate 9 HUAWEI P40, P40 Pro, P40 Pro+, P30, P30 Pro, P20, P20 Pro, P10, P10 Plus HUAWEI nova 7 5G HONOR 30 Pro+, HONOR 30, HONOR View30 Pro, HONOR 10, HONOR View10, HONOR 9, HONOR 8 Pro Among phones purchased in the Chinese mainland, the following models support Huawei Pay or Access card: HUAWEI Mate Xs, Mate X, Mate 40 Pro, Mate 30, Mate 30 Pro, PORSCHE DESIGN Mate 30 RS, Mate 20, Mate 20 Pro, PORSCHE DESIGN Mate 20 RS HUAWEI P40, P40 Pro, P40 Pro+, P30, P30 Pro Before using Huawei Pay or Access card, ensure that you have updated your phone and Wallet to the latest version.
    [Show full text]
  • HUAWEI Mobile Services (HMS) Security Technical White Paper
    HUAWEI Mobile Services (HMS) Security Technical White Paper Issue V1.0 Date 2020-05-19 Huawei Device Co., Ltd. Secure and Trustworthy HUAWEI Mobile Services (HMS) Huawei Device Co., Ltd. Address: No.2 of Xincheng Road, Songshan Lake Zone, Dongguan, Guangdong, P.R. China Website: https://consumer.huawei.com/en/ PSIRT Email: [email protected] Fax: +86-0769-23839866 Issue V1.0 (2020-03-31) Copyright © Huawei Device Co., Ltd. i HUAWEI Mobile Services (HMS) Security Technical White Paper Contents Contents 1 Introduction ..................................................................................................................... 1 Security & Privacy Protection Are Huawei's Top Priorities ................................................................................ 2 2 Chip-based Hardware and OS Security ........................................................................ 4 Security Chip Integrated into the Kirin Processor .............................................................................................. 4 Sensitive Personal Data Processed in Secure Encrypted Zones...................................................................... 5 EMUI Security Hardening & Enforced Management ......................................................................................... 6 3 Secure Service Access ................................................................................................... 7 Password Complexity .......................................................................................................................................
    [Show full text]
  • EMUI 11.0 Security Technical White Paper
    EMUI 11.0 Security Technical White Paper Issue 1.0 Date 2020-11-30 EMUI 11.0 Security Technical White Paper Contents Contents 1 Overview ........................................................................................................................... 1 Introduction ......................................................................................................................................................... 1 EMUI Security ..................................................................................................................................................... 2 2 Hardware Security ............................................................................................................. 5 Secure Boot ......................................................................................................................................................... 5 Hardware Encryption/Decryption Engine and RNG ................................................................................................. 6 HUK ................................................................................................................................................................... 7 Device Group Key ................................................................................................................................................ 7 Device Attestation ................................................................................................................................................ 7 Secure Element*
    [Show full text]
  • Huawei Matepad 11 - Premierowa Recenzja Tabletu Z Harmonyos
    Huawei MatePad 11 - premierowa recenzja tabletu z HarmonyOS Wpisany przez Maksym Słomski Środa, 04 Sierpień 2021 11:00 Tablet z HarmonyOS. Huawei konsekwentnie rozwija swój ekosystem produktów wykorzystujących oprogramowanie HarmonyOS. Nie ukrywam, że moje zainteresowanie tym oprogramowaniem rozbudził pracujący pod jego kontrolą zegarek Huawei Watch 3 Pro Elite . Nazwałem go w swojej recenzji smartwatchem niemal doskonałym i zdanie to podtrzymuję. Przyznam, że z nieco mniejszym entuzjazmem, choć ze sporą dozą ciekawości podszedłem do recenzji tabletu Huawei MatePad 11. Entuzjazm nie był ekstremalnie duży, bo wydawało mi się, że wszystkie tablety poza iPadem Pro umrą w końcu śmiercią naturalną. Szczerze: nigdy nie byłem wielkim miłośnikiem tabletów. Z ciekawością, gdyż byłem ciekaw, jak HarmonyOS spisuje się na sprzęcie z 11-calowym ekranem. Po dwóch tygodniach spędzonych z Huawei MatePad 11 stwierdzam, że to jeden z najciekawszych tabletów, jakie miałem w dłoniach, choć do ideału trochę mu brakuje. Huawei MatePad 11 - specyfikacja Huawei MatePad 11 otrzymałem w minimalistycznym, kompaktowym, schludnym i ładnie zadrukowanym opakowaniu. Wewnątrz znalazłem ładowarkę o mocy 22,5 W, przewód USB-A - USB-C oraz przejściówkę z USB-C do jack 3.5 mm, która zdradza pierwszy drobny mankament urządzenia: nie wyposażono go w złącze audio. Swoją drogą, czy niemal wszyscy nie przerzucili się już na słuchawki bezprzewodowe? Dajcie znać w sekcji komentarzy. Wraz z tabletem nadesłano mi komplet akcesoriów, które znacząco zwiększają spektrum zastosowań urządzenia. I tak, równolegle sprawdzałem możliwości Huawei Smart Magnetic Keyboard, czyli etui magnetycznego z klawiaturą, rysika Huawei M-Pencil oraz myszki Huawei Bluetooth Mouse. Dysponując powyższymi miałem czasem wrażenie, że korzystam z laptopa z 1 / 9 Huawei MatePad 11 - premierowa recenzja tabletu z HarmonyOS Wpisany przez Maksym Słomski Środa, 04 Sierpień 2021 11:00 ekranem dotykowym.
    [Show full text]
  • 1 Data Appendix B
    Data Appendix B: Articles used for the coding process In this document, I have bundled the articles used as input for the coding process in Atlas.Ti. I have bundled interviews with Huawei CEOs and rotating chairmen, articles from U.S. based technology websites and articles from Chinese based technology websites. I started the data collection process by looking up trustworthy and popular U.S. based technology websites using Detailed.com and Get.Tech. Following the most popular website mentioned on Detailed.com – TheVerge – I started browsing to this website and I subsequently entered the key search terms as mentioned in the Thesis document. I scanned articles that either discussed Huawei’s platform expulsion from the Android platform or Huawei’s competitive response following the ban. When articles referred to other websites, I used mediabiasfactcheck.com as a tool to judge the objectivity of reporting of the respective websites. For example, this article of TheVerge contains the original source from Reuters, so I used mediabiasfactcheck.com to ensure that the original Reuters source was of high quality. Using this website, I found that Reuters scored very high on “Factual Reporting” and is considered one of the “least biased” websites. However, not all websites listed below could be found on mediabiasfactcheck.com, so I aimed to triangulate the data of sources by using multiple data sources that covered the same topic but described it from a different perspective. For example, most Chinese sources could not be traced by mediabiasfactcheck.com and in general, it is very hard to find if Chinese sources are trustworthy and of high quality.
    [Show full text]
  • Unavailability of Sc Mobile App on Huawei Appgallery and Alternative Login Solutions
    PUBLIC NOTIFICATION – UNAVAILABILITY OF SC MOBILE APP ON HUAWEI APPGALLERY AND ALTERNATIVE LOGIN SOLUTIONS Please be informed that Huawei devices will not have access to Google services and apps such as Maps and YouTube, Google Play Store or Google Assistant. This will result in inconveniences to our Huawei Android device clients who wish to access the SC Mobile App. However, should there be any positive developments on this, we will be sure to keep our clients updated. Please find below a short FAQ for alternative solutions to access Online Banking What are the alternative solutions for Huawei device clients? 1. Is the SC Mobile App available on the Huawei AppGallery? No. 2. When will Standard Chartered Bank Malaysia make the SC Mobile App available on the Huawei AppGallery? There are no plans at this time to make the SC Mobile App available. 3. Is the SC Mobile App available in other countries’ Huawei AppGallery? Yes, but we do not recommend that you download those versions if you are a Standard Chartered Bank Malaysia Berhad client. 4. What alternative solutions are there for Huawei device owners? • You can access Online Banking via a desktop / laptop browser • You can access Online Banking via the smartphone web browser 5. I have recently changed my smartphone to a Huawei device, now I am not able to login to Online Banking because I’m asked to authenticate my login with SC Mobile Key (that I installed on my previous device) We will deactivate your SC Mobile Key, thereafter you will be able to login. Please note that you are unable to perform transactions of RM10,000 and above without SC Mobile Key authentication.
    [Show full text]