+

WO2018149110A1 - Appareil et procédé de protection de clé - Google Patents

Appareil et procédé de protection de clé Download PDF

Info

Publication number
WO2018149110A1
WO2018149110A1 PCT/CN2017/099285 CN2017099285W WO2018149110A1 WO 2018149110 A1 WO2018149110 A1 WO 2018149110A1 CN 2017099285 W CN2017099285 W CN 2017099285W WO 2018149110 A1 WO2018149110 A1 WO 2018149110A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
key
execution
secure
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/099285
Other languages
English (en)
Chinese (zh)
Inventor
翟征德
申宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2018149110A1 publication Critical patent/WO2018149110A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present application relates to the field of network security technologies, and in particular, to a key protection method and apparatus.
  • Virtualization technology is one of the key technologies in the field of cloud computing. It can virtualize the physical resources of a physical computer into multiple virtual machines (VMs). For example, the virtualization platform of Virtual Machine Monitor (VMM) can be used. The physical resources are provided to each virtual machine in the form of a virtual resource pool. Different virtual machines respectively run different operating systems (OSs) for allocation to multiple users, and virtual machines share physical resources of physical computers. .
  • OSs operating systems
  • a cloud service provider can provide cloud service services to a large number of users and allocate virtual machines to users.
  • users typically use keys in conjunction with corresponding key algorithms to protect user data or complete critical business steps.
  • the user's data needs to be encrypted by the key in the cloud server.
  • the user application needs to use the key to decrypt the data, and the new data generated by the decrypted data processing is also encrypted and stored.
  • a big data analytics system on a secure cloud typically requires the use of cryptographic keys to protect the confidentiality of message data between nodes and the use of integrity keys to provide message integrity protection.
  • the underlying software of the OS and VMM is generally provided by a cloud service provider (CSP) and under the control of a cloud service provider.
  • CSP cloud service provider
  • the OS and VMM running on the privileged level on the cloud server can freely access the process space of the user application, including the key used by the user.
  • a malicious administrator of a cloud service provider may steal a key used by a user application through a management tool or an administrative domain.
  • the malicious virtual machine may also attack other virtual machines on the same physical server by technical means to steal the key used by the user application.
  • hackers may also use VMM, OS security vulnerabilities to invade cloud servers and steal keys used by user applications.
  • the present application provides a key protection method and apparatus, which can reduce the security threat caused by the privilege level software in the server to the user key.
  • the application provides a key protection method, including:
  • the user application When initiating an operation using the user key, the user application acquires a key identifier corresponding to the user key to be used to be added to the operation parameter set corresponding to the operation using the user key;
  • the key store is stored in the secure execution space; the user application runs in a server, the secure execution space is pre-established in the server, and the secure execution space is configured to block a privilege level External access to the code.
  • the user key and the process of performing the cryptographic operation are all encapsulated in the secure execution space, and the external user application uses the key identifier instead of the user key to initiate the cryptographic operation, so that the user key
  • the process of performing cryptographic operations is invisible to privileged software such as operating systems and virtual machine monitors, thereby reducing the security threats posed by privileged software in the cloud server to user keys.
  • the user application passes the operation parameter set to the execution node in the secure execution space through a preset interface, including:
  • the user application invokes an access function configured in the execution node to pass the operation parameter set as a function parameter to the execution node after verifying access rights through the preset interface.
  • the execution node is equivalent to an external function that can be called for the user application, and the preset interface can block the call of the program (including the privilege level code) that blocks the access permission by using the access authority, and utilize the function calling mechanism. Integrating the data transfer process and the access authority verification process helps to improve the efficiency of logical processing in the process of user application performing cryptographic operations through the execution node
  • the operation parameter set includes a subset of operations for defining an operation rule and a subset of parameters for carrying the operation data
  • the user application passes the operation parameter set to the security through a preset interface.
  • Execution nodes within the execution space including:
  • the user application receives a data identifier from the execution node
  • the temporary storage flag can be set in the operation parameter set, and the execution node can store the operation result when receiving the temporary storage mark and return the data identifier of the replacement operation result, so that the user can use the operation parameter set including the temporary storage mark.
  • the execution node can extract the stored operation result and use it for the cryptographic operation when receiving the data identifier, so that the user can extract the stored data using the operation parameter set including the data identifier.
  • the method before the user application passes the operation parameter set to the execution node through a preset interface, the method further includes:
  • the user application interacts with the execution node to establish a secure channel between the client and the execution node, so that the user: through the security Transmitting, by the channel, key information to the execution node, to complete the secret in the secure execution space by the execution node according to a mapping relationship between a user key and a key identifier included in the key information.
  • the configuration of the keystore is a secure channel between the client and the execution node, so that the user: through the security Transmitting, by the channel, key information to the execution node, to complete the secret in the secure execution space by the execution node according to a mapping relationship between a user key and a key identifier included in the key information.
  • the privacy and integrity of the communication data can be protected during the communication between the UE and the secure execution space, and the server including the OS and the VMM is avoided.
  • the program steals the user's secret data from the transmission data stream, for example, in the process of transmitting the key information to the execution node through the secure channel, the protection key information is not stolen or tampered by the intermediate node of the data transmission, thereby Security protection means combine to implement key protection in a cloud service scenario.
  • the method further includes:
  • the user application acquires a hash value of data in a preset range of the secure execution space by using the execution node, where The data within the preset range includes all executable code in the secure execution space;
  • At least the client can remotely confirm the integrity of all executable code in the secure execution space (including confirming whether the executable code is all User-configured, and executable code is maliciously deleted or tampered with to protect the security of the user's key.
  • the method before the user application interacts with the execution node to establish a secure channel between the client and the execution node, the method further includes:
  • the user application creates a secure execution space in the server
  • the user application injects data corresponding to the execution node into the secure execution space to complete configuration of the execution node in the secure execution space.
  • the execution node can be created as additional code of the user application, thereby restricting data transfer between the execution node and the user application within the same program, which not only facilitates the elimination of the program interface required for data transfer between programs.
  • the setting also helps to eliminate the security risks caused by data transfer between programs.
  • the application further provides a key protection method, including:
  • the client sends a key identifier of the at least one user key to the server, so that the first user application running in the server can obtain the user key corresponding to the user key to be used when initiating the operation using the user key.
  • the first user application is configured to add the obtained key identifier to an operation parameter set corresponding to the operation using the user key, and transmit the operation parameter set to the secure execution space through a preset interface.
  • the execution node is configured to: in the secure execution space, acquire a user key corresponding to the key identifier from a keystore, and perform an operation corresponding to the operation parameter set by using the obtained user key And returning an execution result to the first user application;
  • the key store is stored in the secure execution space; the secure execution space is pre-established in the server, the secure execution space being configured to be able to block external access of privileged level code.
  • the method further includes:
  • the user end interacts with the execution node by using a second user application running in the server to establish security between the client and the execution node.
  • the user end interacts with the client by using a second user application running in the server to establish a secure channel between the client and the execution node, including:
  • the UE obtains a common key by key negotiation with the execution node to establish a secure channel for performing encrypted communication using the shared key.
  • the method before the user sends the key information to the execution node through the secure channel, the method further includes:
  • the client blocks the transmission of the user key to the server before the integrity check is passed.
  • the user terminal sends a third operation instruction to the execution node by using the secure channel when the security risk level of the security execution space is higher than or equal to a preset level, so that the execution node is in the security execution space.
  • the keystore is encrypted and stored in a memory of the server, and returns data for reading the keystore and decrypting the keystore through the secure channel;
  • the fifth operation instruction is configured to obtain an encrypted keystore in a memory of the server according to the address identifier, and decrypt the encrypted keystore by using the decryption key to decrypt the decrypted keystore. Configured in the secure execution space.
  • the user end creates a secure execution space by using a third user application running in the server;
  • the user end injects into the secure execution space by using a third user application running in the server Executing data corresponding to the node to complete configuration of the execution node in the secure execution space.
  • the present application further provides a key protection method for an execution node configured in a secure execution space; wherein the secure execution space is established in a server, and the secure execution space is configured to block privilege External access to the level code; the method includes:
  • the execution node receives an operation parameter set that is transmitted by the user application through a preset interface, where the operation parameter set includes a key identifier corresponding to a user key to be used;
  • the execution node returns the execution result to the user application.
  • the method before the execution node obtains the user key corresponding to the key identifier from the keystore, the method further includes:
  • the execution node interacts with the client to establish a secure channel between the client and the execution node;
  • the executing node completes the configuration of the keystore in the secure execution space according to the mapping relationship between the user key and the key identifier.
  • the method before the receiving node receives the key information sent by the UE by using the secure channel, the method further includes:
  • the execution node acquires a hash value of data within a preset range of the secure execution space, and the data in the preset range includes all executable code in the secure execution space;
  • the executing node sends the hash value to the user end, so that the user end: performs integrity check on the data in the preset range according to the hash value, and performs integrity check. By blocking the transmission of the user key to the server before.
  • the method further includes: the executing node receiving the source through the secure channel User instructions of the client; and,
  • the execution node blocks user instructions other than the secure channel when the user instruction is the first operation instruction
  • the executing node checks the security execution space to send the obtained verification report to the user terminal through the secure channel;
  • the execution node deletes a predetermined part of the secret data or all the secret data in the secure execution space;
  • the execution node When the user instruction is the fourth operation instruction, the execution node encrypts and stores the keystore in the secure execution space into the memory of the server, and returns to the client through the secure channel. Read keystore And data that decrypts the keystore;
  • the execution node acquires an encrypted keystore in a memory of the server according to the address identifier, and uses the decryption key
  • the encrypted keystore is decrypted to configure the decrypted keystore in the secure execution space.
  • the operational parameter set includes a subset of operations for defining an operational rule and a subset of parameters for carrying operational data
  • the execution node performing the secure execution using the obtained user key Performing an operation corresponding to the operation parameter set in the space to obtain an execution result includes:
  • the execution node When it is detected that the operation parameter set further includes a temporary storage mark, the execution node stores the operation result in the security execution space, and allocates a corresponding data identifier to the stored operation result;
  • the executing node returns the execution result to the user application, including:
  • the execution node returns the data identification to the user application.
  • the execution node when the parameter subset includes at least one data identifier, acquires an operation result corresponding to the at least one data identifier in the secure execution space, and uses the acquired The operation result is calculated according to the operation subset and the parameter subset to obtain an operation result.
  • the operation parameter set further includes an instruction identifier and input data; the execution node performs an operation corresponding to the operation parameter set in the secure execution space using the acquired user key to Get execution results, including:
  • the execution node determines an operation instruction function corresponding to the instruction identifier; wherein the operation instruction function and the instruction identifier are mutually arranged in an operation instruction library in the secure execution space;
  • the execution node inputs the input data and the acquired user key into the operation instruction function to obtain an execution result.
  • the execution node is configured with an access function, and the execution node receives the operation parameter set transmitted by the user application through the preset interface, including:
  • the execution node After the user application invokes the access function to verify the access authority of the preset interface, the execution node receives the operation parameter set as a function parameter through the access function.
  • the application further provides a key protection apparatus, which is applied to a user application running in a server, where the apparatus includes:
  • the first obtaining module when initiating an operation using the user key, acquires a key identifier corresponding to the user key to be used, to be added to the operation parameter set corresponding to the operation using the user key;
  • a delivery module configured to pass the operation parameter set to an execution node in a secure execution space through a preset interface, so that the execution node is in the secure execution space: obtaining the key from the keystore Identifying a corresponding user key, performing an operation corresponding to the operation parameter set by using the obtained user key, and returning an execution result;
  • the key store is stored in the secure execution space; the user application runs in a server, the secure execution space is pre-established in the server, and the secure execution space is configured to block a privilege level External access to the code.
  • the delivery module includes:
  • a calling unit configured to invoke an access function configured in the execution node to access the preset interface
  • the operation parameter set is passed as a function parameter to the execution node.
  • the operational parameter set includes a subset of operations for defining an operational rule and a subset of parameters for carrying operational data;
  • the delivery module includes:
  • a first transfer unit configured to pass, by the preset interface, an operation parameter set including the temporary storage tag to the execution node, so that the execution node is in the secure execution space: according to the operation
  • the set and the parameter subset are operated to obtain an operation result, and the operation result is stored in the security execution space, and the corresponding data identifier is allocated to the stored operation result, and the data identifier is returned;
  • a receiving unit configured to receive a data identifier from the execution node
  • a second transfer unit configured to pass, by the preset interface, a set of operation parameters including the data identifier in the parameter subset to the execution node, so that the execution node is in the secure execution space:
  • the operation result corresponding to the data identifier is obtained in the secure execution space, and the operation result is obtained according to the operation subset and the parameter subset using the obtained operation result to obtain the operation result.
  • the device further includes:
  • the secure channel sends the key information to the execution node to complete, by the execution node, the security execution space according to a mapping relationship between the user key and the key identifier included in the key information.
  • the configuration of the keystore is
  • the device further includes:
  • a second acquiring module configured to acquire, by the execution node, a hash of data in a preset range of the secure execution space before the user end sends the key information to the execution node by using the secure channel a value, the data in the preset range includes all executable code in the secure execution space;
  • a sending module configured to send the hash value to the user end, so that the user end: performs integrity check on the data in the preset range according to the hash value, and performs integrity verification The transmission of the user key to the server is blocked before the pass.
  • the device further includes:
  • a creating module configured to create a secure execution space in the server before the establishing module interacts with the executing node to establish a secure channel between the client and the executing node;
  • an injection module configured to inject data corresponding to the execution node into the secure execution space to complete configuration of the execution node in the secure execution space.
  • the application further provides a key protection device, which is applied to a client, and includes:
  • a first sending module configured to send a key identifier of the at least one user key to the server, so that the first user application running in the server can obtain and use the operation when using the user key Key identifier corresponding to the user key;
  • the first user application is configured to add the obtained key identifier to an operation parameter set corresponding to the operation using the user key, and transmit the operation parameter set to the secure execution space through a preset interface.
  • the execution node is configured to: in the secure execution space, acquire a user key corresponding to the key identifier from a keystore, and perform an operation corresponding to the operation parameter set by using the obtained user key And returning an execution result to the first user application;
  • the key store is stored in the secure execution space; the secure execution space is pre-established in the server, the secure execution space being configured to be able to block external access of privileged level code.
  • the device further includes:
  • a second sending module configured to send, by using the secure channel, key information to the execution node, to perform, according to the mapping relationship between the user key and the key identifier included in the key information by the executing node
  • the configuration of the keystore is completed within the secure execution space.
  • the establishing module is further configured to obtain a common key by key negotiation with the execution node to establish a secure channel for performing encrypted communication using the shared key.
  • the device further includes:
  • a verification module configured to complete, by the execution node, data in a preset range of the secure execution space, before the second sending module sends the key information to the execution node by using the secure channel a verification, the data in the preset range includes all executable code in the secure execution space;
  • a blocking module that blocks the sending of a user key to the server before the integrity check passes.
  • the apparatus further includes a third sending module, wherein the third sending module is configured to interact with the executing node by using the second user application running in the server by the establishing module to establish After the secure channel between the client and the execution node:
  • the report is sent to the client through the secure channel;
  • the device further includes:
  • a creating module configured to pass through the server before the establishing module interacts with the executing node by using a second user application running in the server to establish a secure channel between the client and the executing node
  • the third user application running creates a secure execution space
  • an injection module configured to inject data corresponding to the execution node into the secure execution space by a third user application running in the server, to complete configuration of the execution node in the secure execution space.
  • the present application further provides a key protection apparatus for an execution node configured in a secure execution space; wherein the secure execution space is established in a server, and the secure execution space is configured to block privilege External access to the level code; the device includes:
  • a first receiving module configured to receive an operation parameter set that is sent by the user application through a preset interface, where the operation parameter set is associated with a key identifier corresponding to the user key to be used;
  • a first acquiring module configured to acquire a user key corresponding to the key identifier from a keystore; wherein the keystore is stored in the secure execution space;
  • An execution module configured to perform an operation corresponding to the operation parameter set in the secure execution space by using the obtained user key to obtain an execution result
  • the device further includes:
  • Establishing a module configured to interact with the user end to establish security between the user end and the execution node before the first obtaining module acquires the user key corresponding to the key identifier from the keystore channel;
  • a second receiving module configured to receive the key information sent by the user end by using the secure channel, where the key information includes a mapping relationship between the user key and the key identifier;
  • a configuration module configured to complete configuration of the keystore in the secure execution space according to a mapping relationship between the user key and a key identifier.
  • the device further includes:
  • a second acquiring module configured to acquire a hash value of data in a preset range of the secure execution space before the second receiving module receives the key information sent by the user end by using the secure channel, where The data within the preset range includes all executable code in the secure execution space;
  • a sending module configured to send the hash value to the user end, so that the user end: performs integrity check on the data in the preset range according to the hash value, and performs integrity verification The transmission of the user key to the server is blocked before the pass.
  • the apparatus further includes a third receiving module, the third receiving module is configured to interact with the user end at the establishing module to establish the user end and the executing node After the secure channel: receiving user commands from the client over the secure channel; and,
  • the user instruction is a fifth operation instruction including an address identifier and a decryption key
  • acquiring an encrypted keystore in a memory of the server according to the address identifier and encrypting the encrypted key pair
  • the keystore is decrypted to configure the decrypted keystore in the secure execution space.
  • the set of operational parameters includes a first subset for defining operational rules and a subset of parameters for carrying operational data
  • the execution module comprising:
  • An execution unit configured to perform an operation according to the operation subset and the parameter subset to obtain an operation result
  • a storage unit configured to store the operation result in the secure execution space when the operation parameter set is further included in the operation parameter set, and allocate a corresponding data identifier to the stored operation result
  • the returning module is further configured to return the data identifier to the user application.
  • the execution unit is further configured to:
  • the execution node acquires an operation result corresponding to the at least one data identifier in the secure execution space, and uses the obtained operation result according to the operator
  • the set and the subset of parameters are operated to obtain an operation result.
  • the operation parameter set further includes an instruction identifier and input data;
  • the execution module includes:
  • a determining unit configured to determine an operation instruction function corresponding to the instruction identifier; wherein the operation instruction function and the instruction identifier are respectively arranged in an operation instruction library in the safety execution space;
  • an input unit configured to input the input data and the obtained user key into the operation instruction function to obtain an execution result.
  • an access function is configured in the execution node; the first receiving module is further configured to:
  • the execution node After the user application invokes the access function to verify the access authority of the preset interface, the execution node receives the operation parameter set as a function parameter through the access function.
  • the key protection method and apparatus provided by the embodiments of the present application can encapsulate the user key and the process of performing the cryptographic operation in the secure execution space, and the external user application uses the key identifier instead of the user key to initiate the cryptographic operation.
  • the process of making user keys and performing cryptographic operations is invisible to privileged software such as operating systems and virtual machine monitors, thereby reducing the security threats caused by privileged software in the cloud server to user keys, and effectively protecting user data. And the integrity of the user's business.
  • FIG. 1 is a schematic structural diagram of a cloud service according to an embodiment of the present application.
  • FIG. 2 is a flowchart of a key protection method according to an embodiment of the present application.
  • FIG. 3 to FIG. 6 are schematic diagrams showing a process of establishing a secure execution space in a key protection method according to an embodiment of the present application
  • FIG. 7 is a structural block diagram of a key protection apparatus according to an embodiment of the present application.
  • FIG. 8 is a structural block diagram of a key protection apparatus according to still another embodiment of the present application.
  • FIG. 9 is a structural block diagram of a key protection apparatus according to still another embodiment of the present application.
  • FIG. 10 is a schematic structural diagram of a computer device according to an embodiment of the present application.
  • the network architecture and the service scenario described in the embodiments of the present application are for the purpose of more clearly explaining the technical solutions of the embodiments of the present application, and do not constitute a limitation of the technical solutions provided by the embodiments of the present application. With the evolution of the network architecture and the emergence of new service scenarios, the technical solutions provided by the embodiments of the present application are equally applicable to similar technical problems.
  • FIG. 1 is a schematic structural diagram of a cloud service according to an embodiment of the present application.
  • the user 110 can log in to a virtual machine (VM) through a network connection between the user equipment and the cloud server 140 through a client running on a user equipment such as the personal computer 120 or the portable terminal 130.
  • VM virtual machine
  • the physical resources of the cloud server are used by the operating system (OS) running on the virtual machine and the application.
  • OS operating system
  • the user accesses the cloud server through the user terminal.
  • the user can apply for the cloud service service, apply for the virtual machine, and apply for resetting the VM OS login password.
  • the client can be based on, for example, WebPortal, IOS. Android, as well as platforms for Windows and more.
  • the user equipment can be installed on the user equipment, and the user equipment involved in the present application can include various communication devices, vehicle devices, wearable devices, computing devices, or other processing devices connected to various types of networks, and Various forms of user equipment (User Equipment, UE for short), mobile station (Mobile Station, MS for short), terminal equipment (Terminal Equipment) and so on. For convenience of description, in the present application, these devices are collectively referred to as user devices.
  • the user equipment may be any physical device different from the physical device where the security execution space is located, and may be not only a device actually controlled by a user of the cloud service service, but also a computing service provider (such as a cloud service). Provider) The device that is actually controlled and may not be limited to this.
  • Cloud server Can be used to provide physical resources for various types of server devices.
  • the cloud server runs a virtual machine monitor (VMM), which is a program between the operating system and the physical hardware in the cloud server, and the VMM can virtualize the physical resources into multiple Virtual machines.
  • a virtual machine is a virtual computer, or a logical computer.
  • the VMM can isolate and manage multiple virtual machines running at the upper layer, arbitrate their access to physical hardware, and virtualize a virtual hardware environment (including processor, memory, input and output devices) that is independent of the actual hardware for each virtual machine. and many more).
  • a VMM in the cloud server 140 virtualizes a physical resource into a plurality of virtual machines, where one virtual machine is a virtual machine leased by the user 110, and the virtual machine is installed with a cloud service provider (CSP).
  • CSP cloud service provider
  • the operating system is provided such that the user 110 can be based on a network between the personal computer 120 or the portable terminal 130 and the cloud server 140. Communication uses the various applications installed on the operating system.
  • the user 110 runs an application of the video player on the operating system of the virtual machine based on network communication between the portable terminal 130 and the cloud server 140, and the video player uses the virtual hardware environment of the virtual machine under user instruction.
  • the provided physical resources sequentially complete the processes of video file loading, video decoding, and video stream output, and the output video stream is transmitted to the portable terminal 130 through the network, so that the portable terminal 130 plays the received video stream to implement the video file of the video player. Play.
  • the running environment of the video player is provided by the virtual machine on the cloud server 140, and the processes such as video file loading, video decoding, and video stream output are actually performed by the physical hardware of the cloud server 140 by executing computer instructions. Completed.
  • the portable terminal 130 is primarily responsible for providing user input and user output, as well as for network communication with virtual machines on the cloud server 140.
  • the programs, applications, services, and the like available to the user running on the operating system of the virtual machine are collectively referred to as user applications.
  • the video file stored on the cloud server 140 belongs to the private data of the user 110, and the data security, encryption, and decryption keys can be secured by means of pre-encryption and decryption. All are user keys private to the user 110. It is worth noting that the process of decrypting the video file occurs in the cloud server 140, so before this the user 110 needs to provide the cloud server 140 with a user key for decryption, for example, the user key and the video file are previously Corresponding storage in the cloud server 140.
  • the cloud service provider will configure the hardware security module (HSM) to encrypt the user key, protect the user key by storing the user key in ciphertext, and then decrypting it by hardware. .
  • HSM hardware security module
  • HSM does not eliminate the security threats posed by privileged software on cloud servers.
  • a user application uses physical resources for encryption or decryption, the data in the external and internal memory is visible to the underlying software running on the privilege level, such as the operating system and the virtual machine monitor.
  • the operating system or virtual machine monitor can easily steal the user key that the user application uses when encrypting or decrypting.
  • FIG. 2 is a flowchart of a key protection method provided by an embodiment of the present application.
  • the key protection method can be applied to the cloud service architecture shown in FIG. 1 to reduce the privilege level in the cloud server.
  • the security threat that the software poses to the user's key Referring to Figure 2, the method includes:
  • Step 201 The UE sends a key identifier of at least one user key to the server.
  • the user key in this embodiment refers to data that is private to the user and used mainly during encryption and decryption, and can be represented by characters or numbers.
  • the key identifier in this embodiment may be any identifier data that can distinguish each user key from each other, such as a key name (such as "RSA signature key"), and a storage location of the key in the user equipment.
  • the key identifier will be transmitted in the insecure data path instead of the user key.
  • the body that establishes the correspondence between the user key and the key identifier may be, for example, a third party server, a client, an application, the user itself, or a combination thereof.
  • the smaller the amount of data identified by the key the better the efficiency of the related processing and transmission processes.
  • the UE sends a mapping table to the server through the network interface, where the mapping table records the mapping relationship between the key identifier used by the virtual machine and the key identifier of the at least one user key.
  • the user application running on the virtual machine can obtain the corresponding key identifier according to the key identifier.
  • Step 202 When initiating an operation using the user key, the user application acquires a key identifier corresponding to the user key to be used.
  • the operation using the user key may be, for example, symmetric encryption, asymmetric encryption, symmetric decryption, asymmetric decryption, signature, signature verification, key consensus operation, Message Authentication Code (MAC) operation, or The combination of at least two of them, etc., is conveniently referred to as cryptographic operations.
  • each cryptographic operation corresponds to an operational parameter set, and the operational parameter set includes a key identifier corresponding to the user key to be used.
  • the operation parameter set (key_1, key_3) may be preset to correspond to the following cryptographic operation: the user key "0xA4B790" is encrypted by the default algorithm using the user key "C1DB921F", and the operation result is the encrypted data. .
  • a person skilled in the art can set the number of elements of the operation parameter set and the meaning of the parameter represented by each element according to the cryptographic operation to be implemented, for example, setting the third element to represent the type of the algorithm used, and setting the fourth
  • the elements represent the first input data and the like, and the application is not limited.
  • the user application obtains the key identifier instead of the user key in this step, which means that the user application does not need to obtain the plaintext user key when initiating the cryptographic operation.
  • the video player as the user application needs to load the encrypted video file stored in the server, so the video player can look up the key identifier based on the external memory decryption key in the above-mentioned mapping table from the client.
  • the corresponding key identifier is "key_2"
  • the acquisition of the key identifier corresponding to the user key to be used is completed without acquiring the corresponding user key "0xC4BE17F".
  • the key identifier on the server may be derived from any one of the foregoing network devices, and the user application may obtain the key identifier in other manners. Moreover, the user application may obtain the corresponding key identifier when initiating the cryptographic operation, that is, in other possible designs, the key identifier of the at least one user key does not have to be stored on the server.
  • the user can store the user key on a trusted third-party server, and the third-party server assigns a key identifier to each user key, so that the user can log in from the virtual machine through the user application.
  • the third-party server obtains the key identifier.
  • the specific method may be that the user application downloads the mapping table from the third-party server, or the user application obtains the corresponding key identifier through the third-party server when initiating the operation.
  • Step 203 The user application passes the operation parameter set to the execution node through a preset interface.
  • the execution node is configured in a secure execution space.
  • the secure execution space refers to a program code pre-established on the server that can block privilege level code (for example, privilege levels RING0, RING1 and RING2, including but not limited to operating system and virtual machine monitor).
  • privilege level code for example, privilege levels RING0, RING1 and RING2, including but not limited to operating system and virtual machine monitor.
  • a special space for external access where the secure execution space can store data, configure program code, and accommodate the execution of computer instructions.
  • the above function capable of preventing external access of the privilege level code may be that the secure execution space is provided after the establishment, and It is configured to be turned on and off under an external control command, or is always turned on during the life cycle, and this application does not limit this.
  • the above preset interface is configured to allow access to the secure execution space from the outside.
  • the secure execution space is configured to allow only internal code (such as the above-described execution nodes) and a portion of the underlying CPU instructions (corresponding to the aforementioned preset interfaces) to be accessed, thus all privilege level code (including operating system and virtual)
  • the machine monitor cannot access the secure execution space from outside by means other than the preset interface.
  • the data in the secure execution space in the memory is encrypted, and the plaintext data cannot be obtained by directly reading the data from the memory.
  • the preset interface is configured to be able to verify the access authority of the calling source when called, and pass the data passed by the calling source request to the execution node in the secure execution space when the verification passes, to trigger the corresponding operation of the execution node.
  • Step 204 The execution node receives an operation parameter set that is transmitted by the user application through the preset interface.
  • the execution node is code configured in the secure execution space, has unrestricted access to data in the secure execution space, and is protected by the secure execution space, and the code itself and the execution process of the code are invisible to the external program. .
  • the preset interface is configured on the boundary of the secure execution space, and is mainly used to transfer external data to the execution node of the secure execution space.
  • the access node is configured with an access function, and the entry address of the access function is located in the protected memory space of the secure execution space, so the call access function needs to enter the secure execution space.
  • the user application calls the operation parameter set as a function parameter to call the access function in the execution node.
  • the preset interface detects the call of the access function, it verifies whether the program calling the access function is Have access to the secure execution space, and when determining that the verification fails, replace the entry address of the requested access function with the entry address of the abort function, so that the program calling the access function stops running to prevent the access failure.
  • the access verification program accesses the secure execution space.
  • the preset interface determines that the user application is authenticated by the access authority, the user is allowed to apply the call to the access function to implement the transfer of the operation parameter set between the user application and the execution node by means of function parameter passing.
  • the execution node is equivalent to the external function available to the user application, and the default interface can use the access function to block the call of the program (including privilege level code) that does not have access rights, using the function call mechanism. Integrating the data transfer process and the access rights verification process helps to improve the logic processing efficiency of the user application in performing cryptographic operations through the execution node.
  • Step 205 The execution node acquires a user key corresponding to the key identifier from the keystore.
  • the keystore belongs to the data stored in the secure execution space, and may include a plurality of sets of mutually corresponding user keys and key identifiers, and records a mapping relationship between the user key and the key identifier.
  • the keystore contains the user key and the key identifier as shown in Table 1, so that the corresponding user key "0xA4B790" can be obtained according to the key identifier "key_1", according to the key identifier "key_3"
  • the corresponding user key "C1DB921F” is obtained for performing cryptographic operations in the secure execution space.
  • Step 206 The execution node performs an operation corresponding to the operation parameter set in the secure execution space by using the obtained user key.
  • the execution node performs a cryptographic operation corresponding to the operation parameter set (key_1, key_3) according to a preset correspondence relationship: the user key "0xA4B790" is encrypted by a default algorithm using the user key “C1DB921F", and is encrypted. The latter data is used as the execution result.
  • the execution node performs a cryptographic operation corresponding to the operation parameter set ("RSA Signing Key", RSA, data2) according to a preset correspondence: using the obtained corresponding "RSA Signing Key”
  • the user key digitally signs the value of the variable "data2" through the RSA algorithm corresponding to the parameter "RSA”, and takes the obtained signature data as an execution result.
  • the operation parameter set contains The number of parameters may be changed; correspondingly, the execution node may perform different operation processes for different parameter sets of operation parameters to support multiple types of cryptographic operations at the same time.
  • an algorithm function corresponding to one of several algorithm identifiers may be pre-configured in the security execution space, and the algorithm function is configured to be invoked by the execution node, and is called according to the parameter when invoked.
  • the algorithm function can calculate the output amount Data_out according to the input user key key_a and the input amount Data_in, that is, the input amount Data_in is encrypted using the user key key_a to obtain the output amount Data_out.
  • the algorithm function may be stored corresponding to the algorithm identifier to form an algorithm library, so that the execution node can acquire the corresponding algorithm function according to the algorithm identifier in the operation parameter set to make the call.
  • it may be based in advance on algorithms that may be used (such as data encryption standard algorithm DES, advanced encryption standard algorithm AES, RSA algorithm, digital signature algorithm DSA, elliptic curve cryptography algorithm ECC, message authentication code algorithm MAC, etc.)
  • One or more of the construction algorithm functions can be constructed by solidifying the fixed parameters in the algorithm function and using the parameters that may be changed as the function parameters of the algorithm function.
  • the corresponding algorithm identifier can be set to form an algorithm library.
  • the algorithm identifier may be provided to the user application in the same manner as the key identifier, and the algorithm library may be configured in the secure execution space in the same manner as the keystore, which is not limited in this application.
  • Step 207 The execution node returns an execution result to the user application.
  • the execution result may include an output of the cryptographic operation, may include an identifier of the operation completion condition, and may also be empty, depending on the operation parameter set and the configuration of the execution node.
  • the signature data as a result of the execution is passed to the user application in the form of a return value of the access function, such that the user application continues to execute the subsequent code after getting the return value.
  • the user application in this embodiment can initiate a cryptographic operation, but the user application itself does not perform a specific cryptographic operation, but is performed by the execution node in a secure execution space, which is equivalent to a secure execution space.
  • the execution node is capable of providing a cryptographic operation for the user application.
  • the method of the embodiment encapsulates the user key and the process of performing the cryptographic operation in the secure execution space, and the external user application uses the key identifier instead of the user key to initiate the cryptographic operation, so that the user is dense.
  • the process of keying and cryptographic operations is invisible to privileged software such as operating systems and virtual machine monitors, thereby reducing the security threats posed by privileged software in cloud servers to user keys.
  • privileged software such as operating systems and virtual machine monitors
  • the operating system and virtual machine monitors cannot access the keystore and the process space of the execution node, so the malicious use of management tools and the emergence of security vulnerabilities do not threaten the user key. Security.
  • the secure execution space of the present embodiment is capable of storing data, configuring program code, and accommodating execution of computer instructions, and has characteristics capable of preventing external access of privileged level code.
  • the secure execution space has the following characteristics: First, the data in the secure execution space is isolated from the external space, and only the code in the secure execution space can read and write data of the secure execution space, and the external code is no matter what. Data in the secure execution space cannot be read or written under the current privilege level (CPL) and processor mode (CPU mode). Second, access to the secure execution space is only provided with a default interface configured with a protective check, while traditional forms of function calls, jumps, register manipulations, and stack manipulations. None can access the secure execution space. Third, security The line space uses encrypted memory that is randomly changed during each power cycle (such as when booting and when recovering from sleep and hibernation), and the encryption key is stored in the processor and is not accessible.
  • the secure execution space cannot be debugged by other software or hardware debuggers.
  • the secure execution space includes a protected outer memory space, a protected inner memory space, and executable code is disposed within the spaces.
  • the secure execution space can reduce the security threats caused by external code through read-write control, access control, memory control, and debug control, and improve the execution nodes and keys configured inside the secure execution space.
  • the security of the library may be implemented based on any Trusted Execution Environment (TEE) technology, such as OP-TEE, Open-TEE, TLK, ARM TrustZone, within the scope of implementation of this embodiment.
  • TEE Trusted Execution Environment
  • the result of a cryptographic operation initiated by the user application is intermediate data of a series of cryptographic operations, and the intermediate data contains the user's secret data.
  • the intermediate data contains the user's secret data.
  • the leakage of the secret data may be caused.
  • a parameter position can be set in the operation parameter set to set the temporary storage mark, that is, the set operation parameter set includes the first subset for defining the operation instruction (including At least one parameter position) and a second subset for setting the scratch flag (in addition to the parameter position for setting the scratch flag, any number of parameter positions may be included to accommodate other operations independent of the operation instruction parameter).
  • the execution node may be configured to: first execute an operation instruction corresponding to the first subset to obtain an operation result, and then, when the second subset includes a temporary storage mark, the execution node stores the operation result in the secure execution space, The stored operation result is assigned a corresponding data identifier, and the data identifier replacement operation result is added to the execution result.
  • the calculation result can be stored in the secure execution space by the setting of the temporary storage flag without being returned to the user application, and thus the above drawback can be improved.
  • the second subset does not include the temporary storage mark
  • the operation result can be directly added to the execution result and returned to the user application, that is, the operation result can be returned to the user application by default.
  • the execution of the operation instruction corresponding to the first subset may include: when the first subset includes at least one data identifier, the execution node acquires in the secure execution space. And an operation result corresponding to the at least one data identifier, to execute an operation instruction corresponding to the first subset by using the obtained operation result.
  • the user application can use the corresponding data identifier to initiate the cryptographic operation using the intermediate data, that is, the intermediate data can not be safely executed. In the case of the implementation of the required cryptographic operations to ensure the security of the user's secret data.
  • the operation to be performed by the user application includes: first obtaining the consensus key key_kap according to the key agreement protocol (KAP) of the user key key_1 and the user key key_2, and then adopting the data data1 when acquiring the data1
  • the consensus key key_kap encrypts it.
  • the consensus key key_kap belongs to the user's secret data, and should not be added to the user application in the execution result if the OS and the VMM are not trusted.
  • the user application needs to initiate the two key operations of "key consensus operation” and "encryption operation” successively, that is, the flow of the above steps 202 to 207 is performed first with the first operation parameter set, and then The second operation parameter set performs the flow of the above steps 202 to 207.
  • the first operation parameter set (key_1, key_2, KAP, 1) includes a subset of operations that can be represented as ⁇ KAP ⁇ , a subset of parameters that can be represented as ⁇ key_1, key_2 ⁇ , and a temporary storage flag of "1"; Second luck
  • the calculation parameter set (#005, data_1, RSA,) includes a subset of operations that can be represented as ⁇ RSA ⁇ and a subset of parameters that can be represented as ⁇ #005,data_1 ⁇ (the fourth parameter position of the second operational parameter set remains Empty, that is, does not contain a staging flag).
  • the process of the user application transmitting the operation parameter set to the execution node in the above step 203 specifically includes two sub-steps not shown in the figure:
  • Step 2031 The execution node performs an operation according to the operation subset and the parameter subset to obtain an operation result.
  • the execution node acquires an operation result corresponding to the at least one data identifier in the security execution space, and uses the obtained operation result according to the operation subset and the parameter sub-key when the parameter subset includes at least one data identifier.
  • the set performs an operation to obtain the result of the operation.
  • Step 2032 When it is detected that the parameter subset further includes a temporary storage mark, the execution node stores the operation result in the secure execution space, and allocates a corresponding data identifier for the stored operation result.
  • step 207 the execution node returns an execution result to the user application, which specifically includes:
  • the execution node returns the data identification to the user application.
  • the above step 2031 includes performing an operation according to the operation subset ⁇ KAP ⁇ and the parameter subset ⁇ key_1, key_2 ⁇ (where "key_1" and “key_2" are the above-mentioned secrets
  • the key identifier, "KAP” is an algorithm identifier corresponding to the algorithm function of the key consensus), that is, specifically: obtaining a user key corresponding to "key_1” and a user key corresponding to "key_2” respectively;
  • the corresponding user key and the user key corresponding to "key_2” are used as function parameters, and an algorithm function corresponding to "KAP” is called to obtain a consensus key key_kap as a result of the operation.
  • the step 2032 includes: after obtaining the consensus key key_kap, the execution node determines that the fourth parameter position of the operation parameter set is “1”, that is, includes The temporary mark is stored, so that the consensus key is stored in a data link table in the secure execution space, and the storage sequence number "#005" of the data link table is used as the data identifier of the consensus key, and is directly returned as an execution result in step 207.
  • the execution node determines that the fourth parameter position of the operation parameter set is “1”, that is, includes The temporary mark is stored, so that the consensus key is stored in a data link table in the secure execution space, and the storage sequence number "#005" of the data link table is used as the data identifier of the consensus key, and is directly returned as an execution result in step 207.
  • the execution result obtained by the user application includes the data identifier “#005” of the consensus key key_kap, so the data identifier “#005” can be temporarily stored.
  • the second operation parameter set (#005, data_1, RSA,) is generated to initiate a cryptographic operation corresponding to the second operation parameter set.
  • data_1 is the variable name corresponding to the data data1
  • RSA is the algorithm identifier corresponding to the algorithm function of the RSA encryption algorithm
  • the fourth parameter position is The blank indicates that there is no scratch tag.
  • the user application passes the second operation parameter set to the execution node, so that the execution node determines the "#005" in the parameter subset by determining in the above step 2031.
  • the consensus key key_kap is extracted from the above data link table according to the data identifier "#005", thereby performing operations according to the operation subset ⁇ RSA ⁇ and the parameter subset ⁇ #005, data_1 ⁇ , that is, the extracted
  • the value of the consensus key key_kap and the variable "data_1" is used as a function parameter, and the algorithm function of the RSA encryption algorithm corresponding to "RSA” is called to obtain the encrypted data data1 as the operation result.
  • the step 2032 includes: after obtaining the encrypted data data1, the execution node determines that the second operation parameter set does not include the temporary storage flag “1”, so The encrypted data data1 is used as an execution result, and is returned to the user application in the above step 207.
  • the temporary storage flag can be set in the operation parameter set, and the execution node can store the operation result when receiving the temporary storage mark and return the data identification of the replacement operation result, so that the user can use the temporary storage mark.
  • the set of operational parameters to protect intermediate data containing secret data.
  • the operation parameter set can set the data identifier, and the execution node can extract the stored operation result and use it for the cryptographic operation when receiving the data identifier, so that the user can extract the stored data using the operation parameter set including the data identifier.
  • the process of establishing a secure execution space in a server specifically includes:
  • the user terminal on the user equipment 310 creates a user application APP on the operating system of a virtual machine of the server 320, and passes the user application APP: in the server 320.
  • a secure execution space TEE is created, and data corresponding to the execution node D1 is injected into the secure execution space TEE to complete the configuration of the execution node D1 in the secure execution space.
  • the user application APP triggers the creation process of the secure execution space TEE, causing the central processor of the server 320 to delineate the boundary of the secure execution space TEE in the server 320 and to associate data with the execution node D1 (eg, implement All executable code of the execution node, and the resource data that the executable code needs to utilize during the running process, etc.) are written into the secure execution space TEE in batches, so that the execution node is finally configured to be running or runable. status.
  • the execution node D1 eg, implement All executable code of the execution node, and the resource data that the executable code needs to utilize during the running process, etc.
  • the data of the keystore D2 at this time (including the user key and the key identifier) is also securely stored on the user equipment 310, but due to network communication between the user equipment 310 and the server 320, and The entire software running environment of the server 320 is untrusted, so the user application APP, the secure execution space TEE created in the process shown in FIG. 3, and the execution node D1 configured in the secure execution space TEE are also untrusted. Any time (the secure execution space can block external access to privileged code, but the execution node may have been injected with malicious code). Therefore, in the scenario shown in FIG. 3, if the UE sends the data of the keystore D2 to the server 320 in order to configure the keystore in the secure execution space TEE, there is a possibility that the user key is leaked.
  • the remote verification of the secure execution space by the user end is first performed.
  • remote verification refers to a process in which the UE determines whether the content in the secure execution space is consistent with expectations.
  • the security execution space TEE is established by the user end through the user application APP, so the user end can record or speculate the content of the secure execution space TEE after the establishment, that is, can obtain a certain security execution space under the expected situation.
  • the UE can obtain the hash value of the data in the preset range by executing the node D1, and perform integrity check on the data in the preset range according to the hash value and the expected value, thereby determining the secure execution space. Whether the content in the content is consistent with what is expected.
  • the preset range may be pre-specified by the user, and may include all executable code in the secure execution space to ensure that no unexpected code is injected into the secure execution space; and the hash of the data within the preset range
  • the value can be calculated by the central processing unit in the process of establishing the secure execution space, for example, and can be calculated by the execution node in the process of obtaining the hash value, which is not limited in this application.
  • the UE passes a random number (nonce) to the execution node D1 through the user application APP, so that the execution node D1 calculates all the stored data in the secure execution space TEE (including all the codes of the execution node). And a hash value is generated in combination with the random number to generate a verification report (in the verification report, the hash value is encrypted by the random number), and is sent to the client through the user application APP.
  • the UE may obtain the above hash value from the verification report according to the random number, and judge the security execution by comparing the hash value with the expected value.
  • the above hash value may be required to carry the signature provided by the trusted third party.
  • the central processor can be used as a trusted third party, and the central processor adds a signature to the hash value when the execution node acquires the hash value to prove that the execution node has performed the hash value calculation, and The reliability of the calculation is guaranteed by the central processor.
  • the execution node D1 uses a pre-configured curve parameter (including the base point G0 on the elliptic curve) to form an elliptic curve based on the self-generated random number (represented by n1 for convenience of description).
  • ECC Elliptic Curve Cryptography
  • n2 for convenience of description
  • the node D1 obtains the common key KEY_Q from the second public key KEY_B and the random number n1 after receiving the second public key KEY_B.
  • the UE obtains a secure shared key through key negotiation with the execution node D1, so that the secure channel CH for encrypted communication using the shared key is established.
  • the client transmits the data sent to the execution node by using the above-mentioned common key, and transmits the encrypted data to the execution node D1 through the user application APP (including the encrypted data between the client and the server).
  • the transmission as well as the transmission between the server's network interface and the user application, causes the execution node D1 to decrypt the encrypted data using the common key.
  • the process of the node D1 transmitting data to the client corresponds to it, thereby realizing secure communication between the client and the execution node D1.
  • the shared key may be, for example, two keys composed of a confidentiality protection key and an integrity protection key, and may also be, for example, a seed to separately generate a confidentiality protection key and integrity protection.
  • the master key of the key and may not be limited to this.
  • the UE may send the key information, that is, the data including the mapping relationship between the user key and the key identifier, to the executing node D1 to perform the node D1 according to the
  • the mapping relationship between the user key and the key identifier completes the configuration of the keystore D2 in the secure execution space TEE, thereby completing the establishment of the secure execution space. It can be seen that remote verification allows the user to confirm the integrity of the code in the secure execution space.
  • the secure channel guarantees the security of the user key during transmission, while the secure execution space protects the internal user key from being privileged. Code stealing, together to achieve key protection in the cloud service scenario.
  • remote control of the secure execution space by the user terminal may be implemented based on establishing a secure channel between the client and the execution node.
  • the UE transmits a first operational instruction to the execution node over the secure channel such that the execution node can receive user instructions from the client over the secure channel.
  • the execution node masks user instructions other than the secure channel when determining that the user command is the first operational command. After the establishment of the secure channel, the user command from outside the secure channel is blocked, and the authority to send the user command can be restricted to the designated client, thereby utilizing the confidentiality of the secure channel to manage the relevant authority of the user command.
  • the UE transmits a second operational instruction to the execution node over the secure channel such that the execution node can receive user instructions from the client over the secure channel.
  • the security execution space is checked (the verification scope may be part or all of the specified, and may be pre-configured in the code of the execution node) to pass the obtained verification report through security.
  • the channel is sent to the client.
  • the execution node encrypts all executable code in the secure execution space with a user key and attaches it to the verification report for transmission to the client.
  • the user can obtain the actual situation of storing data in the secure execution space as needed, as a basis for further analysis or user operation.
  • the user determines the security risk level of the security execution space according to the received verification report. For example, the client decompresses the executable code with the corresponding user key, and compares it with the original executable code, analyzes the security risks of the differences, etc., to determine whether the security risk level is safe, mild, or dangerous. . Based on the determination of the security risk level, the UE can confirm the security status of the secure execution space as needed, and cope with unexpected situations that may lead to leakage of secret data.
  • the UE when the security risk level is higher than or equal to the preset level, the UE sends a third operation instruction to the execution node through the secure channel, so that the execution node can receive the user instruction from the user end through the secure channel.
  • the user may set the preset level as a serious risk beforehand, that is, when the user end determines that the received verification report indicates that the security risk level of the security execution space is a serious risk, the third operation instruction is sent to the execution node through the secure channel.
  • the execution node deletes the secret data or all the secret data of the predetermined portion in the secure execution space when determining that the user instruction is the third operation instruction.
  • the execution node may call an erase operation function pre-configured in the secure execution space to clear all secret data in the secure execution space. Based on the operation of deleting at least part of the secret data, the UE can clear the secret data in the secure execution space as needed to cope with the risk of data leakage in an emergency situation.
  • the UE transmits a fourth operational instruction to the execution node over the secure channel such that the execution node is capable of receiving user instructions from the client over the secure channel.
  • the execution node determines that the user instruction is the fourth operation instruction
  • the keystore in the secure execution space is encrypted and stored in the memory of the server, and is returned through the secure channel for reading the keystore and decrypting the keystore. The data.
  • the execution node may invoke a storage function pre-configured in the secure execution space when receiving the fourth operation instruction, to complete the encryption of the keystore in the secure execution space by the archive function, and the encrypted key
  • the inventory is stored in the external storage of the server, and finally the key identifier of the user key used for encryption and the storage location of the encrypted keystore are transmitted to the client through the secure channel.
  • any secure execution space in the server may complete the configuration of the keystore by reading and decrypting, without requiring the client to repeatedly send the data of the keystore, which helps to reduce the network bandwidth. Occupation, and can reduce the risk of user keys leaking during transmission.
  • the UE can send a fifth to the execution node through the secure channel.
  • the operation instruction, the fifth operation instruction includes an address identifier and a decryption key corresponding to the keystore, so that the execution node can receive the user instruction from the user terminal through the secure channel.
  • the execution node obtains the encrypted keystore in the memory of the server according to the address identifier, and decrypts the encrypted keystore by using the decryption key to decrypt the decrypted key.
  • the keystore is configured in the secure execution space.
  • the confidentiality of the secure channel guarantees the security of the decryption key and the address identifier, and the operation of the execution node in the secure execution space is invisible to the external program, so the keystore can be securely configured through the above process.
  • a secure execution space completes the encrypted storage of the keystore under the direction of the fourth operational instruction before the end of the lifecycle, after which another secure execution space is created after the fifth operational instruction is created.
  • the configuration of the keystore eliminates the process of sending key information by the client to the secure execution space created later.
  • the key exchange in addition to the scope of the present application, in addition to the key exchange can be established based on ECC to establish a secure channel, other methods can be used to implement key negotiation, such as Diffie-Hellman key exchange ( Diffie–Hellman key exchange, DH) algorithm, or a combination of DH and public key encryption algorithms (such as RSA, ECC).
  • the security channel can be established in other ways, such as directly based on the public key encryption algorithm, using the public key to encrypt the data, and using the private key to decrypt the received data to achieve the establishment of a secure channel.
  • the privacy and integrity of the communication data can be protected during the communication between the client and the secure execution space, and the server program including the OS and the VMM can be prevented from transmitting the data stream.
  • the server program including the OS and the VMM can be prevented from transmitting the data stream.
  • the protection key information is not stolen or tampered by the intermediate node of the data transmission, thereby combining with other aspects of security protection.
  • Implement key protection in a cloud service scenario Based on the combination of key negotiation, the client and the execution node can implement the establishment of a secure channel without the user application, the OS, and the VMM being trusted, thereby further improving the security of data transmission.
  • the execution node D1 may further determine a calculation range of the hash value in a preset number of preset ranges according to a random number from the user end, and/or a plurality of hash algorithms preset according to the random number from the user end. The calculation algorithm for determining the hash value is added, thereby increasing the difficulty of forging the verification report and improving the reliability of the remote verification.
  • the execution node D1 may actively send a hash value unencrypted verification report to the client through the user application APP after the configuration is completed, without triggering from the user end.
  • the data within the preset range may be, in addition to all stored data of the secure execution space, a data set containing at least all executable code in any of the external memory space and the internal memory space.
  • At least the client can remotely confirm the integrity of all executable code in the secure execution space (including confirming whether the executable code is all user-configured, and Whether the executable code has been maliciously deleted or tampered with, and the client prevents the user key from being sent to the client before the security execution space passes the integrity check to protect the security of the user key.
  • the establishment of the secure channel can be performed after remote verification, before remote verification, in parallel with remote verification, or simultaneously by the same process.
  • This application does not limit this.
  • the security of the secret data of the established secure channel can be guaranteed by the execution node, thereby facilitating the security of communication security; and in the manner of establishing a secure channel before remote verification, Remotely authenticated data transmission can use the established secure channel, which is more conducive to improving the credibility of remote verification.
  • the secure execution space configured with the execution node may be established by a third-party program or a third-party device specified by the user, in addition to being established by the user end through the user application.
  • the user may request configuration data from the third-party server through the user application, so that the user application establishes a secure execution space configured with the execution node in the server according to the configuration data; or the user can use the third-party application on the server to rent the virtual A service program corresponding to the secure execution space is established in the operating system of the machine for use by the user application on the operating system.
  • the execution node can be created as additional code of the user application, thereby restricting data transfer between the execution node and the user application within the same program, which is beneficial to save the program.
  • the setting of the program interface required for data transfer also helps to eliminate the security risks caused by data transfer between programs.
  • the secure execution space can protect the internal data from external programs, the execution node may not be changed after the configuration is completed. Therefore, the establishment process of the above-mentioned secure execution space and the operation of the execution node involved in the execution of the cryptographic operation need to be embodied in the executable code corresponding to the execution node in advance. That is, when the secure execution space in which the execution node is configured is created, the data injected into the secure execution space and the achievable function in which the execution node is configured correspond to each other.
  • the user applications involved in this embodiment all refer to the same user application, in other possible designs, different functions such as initiating cryptographic operations, establishing a secure channel, and creating a secure execution space may be assigned in any manner.
  • a plurality of different user applications are implemented, for example, the user end initiates a cryptographic operation through the first user application, the user terminal establishes a secure channel through the second user application, and the user end creates a secure execution space through the third user application, etc. No restrictions.
  • FIG. 7 is a structural block diagram of a key protection apparatus according to an embodiment of the present application.
  • the key protection apparatus is applied to a user application running in a server, including a first acquisition module 410 and a delivery module 420. ,among them:
  • the first obtaining module 410 when initiating an operation using the user key, acquires a key identifier corresponding to the user key to be used, to be added to the operation parameter set corresponding to the operation using the user key;
  • the delivery module 420 is configured to pass the operation parameter set to an execution node in the secure execution space through a preset interface, so that the execution node is in the secure execution space: acquiring the key from the keystore Identifying a corresponding user key, performing an operation corresponding to the operation parameter set by using the obtained user key, and returning an execution result;
  • the key store is stored in the secure execution space; the secure execution space is pre-established in the server, the secure execution space being configured to be capable of blocking external access of privileged level code.
  • the apparatus of the embodiment encapsulates the user key and the process of performing the cryptographic operation in the secure execution space, and the external user application uses the key identifier instead of the user key to initiate the cryptographic operation, so that the user is dense.
  • the process of keying and cryptographic operations is invisible to privileged software such as operating systems and virtual machine monitors, thereby reducing the security threats posed by privileged software in cloud servers to user keys.
  • the delivery module 420 includes a calling unit, which is used to invoke an access function configured in the execution node, after verifying access rights through the preset interface, The set of operational parameters is passed as a function parameter to the execution node.
  • the set of operational parameters includes a subset of operations for defining operational rules and a subset of parameters for carrying operational data;
  • the delivery module 420 includes:
  • a first transfer unit configured to pass, by the preset interface, an operation parameter set including the temporary storage tag to the execution node, so that the execution node is in the secure execution space: according to the operation And performing a calculation on the subset of parameters to obtain an operation result, and storing the operation result in the secure execution space, as described in the storage
  • the operation result assigns a corresponding data identifier, and returns the data identifier;
  • a receiving unit configured to receive a data identifier from the execution node
  • a second transfer unit configured to pass, by the preset interface, a set of operation parameters including the data identifier in the parameter subset to the execution node, so that the execution node is in the secure execution space:
  • the operation result corresponding to the data identifier is obtained in the secure execution space, and the operation result is obtained according to the operation subset and the parameter subset using the obtained operation result to obtain the operation result.
  • the key protection device further includes an unillustrated establishing module, the establishing module is configured to pass the preset interface in the transmitting module after the secure execution space configured with the executing node is established.
  • the establishing module is configured to pass the preset interface in the transmitting module after the secure execution space configured with the executing node is established.
  • the key protection device further includes a second acquiring module and a sending module, which are not illustrated, wherein the second acquiring module is configured to send the key information by using the secure channel at the user end.
  • the second acquiring module is configured to send the key information by using the secure channel at the user end.
  • the sending module is configured to send the hash value to the user end, so that the user end: performs integrity check on the data in the preset range according to the hash value, where The integrity check prevents the user key from being sent to the server before it passes.
  • the key protection device further includes a creation module not illustrated, and an injection module, wherein the creation module is configured to interact with the user terminal to establish the user terminal and the execution Before the secure channel between the nodes, a secure execution space is created in the server; the injection module is configured to inject data corresponding to the execution node into the secure execution space to complete the execution in the secure execution space The configuration of the node.
  • FIG. 8 is a structural block diagram of a key protection apparatus according to another embodiment of the present application.
  • the key protection apparatus is applied to a user end, and includes a first sending module 510, where the first sending module 510 is used. Sending a key identifier of the at least one user key to the server, so that the first user application running in the server can obtain the secret corresponding to the user key to be used when initiating the operation using the user key Key identifier; where:
  • the first user application is configured to add the acquired key identifier to an operation parameter set corresponding to the operation using the user key, and transmit the operation parameter set to the secure execution space through a preset interface.
  • the execution node is configured to: in the secure execution space, acquire a user key corresponding to the key identifier from a keystore, and perform an operation corresponding to the operation parameter set by using the obtained user key And returning an execution result to the first user application;
  • the key store is stored in the secure execution space; the secure execution space is pre-established in the server, the secure execution space being configured to be able to block external access of privileged level code.
  • the apparatus of the embodiment encapsulates the user key and the process of performing the cryptographic operation in the secure execution space, and the external user application uses the key identifier instead of the user key to initiate the cryptographic operation, so that the user is dense.
  • the process of keying and cryptographic operations is invisible to privileged software such as operating systems and virtual machine monitors, thereby reducing the security threats posed by privileged software in cloud servers to user keys.
  • the key protection device further includes an establishing module and a second sending module, which are not illustrated, where the establishing module is configured to pass after the secure execution space configured with the executing node is established.
  • a second user application running in the server interacts with the client to establish a secure channel between the client and the execution node; the second sending module is configured to send the key information to the security channel through the secure channel Executing a node to complete configuration of the keystore in the secure execution space by the execution node according to a mapping relationship between a user key and a key identifier included in the key information.
  • the establishing module is further configured to obtain a common key by key negotiation with the execution node to establish a secure channel for performing encrypted communication using the shared key.
  • the key protection device further includes a verification module and a blocking module, which are not illustrated, wherein the verification module is configured to use the security channel to pass the key on the second transmission module.
  • the integrity check is performed on the data in the preset range of the secure execution space by the execution node, and the data in the preset range includes all executables in the secure execution space. Code; the blocking module described above is used to block the transmission of the user key to the server before the integrity check is passed.
  • the key protection device further includes a third sending module, not illustrated, for the second user application running in the server by the establishing module. After interacting with the client to establish a secure channel between the client and the execution node:
  • the key protection device further includes a creation module and an injection module, which are not illustrated, wherein the creation module is used for the second user application running in the server through the establishment module.
  • the injection module is configured to run through the server Transmitting, by the third user application, data corresponding to the execution node into the secure execution space to complete the execution in the secure execution space The configuration of the row node.
  • FIG. 9 is a structural block diagram of a key protection apparatus according to another embodiment of the present application.
  • the key protection apparatus is applied to an execution node configured in a secure execution space, where the secure execution space is established.
  • the secure execution space is configured to be able to block external access of the privilege level code
  • the key protection device includes a first receiving module 610, a first obtaining module 620, an executing module 630, and a returning module 640, wherein:
  • the first receiving module 610 is configured to receive an operation parameter set that is sent by the user application through a preset interface, where the operation parameter set is a key identifier corresponding to the user key to be used;
  • the first obtaining module 620 is configured to obtain a user key corresponding to the key identifier from a keystore, where the key pool is stored in the secure execution space;
  • the executing module 630 is configured to perform an operation corresponding to the operation parameter set in the secure execution space using the acquired user key to obtain an execution result;
  • the return module 640 is configured to return an execution result to the user application.
  • the apparatus of the embodiment encapsulates the user key and the process of performing the cryptographic operation in the secure execution space, and the external user application uses the key identifier instead of the user key to initiate the cryptographic operation, so that the user is dense.
  • the process of keying and cryptographic operations is invisible to privileged software such as operating systems and virtual machine monitors, thereby reducing the security threats posed by privileged software in cloud servers to user keys.
  • the device further comprises the following structure not shown in the figures:
  • An establishing module configured to interact with the user end to establish a relationship between the user end and the execution node, before the first obtaining module 620 acquires a user key corresponding to the key identifier from a keystore Secure channel
  • a second receiving module configured to receive the key information sent by the user end by using the secure channel, where the key information includes a mapping relationship between the user key and the key identifier;
  • a configuration module configured to complete configuration of the keystore in the secure execution space according to a mapping relationship between the user key and a key identifier.
  • the device further comprises the following structure not shown in the figures:
  • a second acquiring module configured to acquire a hash value of data in a preset range of the secure execution space before the second receiving module receives the key information sent by the user end by using the secure channel, where the The data in the range includes all executable code in the secure execution space;
  • a sending module configured to send the hash value to the user end, so that the user end: performs integrity check on the data in the preset range according to the hash value, and performs integrity verification The transmission of the user key to the server is blocked before the pass.
  • the device further includes a third receiving module not shown in the figure, the third receiving module is configured to interact with the user end at the establishing module to establish the user terminal and the After performing a secure channel between the nodes: receiving user instructions from the user terminal through the secure channel; and,
  • the user instruction is a fifth operation instruction including an address identifier and a decryption key
  • acquiring an encrypted keystore in a memory of the server according to the address identifier and encrypting the encrypted key pair
  • the keystore is decrypted to configure the decrypted keystore in the secure execution space.
  • the set of operational parameters includes a first subset for defining operational rules and a subset of parameters for carrying operational data
  • the execution module 630 comprising :
  • An execution unit configured to perform an operation according to the operation subset and the parameter subset to obtain an operation result
  • a storage unit configured to store the operation result in the secure execution space when the operation parameter set is further included in the operation parameter set, and allocate a corresponding data identifier to the stored operation result
  • the returning module is further configured to return the data identifier to the user application.
  • the execution unit is further configured to:
  • the execution node acquires an operation result corresponding to the at least one data identifier in the secure execution space, and uses the obtained operation result according to the operator
  • the set and the subset of parameters are operated to obtain an operation result.
  • the operation parameter set further includes an instruction identifier and input data;
  • the execution module 630 specifically includes:
  • a determining unit configured to determine an operation instruction function corresponding to the instruction identifier; wherein the operation instruction function and the instruction identifier are respectively arranged in an operation instruction library in the safety execution space;
  • an input unit configured to input the input data and the obtained user key into the operation instruction function to obtain an execution result.
  • the execution node is configured with an access function; the first receiving module 610 is further configured to:
  • the execution node After the user application invokes the access function to verify the access authority of the preset interface, the execution node receives the operation parameter set as a function parameter through the access function.
  • FIG. 10 is a schematic structural diagram of a computer device according to an embodiment of the present application.
  • the computer device may be used to form a server for carrying a user application and a secure execution space in the present application, and may also be used to form a bearer in the present application.
  • User equipment of the client Referring to FIG. 10, computer device 700 includes at least one processor 701, bus 702, memory 703, and at least one communication interface 704.
  • the processor 701 may include a general purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), a digital signal processor (DSP), and a digital signal processing device.
  • a device DSPD
  • PLD programmable logic device
  • FPGA field programmable gate array
  • controller a microcontroller, or multiple integrated circuits for controlling program execution.
  • Bus 702 is primarily used to transfer information between other components of computer device 700.
  • the communication interface 704 is mainly used to communicate with other storage devices or network devices.
  • the network to which the communication structure 704 is connected may be, for example, an Ethernet, a radio access network (RAN), or a wireless local area network (Wireless local area network). Local Area Networks, WLAN) and more.
  • the memory 703 may include a Read-Only Memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type that can store information and instructions.
  • Dynamic storage devices which may also include Electrically Erasable Programmable Read-Only Memory (EEPROM), Compact Disc Read-Only Memory (CD-ROM) or other optical disk storage, and optical disk storage. (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be Any other media accessed, but not limited to this.
  • the memory can be set up independently or integrated with the processor.
  • the memory 703 is used to store executable code and is controlled by the processor 701 for execution.
  • the processor 701 is configured to execute executable code stored in the memory 703.
  • the processor 701 may include one or more CPUs, such as CPU0 and CPU1 in FIG.
  • computer device 700 can include multiple processors, such as processor 701 and processor 708 in FIG. Each of these processors can be a single-CPU processor or a multi-core processor.
  • a processor herein may refer to one or more devices, circuits, and/or processing cores for processing data, such as computer program instructions.
  • computer device 700 may also include an output device 705 and an input device 706.
  • Output device 705 is in communication with processor 701 and can display information in a variety of ways.
  • the output device 705 can be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector (Projector). Wait.
  • the processor 701 between the input devices 706 can communicate via the bus 702 and can accept user input in a variety of ways.
  • input device 706 can be a mouse, keyboard, touch screen device, or sensing device, and the like.
  • the computer device 700 described above can be a general purpose computer device or a special purpose computer device.
  • the computer device 700 can be a desktop computer, a portable computer, a network server, a personal digital assistant (PDA), a mobile phone, a tablet, a wireless terminal device, a communication device, an embedded device, or the like.
  • PDA personal digital assistant
  • Embodiments of the present application do not limit the type of computer device 700.
  • FIG. 10 only gives a possible hardware implementation manner of each part. According to different functions or changes of various parts of the system, hardware components of the computer device can be added or deleted to make the system The functions of each part are matched.
  • the key protection device is presented in the form of a functional unit/function module.
  • a "unit/module” herein may refer to an Application Specific Integrated Circuit (ASIC) circuit, a processor and memory that executes one or more software or firmware programs, integrated logic circuits, and/or others that provide the above functions.
  • the device implementing the key protection device may have a map The form shown in 10.
  • the functions of the first obtaining module 410 and the transmitting module 420, the first sending module 510, the first receiving module 610, the first obtaining module 620, the executing module 630, and the returning module 640 may be performed by a processor in a memory. Stored program code to implement.
  • the embodiment of the present application further provides a computer storage medium for storing computer software instructions for the key protection device shown in FIG. 7, FIG. 8 or FIG. 9 above, which is used to execute the foregoing method embodiment. Designed program.
  • the key protection method provided by the present application can be implemented by executing a stored program.
  • embodiments of the present application can be provided as a method, apparatus (device), or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • the computer program is stored/distributed in a suitable medium, provided with other hardware or as part of hardware, or in other distributed forms, such as through the Internet or other wired or wireless telecommunication systems.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne un appareil et un procédé de protection de clé, et appartient au domaine technique de la sécurité de réseau. Dans la présente invention, un équipement utilisateur envoie un identifiant de clé d'au moins une clé d'utilisateur à un serveur, de telle sorte qu'une application d'utilisateur s'exécutant sur le serveur peut transmettre, lors du lancement d'une opération entraînant l'utilisation d'une clé d'utilisateur, un ensemble de paramètres d'opération contenant un identifiant de clé correspondant à un nœud d'exécution dans un espace d'exécution sécurisé, l'espace d'exécution sécurisé étant capable de bloquer un accès externe à un code privilégié, ce qui permet au nœud d'exécution interne d'acquérir la clé d'utilisateur dans un magasin de clés en utilisant l'identifiant de clé lorsque le code privilégié est invisible, de façon à exécuter l'opération ci-dessus entraînant l'utilisation de la clé d'utilisateur et à renvoyer un résultat d'exécution. La présente invention peut encapsuler à la fois une clé d'utilisateur et un processus d'opération cryptographique dans un espace d'exécution sécurisé, et peut être utilisée afin de réduire une menace informatique concernant une clé d'utilisateur provoquée par un logiciel privilégié dans un serveur en nuage.
PCT/CN2017/099285 2017-02-14 2017-08-28 Appareil et procédé de protection de clé Ceased WO2018149110A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710079083.1 2017-02-14
CN201710079083.1A CN108429719B (zh) 2017-02-14 2017-02-14 密钥保护方法及装置

Publications (1)

Publication Number Publication Date
WO2018149110A1 true WO2018149110A1 (fr) 2018-08-23

Family

ID=63155090

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/099285 Ceased WO2018149110A1 (fr) 2017-02-14 2017-08-28 Appareil et procédé de protection de clé

Country Status (2)

Country Link
CN (1) CN108429719B (fr)
WO (1) WO2018149110A1 (fr)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830243A (zh) * 2019-10-18 2020-02-21 中国第一汽车股份有限公司 对称密钥分发方法、装置、车辆及存储介质
CN113326518A (zh) * 2021-06-09 2021-08-31 深圳前海微众银行股份有限公司 一种数据处理方法及装置
US11398901B2 (en) 2020-03-26 2022-07-26 Walmart Apollo, Llc Restricted partial key storage
CN114821751A (zh) * 2022-06-27 2022-07-29 北京瑞莱智慧科技有限公司 图像识别方法、装置、系统及存储介质
WO2023249548A1 (fr) * 2022-06-23 2023-12-28 Canary Bit Ab Procédés et appareil de traitement de données dans un environnement d'exécution de confiance
CN118012570A (zh) * 2024-01-11 2024-05-10 中国华能集团有限公司北京招标分公司 一种多用户密钥隔离方法及系统

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525396B (zh) * 2018-09-30 2021-02-23 华为技术有限公司 一种身份秘钥的处理方法、装置和服务器
EP3809625B1 (fr) * 2018-10-09 2025-01-01 Huawei Technologies Co., Ltd. Puce, procédé de génération de clé privée, et procédé de vérification de confiance
CN109450899B (zh) * 2018-11-09 2021-11-02 南京医渡云医学技术有限公司 密钥管理方法及装置、电子设备、存储介质
CN114338095B (zh) * 2020-12-04 2024-09-10 深圳市安室智能有限公司 数据加密传输方法和相关装置、设备、介质和程序产品
CN112738219B (zh) * 2020-12-28 2022-06-10 中国第一汽车股份有限公司 程序运行方法、装置、车辆及存储介质
CN112699132B (zh) * 2021-03-22 2022-04-22 阿里云计算有限公司 安全模块解密的方法以及装置
CN113225336A (zh) * 2021-05-06 2021-08-06 安谋科技(中国)有限公司 信息加密传输方法、加解密装置、可读介质以及电子设备
CN114499975B (zh) * 2021-12-28 2023-05-26 北京深盾科技股份有限公司 登录服务器的校验方法、服务器及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102687133A (zh) * 2009-11-16 2012-09-19 微软公司 用于可信计算和数据服务的无容器数据
CN103107995A (zh) * 2013-02-06 2013-05-15 中电长城网际系统应用有限公司 一种云计算环境数据安全存储系统和方法
US20150052358A1 (en) * 2013-08-16 2015-02-19 Netflix, Inc. Key generation and broadcasting
CN104601571A (zh) * 2015-01-14 2015-05-06 浪潮电子信息产业股份有限公司 一种租户与云服务器存储交互的数据加密系统及方法
US9270459B2 (en) * 2011-09-20 2016-02-23 Cloudbyte, Inc. Techniques for achieving tenant data confidentiality from cloud service provider administrators

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101727545A (zh) * 2008-10-10 2010-06-09 中国科学院研究生院 一种安全操作系统强制访问控制机制的实施方法
US9520994B2 (en) * 2014-03-20 2016-12-13 Oracle International Corporation System and method for deriving secrets from a master key bound to an application on a device
US10615967B2 (en) * 2014-03-20 2020-04-07 Microsoft Technology Licensing, Llc Rapid data protection for storage devices
CN103944729A (zh) * 2014-04-25 2014-07-23 天地融科技股份有限公司 数据安全交互方法
CN104392188B (zh) * 2014-11-06 2017-10-27 三星电子(中国)研发中心 一种安全数据存储方法和系统
CN105260663B (zh) * 2015-09-15 2017-12-01 中国科学院信息工程研究所 一种基于TrustZone技术的安全存储服务系统及方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102687133A (zh) * 2009-11-16 2012-09-19 微软公司 用于可信计算和数据服务的无容器数据
US9270459B2 (en) * 2011-09-20 2016-02-23 Cloudbyte, Inc. Techniques for achieving tenant data confidentiality from cloud service provider administrators
CN103107995A (zh) * 2013-02-06 2013-05-15 中电长城网际系统应用有限公司 一种云计算环境数据安全存储系统和方法
US20150052358A1 (en) * 2013-08-16 2015-02-19 Netflix, Inc. Key generation and broadcasting
CN104601571A (zh) * 2015-01-14 2015-05-06 浪潮电子信息产业股份有限公司 一种租户与云服务器存储交互的数据加密系统及方法

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830243A (zh) * 2019-10-18 2020-02-21 中国第一汽车股份有限公司 对称密钥分发方法、装置、车辆及存储介质
CN110830243B (zh) * 2019-10-18 2023-06-09 中国第一汽车股份有限公司 对称密钥分发方法、装置、车辆及存储介质
US11398901B2 (en) 2020-03-26 2022-07-26 Walmart Apollo, Llc Restricted partial key storage
CN113326518A (zh) * 2021-06-09 2021-08-31 深圳前海微众银行股份有限公司 一种数据处理方法及装置
CN113326518B (zh) * 2021-06-09 2024-02-02 深圳前海微众银行股份有限公司 一种数据处理方法及装置
WO2023249548A1 (fr) * 2022-06-23 2023-12-28 Canary Bit Ab Procédés et appareil de traitement de données dans un environnement d'exécution de confiance
CN114821751A (zh) * 2022-06-27 2022-07-29 北京瑞莱智慧科技有限公司 图像识别方法、装置、系统及存储介质
CN118012570A (zh) * 2024-01-11 2024-05-10 中国华能集团有限公司北京招标分公司 一种多用户密钥隔离方法及系统

Also Published As

Publication number Publication date
CN108429719A (zh) 2018-08-21
CN108429719B (zh) 2020-12-01

Similar Documents

Publication Publication Date Title
CN108429719B (zh) 密钥保护方法及装置
CN113014539B (zh) 一种物联网设备安全保护系统及方法
CN109361668B (zh) 一种数据可信传输方法
JP6114832B2 (ja) 仮想マシンのための管理制御方法、装置及びシステム
CN107533609B (zh) 用于对系统中的多个可信执行环境进行控制的系统、设备和方法
US9514300B2 (en) Systems and methods for enhanced security in wireless communication
KR100737628B1 (ko) 고정형 토큰 및 이동형 토큰 모두를 이용한 어테스테이션
US9846778B1 (en) Encrypted boot volume access in resource-on-demand environments
JP5497171B2 (ja) セキュア仮想マシンを提供するためのシステムおよび方法
CN102948114B (zh) 用于访问加密数据的单次使用认证方法及系统
CN109756492B (zh) 基于sgx的云平台可信执行方法、装置、设备及介质
CN105447406A (zh) 一种用于访问存储空间的方法与装置
CN109558739B (zh) 程序运行方法、装置、终端及可读介质
CN104335549A (zh) 安全数据处理
US11368291B2 (en) Mutually authenticated adaptive management interfaces for interaction with sensitive infrastructure
EP3790257A1 (fr) Système de sécurité pour utiliser des installations de calcul partagées
CN114036573A (zh) 支持隐私计算的计算设备
Wagner et al. Distributed usage control enforcement through trusted platform modules and sgx enclaves
EP3720042B1 (fr) Procédé et dispositif permettant de déterminer un état de confiance d'un tpm et support de stockage
US10516655B1 (en) Encrypted boot volume access in resource-on-demand environments
Kurnikov et al. Keys in the clouds: Auditable multi-device access to cryptographic credentials
Hao et al. Trusted block as a service: Towards sensitive applications on the cloud
CN114600102A (zh) 用于保护共享对象的装置和方法
Pedone et al. Trusted computing technology and proposals for resolving cloud computing security problems
WO2020207292A1 (fr) Système et procédé de traitement de sécurité de données, support de stockage, processeur et carte de sécurité matérielle

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17896951

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17896951

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载