CN111865596B

CN111865596B - Data transmission oriented verification method and system

Info

Publication number: CN111865596B
Application number: CN201910356655.5A
Authority: CN
Inventors: 李艺; 王蜀洪; 张登辉; 汪溯
Original assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Current assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date: 2019-04-29
Filing date: 2019-04-29
Publication date: 2022-01-04
Anticipated expiration: 2039-04-29
Also published as: CN111865596A

Abstract

The application provides a verification method and a system facing data transmission, wherein the verification method comprises the following steps: obtaining the certificate storing information which is sealed and stored based on the verification instruction; instructing the first computer system to execute the operation of transmitting data corresponding to the verification instruction in a trusted processing environment of the first computer system, and acquiring to-be-verified evidence storage information generated by the first computer system; the first computer system holds data corresponding to the verification instruction; and verifying the security of the data transmission operation based on the information to be verified and the acquired information. The method and the device utilize the trusted processing environment to verify the stored certificate storing information, and effectively ensure the safety of the verification process and the credibility of the certificate storing information source.

Description

Data transmission oriented verification method and system

Technical Field

The present application relates to the field of data security technologies, and in particular, to a data transmission-oriented verification method and system.

Background

With the rapid development of computer technology, more and more commercial operations, social infrastructure operations, and personal operations are more and more dependent on the computing environment, and the expansion and complication of computer systems make the entire system more and more vulnerable and less secure. Meanwhile, the development of the network changes the computer into one component in the network, the geographical isolation such as a machine room and the like is broken through on the connection, and the information interaction is expanded to the whole network. Because of the lack of adequate security design of the internet, computers in a networked environment are all likely to be compromised at this time. At present, people can only prove and verify some simple network protocols, and cannot avoid the security defects existing in the network protocols.

The existing computer system lacks a corresponding security mechanism, program execution in the computer system can not pass authentication, data of the program and a system area can also be modified at will, and the whole computing platform is easy to be attacked and enters an uncontrollable state, so that important data or private data is monitored, copied, replaced or tampered by viruses, trojans, malicious programs and the like, and serious leakage and economic huge loss of the important data or the private data are caused.

Disclosure of Invention

In view of the foregoing drawbacks of the prior art, an object of the present application is to provide a data transmission-oriented verification method and system, which are used to solve the problem in the prior art that data transmission operations cannot be traced.

To achieve the above and other related objects, a first aspect of the present application provides a data transmission oriented authentication method, including: obtaining the certificate storing information which is sealed and stored based on the verification instruction; instructing the first computer system to execute the operation of transmitting data corresponding to the verification instruction in a trusted processing environment of the first computer system, and acquiring to-be-verified evidence storage information generated by the first computer system; the first computer system holds data corresponding to the verification instruction; and verifying the security of the data transmission operation based on the information to be verified and the acquired information.

In some embodiments of the first aspect, the step of instructing the first computer system to execute the operation of transmitting data corresponding to the verification instruction in a trusted processing environment of the first computer system, and acquiring the to-be-verified evidence information generated by the first computer system includes: causing the first computer system to generate data transfer instructions based on the validation instructions to cause the first computer system to authenticate its existence of a trusted processing environment based on the data transfer instructions; wherein the processing environment is to execute the data transfer instruction; obtaining to-be-verified evidence information generated by the first computer system in the processing environment for verifying the operation of transmitting the data.

In certain embodiments of the first aspect, the data transfer instructions comprise any of: instructions generated based on the transmitted data or instructions generated based on the received data.

In certain implementations of the first aspect, the credential information to be verified includes data encrypted with a preset credential key.

In certain embodiments of the first aspect, the data comprises: at least one of a value to be calculated, a code for calculating the value, and a statement for acquiring the value to be calculated.

In certain embodiments of the first aspect, the code in the data for calculating the value comprises: code to perform multi-party calculations by a plurality of third computer systems, or code to mathematically calculate values from at least one third computer system.

In certain implementations of the first aspect, the to-be-verified evidence-keeping information includes: and carrying out Hash calculation on the encrypted data to obtain data.

In certain embodiments of the first aspect, further comprising the steps of: and acquiring message authentication information obtained by signing the to-be-verified authentication information based on the authentication key in the first computer system, so as to verify the security of the data transmission operation.

In certain embodiments of the first aspect, the verifying the security of the operation of transmitting data based on the credential information to be verified and the acquired credential information comprises: verifying the information to be verified and stored for the first computer system; and verifying that the information to be verified and the information to be verified have consistency.

In certain embodiments of the first aspect, the sealed and saved credential information is from the first computer system or at least one second computer system.

A second aspect of the present application provides a data transmission-oriented verification method, including: generating, under the direction of a verification instruction, to-be-verified credential information based on third credential information from the first computer system in a processing environment that conforms to a trusted processing environment in the first computer system; obtaining the certificate storing information which is sealed and stored based on the verification instruction; and verifying the security of the data transmitted by the first computer system based on the information to be verified and the information to be verified.

In some embodiments of the second aspect, the step of generating the to-be-verified forensic information based on the third forensic information from the first computer system in a processing environment compatible with a trusted processing environment in the first computer system comprises: instructing a fourth computer system configured with the processing environment to obtain the third deposit information; and instructing the fourth computer system to generate the to-be-verified evidence storing information based on the acquired third evidence storing information.

In certain embodiments of the second aspect, the step of generating the to-be-verified deposit information based on the acquired third deposit information includes: and carrying out Hash calculation on the third certificate storing information to obtain the certificate storing information to be verified.

In certain embodiments of the second aspect, the step of generating the to-be-verified deposit information based on the acquired third deposit information further comprises: acquiring an authentication key of the first computer system; and signing the to-be-verified certificate information based on the authentication key.

In certain embodiments of the second aspect, the step of verifying the security of the data transmitted by the first computer system based on the credentialing information to be verified and the credentialing information comprises: and providing the certificate storing information to the fourth computer system, and indicating the fourth computer system to verify that the signed certificate storing information to be verified and the first certificate storing information have consistency.

In certain embodiments of the second aspect, further comprising: acquiring the information to be verified and stored in the certificate storage system from the fourth computer system; correspondingly, the step of verifying the security of the data transmission of the first computer system based on the information to be verified and the information to be verified comprises: verifying the information to be verified and stored certificate to be provided by the fourth computer system; and verifying that the information to be verified and the information to be verified have consistency.

In some embodiments of the second aspect, the sealed and saved credential information is from the first computer system or at least one second computer system.

A third aspect of the present application provides a fifth computer system comprising: a storage device for storing at least one program; interface means for data communication with at least a first computer system; processing means, connected to said storage means and to interface means, for executing the authentication method according to any one of the first aspect in accordance with the stored at least one program.

A fourth aspect of the present application provides a fifth computer system, comprising: a storage device for storing at least one program; interface means for data communication with at least a first computer system; processing means, connected to said storage means and to the interface means, for executing the authentication method according to any one of the second aspect in accordance with the stored at least one program.

A fifth aspect of the present application provides a computer-readable storage medium, in which at least one program is stored; the at least one program, when invoked, performs the authentication method as described in any of the first aspect or the second aspect.

As described above, the data transmission oriented verification method and system of the present application have the following beneficial effects: the stored information of deposit certificate is verified by using a trusted processing environment, so that the safety of the verification process and the credibility of the source of the information of deposit certificate are effectively ensured.

Drawings

Fig. 1 is a schematic structural diagram of a first computer system according to an embodiment of the present disclosure.

Fig. 2 is a schematic flow chart illustrating a data transmission oriented authentication method according to an embodiment of the present invention.

Fig. 3 is a schematic flow chart of a data transmission-oriented authentication method according to another embodiment of the present application.

Fig. 4 is a flowchart illustrating a data transmission method according to an embodiment of the present invention.

FIG. 5 is a block diagram of a fifth computer system according to an embodiment of the present disclosure.

Fig. 6 is a flowchart illustrating an embodiment of a data transmission-oriented authentication method according to the present application.

Fig. 7 is a schematic flow chart of a data transmission-oriented authentication method according to another embodiment of the present application.

Fig. 8 is a schematic flow chart of a data transmission-oriented authentication method according to another embodiment of the present application.

Fig. 9 is a schematic flow chart of a data transmission-oriented authentication method according to another embodiment of the present application.

Detailed Description

The following description of the embodiments of the present application is provided for illustrative purposes, and other advantages and capabilities of the present application will become apparent to those skilled in the art from the present disclosure.

Although the terms first, second, etc. may be used herein to describe various elements in some instances, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first computer system may be referred to as a second computer system, and similarly, a second computer system may be referred to as a first computer system, without departing from the scope of the various described embodiments. But they are not the same computer system unless the context clearly dictates otherwise.

Also, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context indicates otherwise. It will be further understood that the terms "comprises," "comprising," "includes" and/or "including," when used in this specification, specify the presence of stated features, steps, operations, elements, components, items, species, and/or groups, but do not preclude the presence, or addition of one or more other features, steps, operations, elements, components, species, and/or groups thereof. The terms "or" and/or "as used herein are to be construed as inclusive or meaning any one or any combination. Thus, "A, B or C" or "A, B and/or C" means "any of the following: a; b; c; a and B; a and C; b and C; A. b and C ". An exception to this definition will occur only when a combination of elements, functions, steps or operations are inherently mutually exclusive in some way.

In data transmission applications involving privacy computation, security data and the like of multi-party participation, in order to ensure the safe transmission of data, a computer system carries out confidential processing on the transmitted data in an encryption mode. However, when the transmitted data is damaged, modified and intercepted, the data receiving party or the data sending party cannot confirm the data transmission behavior of the data receiving party or the data sending party. For example, when an electronic mail is transmitted together with business information of equal importance, a data transmitting side and a data receiving side cannot verify the behavior of transmitting the electronic mail and the behavior of receiving the electronic mail, thereby causing a problem that the operation of transmitting the electronic mail cannot be verified. For another example, in the case of privacy computation involving multiple parties, a data sender cannot verify sending operation sent to a third party to perform the multiple-party computation, and a data receiver cannot verify receiving operation of a result of the multiple-party computation from the third party, so that the private data cannot be traced when leaked and computed incorrectly.

Based on this, the application provides a data transmission-oriented evidence storing method. The evidence storing method is mainly executed in a first computer system executing data transmission. The first computer system is a computer system for sending data (called D end) or a computer system for receiving data (called C end). The D end of the first computer system or the C end of the first computer system can be a single computer device; or the service system belongs to a cloud architecture-based service system or computer equipment in a distributed service system; or a virtual device. Wherein the single computer device includes but is not limited to: such as personal terminal equipment like notebook computer, desktop, etc., intelligent terminal equipment like cell-phone, panel computer, etc. The Service system based on the cloud architecture comprises a public cloud (public cloud) Service end and a private cloud (private cloud) Service end, wherein the public or private cloud Service end comprises Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS) and the like. The private cloud service end is used for example for an Aliskian cloud computing service platform, an Amazon cloud computing service platform, a Baidu cloud computing platform, a Tencent cloud computing platform and the like. The virtual device may be a virtual device configured in a physical server and managed separately by the management system.

Please refer to fig. 1, which is a schematic structural diagram of a first computer system according to an embodiment of the present disclosure. As shown, the first computer system 50 includes: storage means 51, interface means 52 and processing means 53.

The storage device 51 and the storage device 51 include a nonvolatile memory, a storage server, and the like. The nonvolatile memory is, for example, a solid state disk or a usb disk. The storage server is used for storing at least one program and the acquired various information.

The interface means 52 includes a network interface, a data line interface, and the like. Wherein the network interfaces include, but are not limited to: network interface devices based on ethernet, network interface devices based on mobile networks (3G, 4G, 5G, etc.), network interface devices based on near field communication (WiFi, bluetooth, etc.), and the like. The data line interface includes, but is not limited to: USB interface, RS232, etc. The interface device is connected with the storage device, the processing device, the internet and other data. The interface means 52 are for data communication with at least one third computer system.

Wherein the third computer system is configured to cooperate in performing data transfers. Examples of the third computer system include a computer device for performing data processing for the purpose of transmitting data, a computer device for performing data processing for the purpose of receiving data, and the like. Examples of computer devices for performing data processing for the purpose of transmitting data are: a computer device that performs data editing processing for transmitting data, a computing node device that performs privacy computing processing for transmitting a computation result generated based on privacy computing, and the like; wherein, the data editing process includes but is not limited to mail editing, contract signing, data statistics, etc.; the privacy computing process includes, but is not limited to: local mathematical calculation based on multi-party calculation, numerical transmission based on multi-party calculation, mathematical calculation based on homomorphic encryption and the like. Examples of computer devices for data processing for the purpose of receiving data are: a computer device that responds to data editing processing of receiving data operations, a computing node device that generates computing instructions for privacy computing based on the manner of distribution of privacy computing, and the like; wherein, the data editing process includes but is not limited to mail reading, contract downloading, data evaluation, etc.; the ways of generating the computing instructions for the privacy computation include, but are not limited to: generating computation instructions for multi-party computation based on the computation task, generating computation instructions for homomorphic cryptographic computation based on the computation task, and the like.

Taking the first computer system as the D-side for example, the third computer system is a computer system for receiving data, and may be any electronic device accessing the internet. For example, a personal computer device, a computer device in a cloud-based architecture service system, yet another computer device in the same distributed service system as the D-terminal, etc. The third computer system may be a physical computer device or a virtual device. Taking the first computer system as the C-side as an example, the third computer system is a computer system that sends data, and may be any electronic device accessing the internet. For example, a personal computer device, a computer device in a cloud-based architecture service system, another computer device in the same distributed service system as the C-terminal, etc. The third computer system may be a physical computer device or a virtual device.

The processing device 53 is connected to the interface device 52 and the storage device 51, and includes: a CPU or a chip integrated with a CPU, a programmable logic device (FPGA), and a multi-core processor. The processing means 53 further comprises a memory, registers, etc. for temporarily storing data. A trusted processing environment is integrated in the processing means 53. Wherein the processing environment comprises hardware and software integrated in the processing means 53 providing software interfaces and/or hardware interfaces for performing the process of sending/receiving data according to a pre-set basis trusted by third parties. The third party trust availability refers to trust in computing behavior, i.e., the computing behavior and data transfer behavior of the first computer system to achieve a particular goal are consistent with expectations. In other words, the services provided by the processing environment trusted by the third party to the first computer system are demonstrable and trustworthy, where trustworthiness primarily refers to the reliability and availability of the system. The basis for the third party trust includes, but is not limited to: a hardware environment for trust, an execution environment for trust; examples of the hardware environment include a processor, a memory, and the like, which are independent of other hardware in the processing device 53, or hardware for separately executing the execution environment, which is partitioned from a common processor and a memory of the processing device 53. Examples of the execution environment include another operating system (or virtual environment) or the like that runs an operating system (or virtual environment) or the like that depends on the processing device 53 independently, an execution environment that is divided from a common execution environment of the processing device 53 by a right, an interface, or the like and that runs an executable program that transmits/receives data individually, and the like. The processing device is connected with the storage device and the interface device, and at least the processing environment executes the data transmission oriented evidence storing method shown in fig. 1 according to the stored at least one program to generate the evidence storing information for sealed storage.

Please refer to fig. 2, which is a flowchart illustrating an embodiment of a data transmission-oriented authentication method implemented in a first computer system according to the present application. As shown in fig. 1, the method for storing the certificate includes:

in step S11, authenticating a trusted processing environment in the first computer system based on the data transfer instruction; wherein the processing environment is to execute the data transfer instructions to transfer the data.

Wherein the data transmission instruction comprises any one of: instructions generated based on the transmitted data or instructions generated based on the received data.

Taking the example of sending data based on the push mechanism, the first computer system (D end) sends a data transmission instruction DTI-1 generated for the third computer system to receive the subsequent data to the third computer system based on the push mechanism; based on the data transfer instruction DTI-1, the third computer system feeds back to the first computer system an authentication request for authenticating that the trusted processing environment is included in the first computer system (D-side) and that the transferred data is from the trusted processing environment, and the first computer system performs the step S11 based on the authentication request. Taking sending data based on an acquisition request as an example, the third computer system generates an acquisition request for acquiring data from the first computer system (D end) based on the executed instruction and sends the acquisition request to the first computer system (D end); the first computer system (D-side) generates a data transmission instruction DTI-2 based on the acquisition request, and based on the data transmission instruction DTI-2, executes the step S11 to certify to the third computer system that the trusted processing environment is included in the first computer system (D-side) and that the transmitted data is from the trusted processing environment.

Taking a manner of receiving data as an example, the third computer system sends a data transmission instruction DTI-3 created for the first computer system (C-side) to receive subsequent data and an authentication request to the first computer system (C-side) based on the push mechanism, and based on the data transmission instruction DTI-3 and the authentication request, the first computer system executes step S11 to authenticate that the trusted processing environment is included in the first computer system (C-side), and the transmitted data comes from the trusted processing environment. Taking as an example a further way of receiving data, the first computer system (C-side) generates, based on the executed instructions, an acquisition request to acquire data to a third computer system and sends it to said third computer system; the first computer system (C-side) generates a data transmission instruction DTI-4 based on the issued fetch request, and based on the data transmission instruction DTI-4, executes the step S11 to certify to the third computer system that the trusted processing environment is included in the first computer system (C-side) and that the transmitted data is from the trusted processing environment.

Here, in some embodiments, the manner in which the first computer system performs step S11 includes: a trusted processing environment in a first computer system is authenticated based on an authentication mechanism between the first computer system and a third computer system. Wherein the authentication mechanism includes, but is not limited to: the first computer system and the third computer system are pre-constructed with a customized authentication mechanism. For example, the first computer system initializes the trusted processing environment based on the data transfer instruction, the trusted processing environment generates an authentication information including parameters of the processing environment and related information for describing the processing environment to perform the data transfer operation according to an authentication protocol previously established with the third computer system based on the initialization operation, and sends the authentication information to the third computer system for authentication confirmation by the third computer system. In some specific examples, to avoid interception of the authentication information, the authentication information is encrypted based on a key pair preset by the first computer system and the third computer system to realize encrypted transmission.

In other embodiments, the manner in which the first computer system performs step S11 includes: step S111, establishing a trusted communication link between the processing environment and a third computer system based on the data transmission instruction.

Here, the first computer system builds a trusted communication link between its trusted processing environment and the third computer system. In other words, the trusted processing environment establishes its own trusted communication link with the third computer system through its connection with the interface device in the first computer system. Wherein the trusted communication link comprises a physical link and a logical link for data communication between the trusted processing environment and a third computer system, and is configured to perform at least one of the following data communication: sending data, receiving data, data communications to authenticate a trusted processing environment, and the like. Thus, data transfer operations performed via the trusted communications link are considered to be data transferred from a trusted processing environment.

In some examples, to prove to a third computer system that a trusted processing environment is included in the first computer system and that data to be transmitted with the third computer system is from the trusted processing environment, the trusted processing environment in the first computer system generates a connection request, and by sending the connection request to the third computer system, the third computer system authenticates whether to establish a trusted communication link and feeds back verification information indicating that the trusted communication link is established when the authentication is passed or feeds back verification information indicating that the trusted communication link cannot be established when the authentication is not passed.

To this end, in some specific examples, the trusted processing environment sends a connection request to the third computer system by engaging a designated port in the interface device of the first computer system to obtain the verification information fed back by the third computer system, whereby the established trusted communication link is a dedicated communication link. In yet other specific examples, the trusted processing environment transmits a connection request dedicated to establishing the trusted communication link through the interface device of the first computer system, thereby establishing the trusted communication link with the third computer system. In still other specific examples, the trusted processing environment establishes a trusted communications link with the third computer system in the manner provided in connection with the foregoing specific examples.

In other examples, to facilitate an authentication operation by a plurality of third computer systems adapted for data transfer with a first computer system, the trusted processing environment views the third computer systems as network nodes on a trusted communication link, and a connection request to establish the trusted communication link is sent by the third computer system to an authentication service system, which feeds back a verification information based on an authentication process for the connection request, thereby establishing the trusted communication link between the first computer system and the third computer system. The authentication service system is a computer system trusted by the first computer system and the third computer system for performing an authentication process, and examples of the computer system are a single computer device, a service system based on a cloud architecture, or a server cluster. An example of the authentication Service system is a Service system provided by an IAS (International association Service, referred to as an IAS).

In any of the above examples of establishing a trusted communication link, the connection request that the trusted processing environment initiates the trusted communication link includes context information configured to establish the trusted communication link. Wherein the context information includes, for example, a session key generated by a random number generator configured in the trusted processing environment. The random number generator is exemplified by a pseudo random number generator. For example, the session key generated by the random number generator contains data describing the execution environment and the hardware environment of the trusted processing environment and the random numbers generated within a preset number domain. As another example, the trusted processing environment generates context information containing DHKE (Diffie-Hellman Key Exchange-Hellman Key Exchange) based on the Sigma protocol and using a random number generator.

As shown in some of the foregoing examples, the generated connection request including the context information is issued by a trusted processing environment and an authentication operation is performed by the third computer system to generate the connection verification information. As further illustrated in the preceding examples, the connection request is sent to the authentication service system via a third computer system; when the third computer system forwards the connection request, the third computer system supplements the node information of the third computer system to the connection request so as to achieve the purpose of establishing a trusted communication link with a trusted processing environment. The authentication service system performs an authentication operation to generate connection verification information. Wherein the connection verification information includes information that can be verified by a trusted processing environment in the first computer system. For example, the connection verification information includes information that is available to the trusted processing environment in the first computer system for verification using a database provided by the third party.

In some specific examples, the authentication operation includes: a signature revocation list regarding trusted processing environments in the first computer system is queried, and connection verification information including the signature revocation list is generated for feedback to the trusted processing environments. In some more specific examples, the authentication operation further comprises: the connection verification information is signed using a key shared with the first computer system.

The trusted processing environment in the first computer system confirms establishment of the trusted communications link based on the connection verification information. Here, the trusted processing environment in the first computer system confirms establishment of the trusted communication link by performing a verification operation on the connection verification information. For example, the trusted processing environment in the first computer system verifies the signature revocation list in the connection verification information by a third party, if the corresponding signature revocation list exists, the trusted communication link is confirmed to be established, and step S112 is executed to complete the authentication; otherwise, confirming that the trusted communication link cannot be established. For another example, the trusted processing environment in the first computer system decrypts the signature of the connection verification information based on the pre-obtained key, and then verifies the signature revocation list in the connection verification information by a third party. Wherein the third party is exemplified by a service provider providing the trusted processing environment or a service provider trusted by the first computer system and the third computer system.

Step S11 further includes step S112, using the trusted communication link, of signing a report message and sending the signed report message to the third computer system to complete authentication.

Here, a trusted processing environment in the first computer system utilizes the trusted communications link to generate reporting information including execution environment information provided by the processing environment and executable program information for performing data transfer operations. Wherein the execution environment information includes software environment information and hardware environment information in which the data is executed. The executable program information includes: the processing environment executes machine instructions of the data transfer operation that are recognizable to the computer. Wherein the executable program information includes at least one of: for describing the computational tasks provided for performing the data transfer operations, for describing the manner of execution of the secure processing of the data, etc. The computing task includes, for example, a mode of performing business logic processing, data computing processing, and the like on the private data. Examples of the security process include a process for encryption and the like. For example, for a data transmission operation involving multi-party computing, the encryption process is to randomly distribute data so that the trusted processing environment transmits the distributed data.

In some examples, the trusted processing environment in the first computer system signs the generated reporting information with a key shared when establishing the trusted communication link and sends the signed reporting information to the third computer system, where authentication is accomplished by the third computer system. The third computer system decrypts the signature of the reporting information using the shared key to certify the trusted processing environment in the first computer system to perform the data transfer operation based on the provided reporting information.

In still other examples, the trusted processing environment in the first computer system signs the generated reporting information with a key shared when establishing the trusted communication link and sends the signed reporting information to the authentication service system via the third computer system. In order for a third computer system to verify the authentication result of the authentication service system, the third computer system determines that data is to be transferred to the trusted processing environment of the first computer system based on the authentication result of the signed report message by an authentication service system. In other words, the authentication result is reported and confirmed between the authentication service system and the third computer system based on a preset protocol. Wherein the preset protocol includes but is not limited to at least one of the following: a certificate chain containing the first computer system and the authentication service system certificate information, a key matched with the authentication service system, etc. The certificate information is, for example, a measurement result generated by a trusted processing environment of the corresponding system. For example, the measurement result is obtained by measuring the executable program, the data related to the transfer operation, the execution environment and the hardware environment by the trusted processing environment of the corresponding system. Based thereon, the third computer system will confirm that the data receiving/sending operations are performed with the first computer system using the trusted communications link.

Via the authentication of the trusted processing environment in the first computer system in step S11, the trusted processing environment performs a data transfer operation, upon which the trusted processing environment also performs step S12.

In step S12, generating and sealing the certificate information for verifying the operation of transmitting the data in the processing environment. Wherein, the sealed storage means a mode of storing in an unmodifiable file form; the file forms include, but are not limited to: encrypted files, non-editable files, etc.

In this case, the trusted processing environment authenticates at least the data transferred during the execution of the data transfer operation. In some examples, the certification processing mode includes storing data related to one data transmission operation according to a preset data packaging format. Wherein, the data related to the one-time data transmission operation includes but is not limited to the combination of the following multiple types: the data itself to be transferred (simply referred to as data), data sender information, data receiver information, a serial number ID generated based on a data transmission instruction, and the like. The data to be transferred includes: at least one of a value to be calculated, a code for calculating the value, and a statement for acquiring the value to be calculated. Wherein the value to be calculated is from a variable generated during execution of the executable program by the first computer system, from a database, from at least one location in a network, and the like. Examples of the code for calculating the numerical value include at least one of: a computation instruction (set) of at least one of addition computation, multiplication computation, bit extraction computation, secret sharing and the like, and a computation instruction (set) obtained by optimizing various computations according to a computation protocol of multi-party computation. Examples of the statement for acquiring the numerical value to be calculated include an SQL statement and the like. For example, the trusted processing environment decomposes received computing tasks including values to be computed according to a computing protocol of multi-party computing, to obtain values to be used by a corresponding number of third computer systems to perform computing, and codes (also called computing instructions) for computing the values.

In other examples, to facilitate separate verification, the verification processing includes separately storing and sealing data related to the one data transmission operation. Similar to the previous example, the difference is that the data to be certified is separately sealed and stored. And will not be described in detail herein.

Based on any of the above examples, the step S12 includes the following steps: and in the processing environment, encrypting the certificate information containing the data based on a preset certificate storage key to obtain second certificate information, and sealing and storing the second certificate information as the certificate information. Wherein the credentialing key is provided by the data holder such that upon authentication the data holder provides the same or an associated credentialing key to complete the authentication. In some specific examples, the processing environment stores the authentication information on a storage medium in the first computer system that is external to the processing environment, such as in a hard disk of the first computer system. In other embodiments, the processing environment stores the authentication information in the second computer system via data communication between the first computer system and the second computer system. For example, the processing environment stores the evidence information in a second computer system that forms a blockchain.

In order to reduce the data capacity of the first certificate information, the step S12 further includes generating the first certificate information based on the second certificate information, and sealing and storing the first certificate information as certificate information. Namely, the summary information (namely the first deposit information) in the second deposit information is extracted and sealed and stored as the deposit information for verification. For example, the certificate information obtained by executing the step is stored in at least one second computer system in a sealed manner, so that the certificate information which cannot be repudiated is provided during verification.

Here, the step of extracting the summary information in the second certificate storing information includes performing hash calculation on the second certificate storing information to obtain the first certificate storing information. The hash calculation is performed by, for example and without limitation: SHA-1 algorithm, SHA-224 algorithm, SHA-256 algorithm, SHA-384 algorithm, SHA-512 algorithm, derivatives thereof, and the like.

To enhance the security of the certificate information stored in the second computer system, the step S12 further includes: and signing the first certificate storing information based on a preset authentication key so as to obtain the certificate storing information of the signed first certificate storing information, and sealing and storing the certificate storing information. Wherein, the authentication key is similar to the aforementioned certification key and is provided by the data holder. The trusted processing environment in the first computer system signs the first authentication information subjected to the hash calculation to obtain the first authentication information and message authentication information (MAC) thereof, and seals and stores the authentication information containing the first authentication information and the message authentication information thereof in the first computer system and/or at least one second computer system.

The saved credentials sealed based on the above examples are used to provide authentication credentials when either party disputes data transfer operations performed by the first computer system.

The method for storing the certificate generates the certificate information in the trusted processing environment which is authenticated to pass, ensures that the certificate information generated by a data sending party (D end) or a data receiving party (C end) during the execution of data transmission operation is not interfered by the outside, and ensures that the generated certificate information really comes from the trusted processing environment and is not from an untrusted party. Thereby making the generated evidence information itself trustable and traceable.

Based on the above descriptions of the examples and with reference to fig. 3, the following embodiments are taken as examples to describe various execution processes of the evidence storing method:

in an exemplary embodiment, before a first computer system (D-side or C-side) performs a data transfer operation, first sending or receiving data transfer instructions to or from a third computer system (S-side), authenticating that there is a trusted processing environment in the first computer system, and the trusted processing environment executing the data transfer instructions to transfer the data. The mutual authentication of the first computer system and the third computer system is not completely anonymous and the first computer system discloses its ID to the third computer system. The third computer system may initiate a challenge to the first computer system before receiving the data, requiring the first computer system to prove its trustworthiness.

Taking sending data as an example, the first computer system and the third computer system authenticate each other before the first computer system prepares (D-side) to send data to the third computer system (S-side). The first computer system performs the subsequent sending step only if it is ensured that the data received by the third computer system was indeed sent from the first computer system after the authentication was successful. The first computer system also performs a step of credentialing for proving to the outside, if necessary, that the first computer system has indeed sent the given data to the third computer system; in the event of a dispute, the first computer system is unable to forge the forensic data.

Taking the example of receiving data, the first computer system (C-side) and the third computer system authenticate each other before the first computer system (C-side) is ready to receive data from the third computer system (S-side). Only after successful authentication is the first computer system performed subsequent receiving steps to ensure that the third computer system was indeed sending data to the first computer system. The first computer system also performs a step of credentialing for proving to the outside that the first computer system did receive the given data, if necessary; in the event of a dispute, the first computer system cannot forge the evidence-holding information.

In an exemplary embodiment, code executed by a first computer system in a trusted processing environment is instructed to generate a signature that provides proof of identity that the code has been properly initialized in a trusted environment. After the first computer system returns the signature information to the third computer system, the third computer system forwards the signature information to an authentication service system (IAS) for verification, and through the IAS, the trusted processing environment can prove to the untrusted other party that the code of the data to be received by the third computer system has not been tampered with and runs on a trusted computing platform. In the method, a trusted data transmission channel is established at the same time of remote authentication, and asymmetric encryption is time-consuming and cannot be used for user data encryption, so that in an exemplary embodiment of the method, Diffie-Hellman key exchange (DHKE) is performed based on a Sigma protocol, and then data is sent and received through an authentication key (SK) obtained in the exchange.

For example, after the first computer system receives a data send instruction, the first computer system sends a data send request to the third computer system, which initiates a challenge to the first computer system, requiring the first computer system to prove that it is operating in a trusted hardware environment. The first computer system executes corresponding instructions into the trusted processing environment. The trusted processing environment initializes and returns the DHKE context parameters to the first computer system. The first computer system then sends the DHKE context parameters to the third computer system. After receiving the message returned by the first computer system, the third computer system generates the self DHKE context parameter, queries the IAS to obtain a signature revocation list (SigRL) aiming at the trusted processing environment, and returns the information to the first computer system and the trusted processing environment.

After receiving the information, the trusted processing environment firstly verifies the signature, checks SigRL, then generates a report containing the current operating environment, the user program and the hardware information, and signs the report by using the SGX hardware instruction, and only the IAS can verify the signature. The third computer system sends the report generated by the trusted processing environment to the third computer system, and the third computer system submits the report to the IAS after receiving the report. And the IAS verifies the report after receiving the report, and returns a verification result signature to the third computer system.

Since the third computer system maintains a certificate chain for the IAS, the results returned by the IAS may be verified. If the verification is successful, the ID of the trusted processing environment is extracted and compared to a locally stored MR (metric report), and if there is a match, the application specified in the trusted processing environment is considered to be running in the trusted environment, after which the first computer system is informed that the message was verified and signed with the private key.

After the authentication is passed, the first computer system sends the data encrypted by the shared secret key to the third computer system, meanwhile, the data is stored in the local after being encrypted, and meanwhile, the hash information of the data is issued to the block chain. The certified data ensures non-repudiation of the transmitted data, since the first computer system has certified the third computer system that both its software and hardware environments are authentic. If the authentication states returned by the IAS sent by the third computer system are not matched, an error message is returned to the first computer system, and the two parties terminate data transmission.

The process of receiving data is similar to that described above, in which the third computer system becomes the sender of the data and the first computer system becomes the receiver of the data, and the first computer system is also required to perform self-authentication before the third computer system sends the data to the first computer system. The detailed procedures and steps are not described herein.

In an exemplary embodiment, when receiving the calculation result data, the first computer system stores the original text of the result data (i.e., the second authentication information) to be authenticated in a local encryption file system, stores the hash of the result data (i.e., the first authentication information) in a blockchain, and maintains the data stored locally by a user, wherein the local encryption file system provides encryption and consistency verification protection for the file. The stored data is encrypted by the local encryption file system, the key for decryption is provided by a user and transmitted into a trusted processing environment, and the key cannot be obtained outside the trusted processing environment in the running process, so that the data and the encryption process in the trusted processing environment cannot be maliciously tampered and leaked.

In some embodiments, when the first computer system performs Local Record (LR), the first computer system stores data sent to or received from the third computer system and the computation description information corresponding to the data to generate the storage information, and the storage information is encrypted based on an Encryption Key (EK) and then stored locally in the first computer system.

In some embodiments, when the first computer system performs block chaining (BR), the first computer system performs hash operation on data to obtain a hash value of the data, a Code hash value, and a hash value of a data source or a data receiver, respectively, and generates Message Authentication Code (MAC) based on an Authentication Key (SK); and generating certificate storage information according to the hash value, the message authentication information and the Request ID, and sealing and storing the certificate storage information to a block chain.

In an exemplary embodiment, the first computer system passes data X and task descriptions through ECALL into a trusted processing environment that splits X into X1 and X2. The trusted processing environment then computes ciphertext, including the data ciphertext, the code ciphertext, the ciphertext of the data source and the recipient, etc., using the attestation key provided by the user of the first computer system. And then, the trusted processing environment calculates the hash value of each ciphertext, which correspondingly comprises a data hash value, a code hash value, hash values of a data source and a receiver, and the like. The trusted processing environment calculates a message authentication code, MAC, of the hash value of the ciphertext using an authentication key provided by the first computer system, the MAC being used to prove that the hash value of the plaintext data was generated by the authentication key in the trusted processing environment. The trusted processing environment stores the message authentication code in a second computer system (e.g., an SGX encrypted file system) using DUEY as an encryption key. The trusted processing environment transfers data to the first computer system for data storage and transmission via OCALL. The first computer system sends X1 to the third computer system S1, X2 to the third computer system S2, and two pieces of evidence information corresponding to the third computer systems S1 and S2 are stored in an external storage, for example, in the second computer system in a blockchain. Here, each certificate information is a file formed in the form of "RequestlD | Hd | Hc | Hsd | MAC". Where Hd denotes a hash value of X1 (or X2), Hc denotes a hash value of a code for calculating X1 (or X2), Hsd denotes a hash value of device information of a data transmitting side (first computer system) and a data receiving side (third computer system S1 or S2), and MAC denotes a message authentication code.

The process of the first computer system receiving data is similar to that described above, and the detailed process and steps are not described herein again.

The data transmission oriented certificate storing method can store certificates in the data transmission process so as to ensure the safety and reliability of the identity of a data sending party or a data receiving party, and meanwhile, the data transmission can have traceability and verifiability.

The application also provides a data transmission method, which aims to provide a safe data transmission mode capable of tracing transmission operation. The data transmission method is mainly executed by a first computer system, wherein the first computer system may be the structure of the first computer system shown in fig. 1, or other computer systems capable of executing the data transmission method. For example, the first computer system is the same as or similar to the computer system described above with reference to fig. 1, and will not be described in detail herein.

Please refer to fig. 4, which is a flowchart illustrating a data transmission method according to an embodiment of the present application. As shown in the figure, the data transmission method includes:

in step S21, authenticating a trusted processing environment in the first computer system based on the data transfer instruction; the processing environment is to execute the data transfer instructions to transfer the data.

Here, the execution process of the step S21 may be the same as or similar to the execution process of the step S11, and will not be described in detail herein.

In step S22, when the authentication is passed, a first operation of transferring the data in the trusted processing environment to the third computer system or a second operation of running the data obtained from the third computer system in the trusted processing environment is executed based on the data transfer instruction.

Here, the initializing operation during the authenticating further includes, in order to perform the first operation or the second operation using the trusted processing environment: a step of transferring data associated with the transfer operation into the processing environment based on an interface provided by a trusted processing environment. Wherein the data related to the transfer operation includes but is not limited to: data to be transmitted, received data, etc. Wherein the data to be transmitted includes but is not limited to: private data, non-private data, and data after decentralized processing to be sent to a third computer system to perform private computation; files, characters (strings), multimedia data, etc. to be sent to the third computer system for storage thereof. The received data includes, but is not limited to: receiving data from a third computer system for subsequent processing; data received from a third computer system for storage in the form of files, and the like.

After the authentication is passed, the trusted processing environment in the first computer system performs a first operation of sending the data to transfer the data to the third computer system. In some specific examples, the trusted processing environment in the first computing sends data, such as mail, contracts, etc., to the third computer system for storage.

In some specific examples, the number of the third computer systems is plural, and the first operation includes: sending the data in the trusted processing environment to respective third computer systems such that each of the third computer systems performs a multi-party computation based on the respective received data. For example, the trusted processing environment in the first computer system decomposes a computation task including private data into data to be executed by a plurality of third computer systems according to a multi-party computation protocol, where the data includes a value obtained by performing distributed processing on the private data, a program obtained by decomposing the computation task, and the like; the trusted processing environment in the first computer system sends the decomposed data to preselected third computer systems that perform the multi-party computation.

In some specific examples, the number of the third computer systems is plural, and the second operation includes: receiving data from at least a portion of a third computer system running in the trusted processing environment. Taking the example that the first computer system decomposes the computation task including the private data and the third computer systems perform the multiparty computation, as a data receiver of the computation result of the multiparty computation, after the trusted processing environment in the first computer system passes the authentication, the trusted processing environment obtains the computation result from one, part, or all of the third computer systems according to the multiparty computation protocol, and performs subsequent computation on each obtained computation result to obtain the processing result of the corresponding computation task.

In a timing relationship not necessarily required to execute step S22, the first computer system further executes step S23, namely, generating the certificate information for verifying the first operation or the second operation in the processing environment, and sealing and storing the first certificate information.

Here, the execution process of step S23 is the same as or similar to the execution process of step S12, and will not be described in detail here.

In one exemplary embodiment, for example, after the first computer system receives a data send instruction, the first computer system sends a data send request to the third computer system, which initiates a challenge to the first computer system, asking the first computer system to prove that it is operating in a trusted hardware environment. The first computer system executes corresponding instructions into the trusted processing environment. The trusted processing environment initializes and returns the DHKE context parameters to the first computer system. The first computer system then sends the DHKE context parameters to the third computer system. After receiving the message returned by the first computer system, the third computer system generates the self DHKE context parameter, queries the IAS to obtain a signature revocation list (SigRL) aiming at the trusted processing environment, and returns the information to the first computer system and the trusted processing environment.

After receiving the message, the trusted processing environment first verifies the signature, checks SigRL, then generates a report containing the current operating environment, user program and hardware information, and signs the report using SGX hardware instructions, only IAS can verify the signature. The third computer system sends the report generated by the trusted processing environment to the third computer system, and the third computer system submits the report to the IAS after receiving the report. And the IAS verifies the report after receiving the report, and returns a verification result signature to the third computer system.

The authentication process for receiving data is similar to that described above, in which the third computer system becomes a sender of data and the first computer system becomes a receiver of data, and after the third computer system and the first computer system are mutually authenticated, the third computer system transmits or receives data to or from the first computer system. The detailed procedures and steps are not described herein.

The application provides a data transmission oriented verification method. The verification method is used for rapidly verifying the security of the operation of transmitting data executed by the first equipment when the data is in a light-weight dispute. Wherein the authentication method is primarily performed by a fifth computer system. The fifth computer system may be a single computer device, or a cloud-based server. The single computer device may be an autonomously configured computer device that can execute the processing method, and may be located in a private computer room or a leased computer location in a public computer room. The Service system of the Cloud architecture comprises a Public Cloud (Public Cloud) Service end and a Private Cloud (Private Cloud) Service end, wherein the Public or Private Cloud Service end comprises Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS), Infrastructure-as-a-Service (IaaS), and the like. The private cloud service end is used for example for an Aliskian cloud computing service platform, an Amazon cloud computing service platform, a Baidu cloud computing platform, a Tencent cloud computing platform and the like. The fifth computer system may also be a trusted processing environment independent of the first computer system and configured with the same or equivalent trusted processing environment as the first computer system for performing at least some of the steps of the authentication method described below.

Fig. 5 is a schematic structural diagram of a fifth computer system according to an embodiment of the present disclosure. As shown, the fifth computer system 70 includes: a storage device 71, an interface device 72, and a processing device 73.

The interface device is in data connection with the processing device, which may be connected via a bus or via a communication network for data transfer. To this end, the interface means include, but are not limited to, a network card, a mobile network access module, a bus interface connected to the processing means through a bus, and the like. The interface device is also communicatively connected to a first computer system, wherein the first computer system may be the aforementioned first computer system. The interface device is in data communication with the first computer system through at least one of the internet, a mobile network and a local area network so as to send out a verification instruction and receive to-be-verified deposit information of the first computer system.

The storage device is used for storing at least one program which can execute the authentication method described below. The storage device may be located on the same physical server as the processing device, or in a different physical server and transmits the calculation instructions to the processing device running the calculation through the interface device of each server. The storage may include high speed random access memory and may also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices. In certain embodiments, the memory may also include memory that is remote from the one or more processors, such as network-attached memory accessed via RF circuitry or external ports and a communication network (not shown), which may be the internet, one or more intranets, Local Area Networks (LANs), wide area networks (WLANs), Storage Area Networks (SANs), etc., or a suitable combination thereof. The storage device also includes a memory controller that can control access to the memory by other components of the device, such as the CPU and peripheral interfaces. Among the software components stored in the storage device are an operating system, a communications module (or set of instructions), a text input module (or set of instructions), and an application (or set of instructions).

The processing device is operatively coupled with the storage device. More specifically, the processing device may execute programs stored in the memory and/or the non-volatile storage to perform operations in the task platform. As such, the processing device may include one or more general purpose microprocessors, one or more application specific processors (ASICs), one or more field programmable logic arrays (FPGAs), or any combination thereof. Wherein, the plurality of CPUs included in the processing device can be located in the same entity server or dispersed in a plurality of entity servers, and realize data communication by means of the interface device to cooperatively execute the authentication method.

The processing means executes the authentication method by calling a program stored in the storage means.

Please refer to fig. 6, which is a flowchart illustrating an exemplary embodiment of a data transmission oriented authentication method according to the present application. As shown, the authentication method includes:

in step S31, the license information is acquired based on the verification instruction.

Here, when a sender or a receiver of one data transmission or a data processor performing subsequent processing based on the transmitted data challenges corresponding data transmission, a verification request is sent to a fifth computer system, and the fifth computer system generates a verification instruction according to the verification request and acquires the evidence information from the computer system sealed and stored with the evidence information according to the serial number ID of the corresponding data transmission. And the certificate storing information is sealed and stored in the local first computer system or the second computer system. The certificate storing information is used as a certificate for verifying the certificate storing information to be verified.

In the executed step S32, instructing the first computer system to execute the operation of transmitting data corresponding to the verification instruction in a trusted processing environment, and acquiring the to-be-verified evidence information generated by the first computer system; and the first computer system holds the data corresponding to the verification instruction.

Here, the fifth computer system transmits the number ID of the data transfer to be verified to the first computer system that has performed the data transfer operation based on the verification instruction.

In some examples, the data transmission to be verified is a data transmission on a data transmission side, the fifth computer system transmits the serial number ID to a first computer system (hereinafter referred to as a D-side) performing a data transmission operation, the D-side selects corresponding second authentication information from a plurality of second authentication information sealed locally based on the serial number ID provided by the verification instruction, decrypts the selected second authentication information based on a corresponding authentication key to obtain at least data corresponding to the data transmission operation to be verified, re-executes a process of transmitting the data based on the aforementioned data transmission method or data authentication method to generate the authentication information, and transmits the generated authentication information to be verified to the fifth computer system.

Here, the step of the fifth computer system instructing the D-side to execute the step S32 includes: enabling the D end to generate a data transmission instruction based on the verification instruction, so that the D end can verify that a trusted processing environment exists based on the data transmission instruction; wherein the processing environment is to perform the data transfer; and acquiring to-be-verified evidence information which is generated by the D end in the processing environment and used for verifying the operation of transmitting the data.

Here, the manner of executing the trusted processing environment by the D-side and generating the to-be-verified authentication information in the processing environment is the same as or similar to the aforementioned data transmission method or data authentication method, and will not be repeated here.

The data transmission operation executed by the D end comprises a data transmission operation for the purpose of transmitting and saving local data to a third computer system; including but not limited to sending an email, files allowed to download, outgoing text records, etc. For example, the data sending operation is an operation of sending a mail containing a contract attachment; the to-be-verified evidence storage information generated by the D terminal executing the data sending comprises an attachment, a mail text, D terminal information, C terminal information, a serial number ID corresponding to a verification instruction and the like. The data sending operation executed by the D end further comprises data sending operation aiming at handing local data to a third computer system for privacy calculation; including but not limited to sending data that is available to multiple computer systems to perform multi-party computations. For example, the data includes: at least one of a value to be calculated, a code for calculating the value, a statement for obtaining the value to be calculated, and a serial number ID of a corresponding verification instruction. Code for calculating a value in the data comprises: code to perform multi-party computations by a plurality of third computer systems.

In still other examples, the data transmission to be verified is a data transmission of a data receiving side, and the first computer system is a data receiving end (also referred to as a C-end) of the data receiving side. Similar to the verification process of the data sending side, the C-side selects corresponding second certificate information from the plurality of second certificate information sealed locally based on the serial number ID provided by the verification instruction, decrypts the selected second certificate information based on the corresponding certificate key to obtain at least data corresponding to the data sending operation to be verified, re-executes the process of sending the data based on the aforementioned data transmission method or data certificate method to generate the certificate information to be verified, and sends the generated certificate information to be verified to the fifth computer system.

Here, the step of the fifth computer system instructing the terminal C to execute the step S32 includes: enabling the C group to generate a data transmission instruction based on the verification instruction, so that the C group can verify that a trusted processing environment exists based on the data transmission instruction; wherein the processing environment is to execute the data transfer instruction; and acquiring to-be-verified evidence information which is generated by the C end in the processing environment and used for verifying the operation of transmitting the data.

Here, the manner of executing the trusted processing environment by the C-side and generating the to-be-verified authentication information in the processing environment is the same as or similar to the aforementioned data transmission method or data authentication method, and will not be repeated here.

The data sending operation executed by the C end comprises a data receiving operation for receiving and storing data sent by a third computer system to the local; including but not limited to receiving mail, being allowed to access files saved by the third computer system, receiving text records, etc. For example, the data receiving operation is an operation of receiving a mail containing a contract attachment; the to-be-verified evidence storage information generated by the C terminal executing the data receiving comprises an attachment, a mail text, C terminal information, a serial number ID corresponding to a verification instruction and the like. The data receiving operation executed by the C terminal further comprises a data receiving operation for receiving data generated by a third computer system through privacy calculation and carrying out subsequent calculation; including but not limited to receiving data from multiple computer systems after performing multi-party computations. For example, the data includes: at least one of a value to be calculated, a code for calculating the value, a statement for obtaining the value to be calculated, and a serial number ID of a corresponding verification instruction. Code for calculating a value in the data comprises: code for mathematically calculating a value from at least one third computer system.

In step S33, the security of the operation of transmitting data is verified based on the information to be verified and the acquired information.

According to some examples of the foregoing generating the first certificate information (or the second certificate information), the certificate information to be verified and the certificate information acquired by the fifth computer system are both certificate information encrypted by using a certificate key, or the certificate information to be verified and the certificate information acquired by the fifth computer system are both certificate information obtained by performing hash calculation on encrypted data, and the process of the fifth computer system executing step S33 is as follows: and acquiring the information of the certificate to be verified based on the trusted communication link which passes the authentication, matching whether the two pieces of certificate information are consistent, if so, determining that the data transmission operation executed by the first computer system is safe, otherwise, determining that the data transmission operation is unsafe.

To verify at least that the credential information to be verified is indeed from the first computer system, the first credential information (or the second credential information) is generated in accordance with the foregoing further examples, where the credential information to be verified is signed by an authentication key. For this purpose, the first computer system provides the information to be verified and the information authentication information thereof at the same time. The process of the fifth computer system executing the step S33 is exemplified as follows: verifying the information to be verified and stored for the first computer system; and verifying that the information to be verified and the information to be verified have consistency.

Wherein the manner of the executing step to verify that the information to be verified is provided for the first computer system comprises: 1) decrypting the message authentication information based on the authentication key corresponding to the first computer system to obtain certificate storing information, comparing the certificate storing information with the certificate storing information to be verified, verifying that the certificate storing information to be verified is provided by the first computer system if the certificate storing information is consistent with the certificate storing information to be verified, and otherwise, determining that the first computer system fails to verify the security of the transmitted data; 2) verifying that the to-be-verified authentication information and the message authentication information come from a trusted communication link constructed with the first computer system, for example, decrypting the acquired to-be-verified authentication information and the acquired message authentication information according to a preset shared key, and verifying that the to-be-verified authentication information is provided by the first computer system through verifying the message authentication information and the to-be-verified authentication information.

The method for verifying the consistency of the to-be-verified evidence storage information and the first evidence storage information comprises the following steps of: perfecting the calculation of the information to be verified to enable the information to be verified and the first information to be verified to undergo the same calculation process, such as obtaining the information after Hash calculation; carrying out signature processing on the certificate information to be verified by using the authentication key, or carrying out decryption processing on the first certificate information; and comparing the two processed certificate information, if the two certificate information are consistent, determining that the verification is passed, otherwise, determining that the verification is not passed.

The present application further provides a verification method performed by at least a fifth computer system, wherein the fifth computer system comprises: a storage device for storing at least one program; interface means for data communication with at least one second computer system; and the processing device is connected with the storage device and the interface device and is used for executing the data transmission oriented authentication method shown in the figure 7, 8 or 9 according to the stored at least one program.

The fifth computer system itself and the devices performing the verification method described below may have the same or similar structures as those of the fifth computer system shown in fig. 4, and will not be described in detail herein.

In some embodiments, the fifth computer system may perform the following main steps. Please refer to fig. 7, which is a flowchart illustrating a data transmission-oriented authentication method according to another embodiment of the present application. As shown, the authentication method includes:

in step S41, at the direction of a verification instruction, generating information to be verified based on the third credential information from the first computer system in a processing environment consistent with a trusted processing environment of the first computer system.

Here, when the sender, the receiver, or a data processor performing subsequent processing based on the transmitted data of one data transmission challenges the corresponding data transmission, an authentication request is issued to the fifth computer system, which generates an authentication instruction accordingly and acquires the third authentication information DC3 from the first computer system according to the serial number ID of the corresponding data transmission.

Under the direction of the verification instruction, the fifth computer system obtains the third certification information DC3 provided by the first computer system using its own configured processing environment that conforms to the trusted processing environment of the first computer system. Examples of a processing environment that is compatible with a trusted processing environment of the first computer system are a processing environment that is compatible with a trusted processing environment of the first computer system or a processing environment that is trusted by the first computer system. For example, the trusted processing environments of the fifth computer system and the first computer system are both authenticated via a third party.

The third credential information DC3 provided by the first computer system may be the same as the second credential information DC2 mentioned in the foregoing credential method and transmission method, or the same as the first credential information DC1 mentioned in the foregoing credential method and transmission method, according to the generation method of the credential information actually stored in the first computer system.

In addition, the manner of acquiring the third certification information DC3 provided by the first computer system by the fifth computer system includes but is not limited to: establishing a communication connection outside the trusted processing environment of the first computer system and the fifth computer system, the fifth computer system obtaining the third deposit information DC 3; alternatively, the first computer system and the fifth computer system establish a trusted communication link based on their respective trusted processing environments, and using this communication link, the fifth computer system obtains the third deposit information DC 3.

Here, in some examples, the obtained third authentication information DC3 may be used as the authentication information to be verified. For example, the third certification information DC3 is the first certification information DC1 stored in the first computer system (or the second computer system). In other examples, based on the first computer system generating the calculated difference between the second credential information DC2 and the first credential information DC1, the fifth computer system further calculates the obtained third credential information DC3 to obtain the credential information DC4 to be verified that is calculated the same as the first credential information DC 1. For example, the third certification information DC3 acquired by the fifth computer system is obtained by encrypting through the encryption key of the user, and correspondingly, the fifth computer system performs hash calculation on the third certification information DC3 and performs signature processing on the hash calculation result based on the authentication key of the corresponding user to obtain the certification information DC4 to be verified.

In step S42, the certificate information is obtained based on the verification instruction.

Here, the fifth computer system acquires the sealed and stored certification information based on the number ID in the verification instruction and the first computer system or the at least one second computer system which certifies the number ID. Wherein, in some examples, the fifth computer system obtains and writes the forensic information to a trusted processing environment using a processing environment other than the trusted processing environment. In other examples, to ensure that the obtained credential information is sent by the designated computer system, the fifth computer system performs an authentication procedure as described in the foregoing credential method or transmission method with the corresponding computer system to obtain the credential information over the established trusted communication link and write the credential information to the trusted processing environment.

In step S43, the security of the data transmission of the first computer system is verified based on the information to be verified and the information to be verified.

And the fifth computer system verifies the security of data transmission of the first computer system by matching the information to be verified and the information to be verified, if so, verifying that the data transmission operation of the first computer system is safe, otherwise, verifying that the data transmission operation is not safe.

In other embodiments, the fifth computer system may cooperate with the fourth computer system to perform the verification process described above. Wherein the fourth computer system is configured with a processing environment that conforms to a trusted processing environment in the first computer system. The fifth computer system and the fourth computer system may establish data communication directly or through an authentication service system. Please refer to fig. 7 and 8, which are flowcharts illustrating two embodiments of a verification process performed by the fifth computer system and the fourth computer system.

Referring to fig. 8 and 9, in step S51, the fifth computer system instructs the fourth computer system to acquire the third certificate information from the first computer system based on the generated verification instruction.

Wherein the step of the fifth computer system instructing the fourth computer system to obtain the third credential information establishes communication with the fourth computer system, in some examples, through the untrusted processing environment of the fifth computer system, and instructs the fourth computer system to obtain the third credential information DC3 sequestered and stored in the first computer system. In other examples, the fifth computer system is in communication with the authentication service system, the authentication service system assigns a fourth computer system configured with a trusted processing environment and instructs the fourth computer system to request the third credential information DC3 from the first computer system based on the verification. In still other examples, the fourth computer system assigned by the authentication service system establishes a trusted communication link with the first computer system based on the validation instruction and obtains the third deposit information DC 3.

In step S52, based on the instruction of the verification instruction, the fourth computer system generates to-be-verified deposit information based on the acquired third deposit information at the fifth computer system.

The trusted processing environment of the fourth computer system performs said step S52. According to the calculation difference between the third credential information DC3 that is the credential stored by the first computer system and the credential information DC1 that is used as the authentication credential, in some examples, the fourth computer system takes the acquired third credential information as the credential information to be authenticated. In other examples, the fourth computer system performs a calculation process of generating the deposit information on the third deposit information DC3 to obtain the deposit information to be verified, which is obtained through the same calculation process as the deposit information, wherein the calculation process includes performing a hash calculation on the obtained second deposit information; and/or obtaining an authentication key of the first computer system, and signing the to-be-verified certificate information based on the authentication key. For example, the trusted processing environment of the fourth computer system performs a hash operation on the third authentication information DC3 to obtain the authentication information to be verified. As another example, the trusted processing environment of the fourth computer system signs the hashed third credential information DC3 based on the authentication key to obtain the message authentication information. For another example, the trusted processing environment of the fourth computer system signs the obtained third authentication information DC3 based on the authentication key to obtain the message authentication information.

In some examples, the obtained to-be-verified certificate information, or the to-be-verified certificate information and the message authentication information thereof are subjected to subsequent verification by the fourth computer system, and for this reason, referring to fig. 8, the fourth computer system performs step S531 to obtain the certificate information that is sealed and saved based on the verification instruction. Here, step S531 and step S51 are executed in no particular order, for example, the fourth computer system obtains the third credential information DC3 from the first computer system and obtains the first credential information DC1 from the at least one second computer system.

The fourth computer system further executes step S541, namely, verifying the security of the data transmitted by the first computer system based on the information to be verified and the information to be verified.

Here, the fourth computer system verifies the information to be verified and the information to be verified, and feeds back the result to the fifth computer system, and the fifth computer system performs step S551 to determine the verification result based on the feedback information.

In some specific examples, the fourth computer system verifies that the signed to-be-verified certificate information and the first certificate information have consistency, and feeds back a result to the fifth computer system, and the fifth computer system determines a verification result based on the feedback information. For example, the fourth computer system compares the certificate information to be verified and signed by using the same authentication key and the same hash calculation, if the certificate information is consistent with the certificate information, corresponding consistent feedback information is generated, otherwise, corresponding inconsistent feedback information is generated, and the corresponding feedback information is fed back to the fifth computer system so as to display the corresponding verification result.

Unlike the verification process shown in fig. 8, the fourth computing system in fig. 9 executes step S532, i.e. feeds back the obtained to-be-verified evidence information to the fifth computing system. Step S552 is executed by the fifth computer system, that is, the security of data transmission of the first computer system is verified based on the to-be-verified certificate information and the certificate information. The execution process of step S552 is similar to the execution process of step S33, and is different from step S33 in that the fifth computer system verifies that the received information to be verified is provided by the fourth computer system, and the verification process is similar to step S33, and therefore, the description thereof is not repeated here.

The present application further provides a computer readable and writable storage medium, storing a computer program of the data transmission-oriented evidence storing method, which when executed implements the method of the above embodiment with respect to the data transmission-oriented evidence storing method described in fig. 2.

The present application also provides a computer-readable and writable storage medium storing a computer program of a data transmission method, which when executed implements the method of the above-described embodiment with respect to the data transmission method described in fig. 5.

The present application also provides a computer-readable and writable storage medium storing a computer program of a data transmission-oriented authentication method, which when executed implements the method of the above-described embodiment with respect to the data transmission-oriented authentication method described in fig. 6.

The present application also provides a computer-readable and writable storage medium storing a computer program of a data transmission-oriented authentication method, which when executed implements the data transmission-oriented authentication method described in the above embodiments with respect to any one of fig. 7, 8, and 9.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application.

In the embodiments provided herein, the computer-readable and writable storage medium may include read-only memory, random-access memory, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, flash memory, a USB flash drive, a removable hard disk, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the instructions are transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. It should be understood, however, that computer-readable-writable storage media and data storage media do not include connections, carrier waves, signals, or other transitory media, but are intended to be non-transitory, tangible storage media. Disk and disc, as used in this application, includes Compact Disc (CD), laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers.

In one or more exemplary aspects, the functions described in the computer program of the data transmission oriented authentication method, transmission method, and verification method described herein may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. The steps of a method or algorithm disclosed herein may be embodied in a processor-executable software module, which may be located on a tangible, non-transitory computer-readable and/or writable storage medium. Tangible, non-transitory computer readable and writable storage media may be any available media that can be accessed by a computer.

The flowcharts and block diagrams in the figures described above of the present application illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The data transmission oriented certificate storage method, the data transmission oriented certificate transmission method, the data transmission oriented certificate verification method, the computer system and the computer readable storage medium can store the certificate in the data transmission process so as to ensure the safety and reliability of the identity of a data sender or a data receiver and enable the data transmission to have traceability and verifiability.

The above embodiments are merely illustrative of the principles and utilities of the present application and are not intended to limit the application. Any person skilled in the art can modify or change the above-described embodiments without departing from the spirit and scope of the present application. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical concepts disclosed in the present application shall be covered by the claims of the present application.

Claims

1. A data transmission oriented authentication method is characterized by comprising the following steps:

obtaining the certificate storing information which is sealed and stored based on the verification instruction; the deposit certificate information is generated in a trusted processing environment which is authenticated and is used as a certificate for verifying the deposit certificate information to be verified; the processing environment is to execute data transfer instructions; the authentication instruction is generated by a fifth computer system based on the received authentication request;

instructing the first computer system to execute the operation of transmitting data corresponding to the verification instruction in a trusted processing environment of the first computer system, and acquiring to-be-verified evidence storage information generated by the first computer system; the first computer system holds data corresponding to the verification instruction; the fifth computer system having a processing environment that conforms to a trusted processing environment in the first computer system; the first computer system and at least one third computer system are in data communication via a trusted communication link; the at least one third computer system is used for data processing of editing or privacy calculation for the purpose of transmitting data or data processing of editing or privacy calculation for the purpose of receiving data;

and verifying the security of the data transmission operation based on the information to be verified and the acquired information.

2. The data transmission-oriented verification method according to claim 1, wherein the step of instructing the first computer system to execute the operation of transmitting data corresponding to the verification instruction in a trusted processing environment of the first computer system, and acquiring the to-be-verified evidence information generated by the first computer system includes:

causing the first computer system to generate data transfer instructions based on the validation instructions to cause the first computer system to authenticate its existence of a trusted processing environment based on the data transfer instructions;

obtaining to-be-verified evidence information generated by the first computer system in the processing environment for verifying the operation of transmitting the data.

3. The data transmission-oriented authentication method according to claim 2, wherein the data transmission instruction comprises any one of: instructions generated based on the transmitted data or instructions generated based on the received data.

4. The data transmission-oriented authentication method according to claim 1, wherein the credential information to be authenticated comprises data encrypted with a preset credential key.

5. The data transmission-oriented authentication method of claim 4, wherein the data comprises: at least one of a value to be calculated, a code for calculating the value, and a statement for acquiring the value to be calculated.

6. The data transmission-oriented authentication method according to claim 1 or 5, wherein the code for calculating the value in the data comprises: code to perform multi-party calculations by a plurality of third computer systems, or code to mathematically calculate values from at least one third computer system.

7. The data transmission-oriented authentication method according to claim 6, wherein the to-be-authenticated evidence information comprises: and carrying out Hash calculation on the encrypted data to obtain data.

8. The data transmission-oriented authentication method of claim 6, further comprising the steps of: and acquiring message authentication information obtained by signing the to-be-verified authentication information based on the authentication key in the first computer system, so as to verify the security of the data transmission operation.

9. The data transmission-oriented authentication method according to claim 1, wherein the step of verifying the security of the data transmission operation based on the to-be-authenticated and the acquired authentication information comprises:

verifying the information to be verified and stored for the first computer system; and

and verifying that the information to be verified and the information to be verified are consistent.

10. The data transmission-oriented authentication method as claimed in claim 1, wherein the sealed and saved authentication information comes from the first computer system or at least one second computer system.

11. A data transmission oriented authentication method is characterized by comprising the following steps:

generating, under the direction of a verification instruction, to-be-verified credential information based on third credential information from the first computer system in a processing environment that conforms to a trusted processing environment in the first computer system; the processing environment is to execute data transfer instructions; the authentication instruction is generated by a fifth computer system based on the received authentication request; the first computer system and at least one third computer system are in data communication via a trusted communication link; the at least one third computer system is used for data processing of editing or privacy calculation for the purpose of transmitting data or data processing of editing or privacy calculation for the purpose of receiving data;

obtaining the certificate storing information which is sealed and stored based on the verification instruction; the deposit certificate information is generated in a trusted processing environment which is authenticated and is used as a certificate for verifying the deposit certificate information to be verified;

and verifying the security of the data transmitted by the first computer system based on the information to be verified and the information to be verified.

12. The data transfer oriented authentication method of claim 11, wherein the step of generating the authentication information to be verified based on the third authentication information from the first computer system in a processing environment consistent with a trusted processing environment of the first computer system comprises:

instructing a fourth computer system configured with the processing environment to obtain the third deposit information;

and instructing the fourth computer system to generate the to-be-verified evidence storing information based on the acquired third evidence storing information.

13. The data transmission-oriented authentication method according to claim 12, wherein the step of generating the authentication information to be authenticated based on the acquired third authentication information comprises: and carrying out Hash calculation on the third certificate storing information to obtain the certificate storing information to be verified.

14. The data transmission-oriented authentication method according to claim 12, wherein the step of generating the to-be-authenticated evidence information based on the obtained third evidence information further comprises:

acquiring an authentication key of the first computer system; and

and signing the to-be-verified certificate information based on the authentication key.

15. The data transmission-oriented authentication method according to claim 14, wherein the step of authenticating the security of the data transmission of the first computer system based on the authentication information to be authenticated and the authentication information comprises: and providing the certificate storing information to the fourth computer system, and indicating the fourth computer system to verify that the signed certificate storing information to be verified and the first certificate storing information have consistency.

16. The data transmission-oriented authentication method of claim 12, further comprising: acquiring the information to be verified and stored in the certificate storage system from the fourth computer system;

correspondingly, the step of verifying the security of the data transmission of the first computer system based on the information to be verified and the information to be verified comprises:

verifying the information to be verified and stored certificate to be provided by the fourth computer system; and

17. The data transmission-oriented authentication method as claimed in claim 11, wherein the sealed and saved authentication information comes from the first computer system or at least one second computer system.

18. A fifth computer system, comprising:

a storage device for storing at least one program;

interface means for data communication with at least a first computer system;

processing means, connected to said storage means and to the interface means, for executing the authentication method according to any one of claims 1 to 10, in accordance with at least one stored program.

19. A fifth computer system, comprising:

a storage device for storing at least one program;

interface means for data communication with at least a first computer system;

processing means, connected to said storage means and to the interface means, for executing the authentication method according to any one of claims 11-17, in accordance with at least one stored program.

20. A computer-readable storage medium storing at least one program; the at least one program, when invoked, performs the authentication method of any of claims 1-10, or 11-17.