CN114201748A - Data source credibility verification method in scene of calculating movement to data end under high credibility environment - Google Patents
Data source credibility verification method in scene of calculating movement to data end under high credibility environment Download PDFInfo
- Publication number
- CN114201748A CN114201748A CN202111529683.6A CN202111529683A CN114201748A CN 114201748 A CN114201748 A CN 114201748A CN 202111529683 A CN202111529683 A CN 202111529683A CN 114201748 A CN114201748 A CN 114201748A
- Authority
- CN
- China
- Prior art keywords
- data
- credibility
- signature
- source
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012795 verification Methods 0.000 title claims abstract description 35
- 238000001514 detection method Methods 0.000 claims abstract description 137
- 238000004364 calculation method Methods 0.000 claims abstract description 40
- 238000012545 processing Methods 0.000 claims abstract description 6
- 238000004458 analytical method Methods 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 17
- 238000005259 measurement Methods 0.000 claims description 15
- 238000005070 sampling Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000013508 migration Methods 0.000 description 2
- 230000005012 migration Effects 0.000 description 2
- GETQKLUOZMYHGE-UHFFFAOYSA-N 2-[[3-(3,6-dichlorocarbazol-9-yl)-2-hydroxypropyl]amino]-2-(hydroxymethyl)propane-1,3-diol Chemical compound ClC1=CC=C2N(CC(O)CNC(CO)(CO)CO)C3=CC=C(Cl)C=C3C2=C1 GETQKLUOZMYHGE-UHFFFAOYSA-N 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000013139 quantization Methods 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The scheme discloses a data source credibility verification method in a scene of calculating and moving to a data end under a high credibility environment, which comprises the following steps: s1, loading a computing application and a detection algorithm in a trusted execution environment; s2, calculating, applying and reading source data, and performing operation processing based on the source data; detecting source data by a detection algorithm; s3, signing the detection result and then sending the signed detection result and the calculation result to a data user together or respectively; s4, the data user verifies the signature, if the signature passes the verification, the detection result is legal, otherwise, the signature is illegal; and S5, after the legality is confirmed, the data user confirms whether the source data used by the calculation application is in compliance according to the detection result. According to the scheme, the remote data using party can carry out high-credibility data credibility detection on the premise that the data owning party cannot be credible and the data cannot go out of the local part of the data owning party, and the dilemma that the current data cannot go out of the local part and the legality and compliance of the data used by the data using party for credibility verification calculation cannot be met at the same time is effectively solved.
Description
Technical Field
The invention belongs to the technical field of internet credibility, and particularly relates to a data source credibility verification method in a scene of calculating movement to a data end under a high credibility environment.
Background
In order to alleviate the high cost of data transmission to the computing end and prevent privacy disclosure of data transmission to the outside of the data owner, a data access technology with a core of "data-motionless, program-motionless" is increasingly widely used in big data processing. The technology still has certain defects, for example, related data and calculation are deployed in the range of a server or a cloud controlled by the server, because the data cannot be locally generated and privacy protection effects are achieved, the operation of the data end is like a black box, a user cannot touch actually used data or an operation process, cannot know details of the operation process, cannot confirm and verify the credibility of the operation and the validity and credibility of the data used in the operation process, cannot guarantee that the effective data expected by a data user is really used in the operation process, and only can unconditionally trust a service provider.
The information security method and system based on the data access process in the high-trust environment, which are proposed by the applicant before, are the application number: CN113282946B ] also proposes a solution to this technical problem, namely, to perform hardware-level high-confidence signature on the operation state and the used data in the operation process. If the data user suspects that the data owner provides wrong data in the calculation process, the signature can be verified by using the public key of the data user, the hash value of the data actually used in the calculation process is confirmed, then the hash value and the corresponding data signature of the data owner are sent to a third party auditing and arbitration mechanism, the third party arbitration mechanism verifies the validity of the hash value based on the public key of the data owner submitted by the data owner in advance, the fact that the hash value is signed by the data owner in a legal manner is determined, then the third party arbitration mechanism requires the data owner to submit the used data in the calculation process, calculates the hash value of the submitted data, verifies whether the hash value is the same as the hash value of the data, and finally judges whether the data provided corresponding to the hash value is valid and legal data. The data use party can verify and trace the validity of the actual use data on the premise of not contacting the data.
Although the above solution proposes a solution, the above solution has certain limitations, such as: 1. the scheme needs to send data to a third party, and cannot be applied to a scene that the data cannot be sent out locally; 2. the verification object of the scheme is the whole use data, a large amount of data is needed in calculation in some scenes, a large amount of time is needed for verifying the data, the problem of low flexibility exists, the verification process is complex, and the excessive delay of calculation can be caused by the simultaneous operation of verification and calculation.
Disclosure of Invention
The invention aims to solve the problems and provides a data source credibility verification method in a scene of calculating the movement direction to a data end under a high credibility environment.
In order to achieve the purpose, the invention adopts the following technical scheme:
a data source credibility verification method in a scene of computing movement to a data end under a high credibility environment comprises the following steps:
s1, loading corresponding computing application and a detection algorithm in a trusted execution environment according to a request of a data user, and receiving a signature private key of the data user based on a secure encrypted connection between the data user and the trusted execution environment;
s2, reading source data by computing application, and performing operation processing based on the read source data;
detecting source data read by the computing application in a local trusted execution environment by using a detection algorithm;
s3, signing the detection result by using a signature private key and then sending the signed detection result and the calculation result to a data user together or respectively;
s4, the data user verifies the signature, if the signature passes the verification, the detection result is legal, otherwise, the signature is illegal;
and S5, after the detection result is confirmed to be legal, the data user confirms whether the source data used by the calculation application is in compliance or not according to the detection result.
In the above method for verifying the trustworthiness of the data source in the scenario of computing the data side under the high-trustworthiness environment, step S1 includes:
s11, loading a detection algorithm in a trusted execution environment, performing hash measurement on memory data loaded with the detection algorithm to generate a measurement value, signing the measurement value by chip hardware, and sending the signed measurement value to a data user;
s12, the data user verifies the measured value signature based on the remote authentication process and verifies whether the detection algorithm is in compliance;
and S13, after the remote verification is successful, the data user establishes encryption safe connection with the trusted execution environment of the data owner, and sends the signature private key of the data user to the trusted execution environment through the safe encryption connection.
The computing application may be an application located locally at the data owner, or may be a computing application sent to the data owner by the data user, which is not limited herein.
The detection algorithm may be sent to the data owner for the data consumer, or may be sent to the data owner by a third party authorized by the data consumer.
The calculation result may be directly sent to the data user, or the calculation result may be sent to the data user after being processed by signing, encrypting, and the like, for example, the processing may be performed in a manner used by a comparison file mentioned in the background art.
In the above trusted verification method for the data source in the scenario of computing and moving to the data end under the high-trust environment, in step S13 or S1, the data using party sends the signature public key to the trusted execution environment, so that the data owning party verifies the signed detection result.
In the above method for verifying the trustworthiness of the data source in the scenario of computing and moving to the data end under the high-trustworthiness environment, in step S13, the data user sends the encryption key to the trusted execution environment at the same time;
in step S3, the detection result is encrypted by using the encryption key, then signed by using the signature private key, and sent to the data user together with or separately from the calculation result;
in step S4, the data user verifies the signature, and if the verification is passed, the data user further decrypts the signature with the encryption key to obtain a detection result.
In the above method for verifying the credibility of the data source in the scenario of calculation and movement to the data side under the high-credibility environment, in step S3, a hash value of the detection result is calculated in the credible execution environment, and the hash value is signed by using a signature private key and then sent to the data user together with or separately from the calculation result;
in step S4, the data user verifies the signature, and requests the corresponding detection result to the data owner after the verification is passed, the data owner sends the corresponding detection result to the data user, the data user calculates the hash value of the detection result sent by the data owner, and verifies whether the hash value is consistent with the hash value obtained by verifying the signature, if yes, the detection result is considered to be legal;
alternatively, in step S3, the detection result may be directly transmitted to the data consumer together with the calculation result.
In the data source credibility verification method in the scenario of computing and moving to the data end under the high-credibility environment, the detection rule of the detection algorithm is determined by the data user or by negotiation between the data user and the data owner.
In the above data source trusted verification method in the scenario of computing and moving to the data side under the high-trust environment, the detection algorithm is sent by the data consumer to the trusted execution environment of the data owner to be executed, or the detection algorithm at the data owner is specified by the data consumer to be executed in the trusted execution environment.
In the data source credibility verification method in the scenario of calculating and moving to the data end under the high credibility environment, the detection rule includes an extraction mode of source data read by calculation application, a sampling frequency, an analysis mode of sampled data and a relation between an analysis result and a credibility percentage;
and in step S3, the detection result is a reliability percentage report for the sampled data;
in step S4, if the reliability of the reliability report obtained by the data consumer is higher than the set threshold, the source data is considered to be compliant, otherwise, the source data is not compliant.
In the data source credibility verification method in the scenario of calculating and moving to the data end under the high credibility environment, the analysis mode of the detection algorithm on the sampling data includes whether the sampled data meets the preset condition or not, or whether the content of the sampled data, the type of the sampled data and the format of the sampled data meet the expectation or not.
In the above method for verifying the trustworthiness of a data source in a scenario of computing a move-to-data end under a high-trust environment, step S3 is preceded by:
and the data owner judges the file size of the detection report, and if the file size is larger than the set value of the file, the data owner does not allow the transmission.
The invention has the advantages that:
1. according to the scheme, a detection algorithm automatically performs safe and reliable spot check on whether data (which can be in data format, content, type and the like) used in the calculation process accords with expectations for a data user, high-reliability data reliability detection can be performed on the remote data user on the premise that the data user cannot trust and the data user cannot go out of the local of the data user, and the dilemma that the current data user cannot go out of the local requirement and the legality of the data used by the data user for credibility verification calculation cannot be met at the same time is effectively solved;
2. the detection mode is not limited to source data content, and can detect data in various forms such as data type and data format, so that the method has higher flexibility, has higher detection efficiency relative to the detection of the data content, occupies less memory space, avoids causing too much interference to calculation, and reduces the calculation rate.
Drawings
FIG. 1 is a flowchart of a first embodiment of a method for verifying the trustworthiness of a data source in a scenario of computing migration to a data end in a high-trustworthiness environment;
FIG. 2 is a flowchart of a second embodiment of a method for verifying the trustworthiness of a data source in a scenario of computing migration to a data end in a high-trustworthiness environment;
fig. 3 is a flowchart of a third method of verifying the trustworthiness of a data source in a scenario of computing a data side in a high-trustworthiness environment.
Detailed Description
The scheme is further explained by combining the attached drawings:
example one
The data source credibility verification method in the scene that the calculation moves to the data end under the high credibility environment mainly comprises the steps that when the calculation is carried out on a data user, a detection algorithm provided or appointed by the data user samples and detects data used by the calculation application in the credible execution environment of a data owner, and sends a detection result to the data user after being encrypted and signed, so that the data can be prevented from being locally generated, the data user can verify the credibility of the data used by the calculation in a personalized and credible mode, the situation that the data user is completely passive is turned, and the benign operation of the whole data market is guaranteed. As shown in fig. 1, the method specifically comprises the following steps:
1) a data user generates a symmetric encryption key K and a pair of signature keys (a signature public key K _ pub and a signature private key K _ pri); the public key K _ pub may be passed to the data owner.
2) Enabling a corresponding computing application and a detection algorithm in the trusted execution environment by the data owner according to the request of the data user; the detection algorithm may be integrated into the computing application or may exist independently. The computing application can exist in the data owner, the data user specifies the corresponding computing application to be loaded and operated in the trusted execution environment, and the data user can also send the computing application to the trusted execution environment of the data owner to be loaded and operated; similarly, the detection algorithm may be stored in the data owner, and the detection algorithm is specified by the data consumer to be loaded and run in the trusted execution environment, or may be sent by the data consumer to the trusted execution environment of the data owner to be loaded and run.
3) Remote authentication procedures to perform chip level privacy computation (e.g., Remote authentication based on Intel SGX technology): the method comprises the steps of loading computing application and a detection algorithm in a trusted execution environment, carrying out Hash measurement on memory data of loaded data to generate a measured value, directly signing the measured value by chip hardware, sending the signed measured value to a data user, and sending the signed measured value in an Intel SGX Quote form.
Two cases where the detection algorithm is independent or integrated in the computing application are discussed separately:
if the detection algorithm is integrated in the computing application, the computing application is operated in a trusted execution environment and hash measurement is carried out on memory data loaded with the computing application to generate a measured value, and a data user verifies a measured value signature and verifies whether the computing application is in compliance based on a remote authentication process (at this time, the detection algorithm is verified at the same time because the computing application is integrated with the detection algorithm).
If the detection algorithm exists independently, the calculation application and the detection algorithm are loaded respectively, hash measurement is carried out respectively to generate hash measurement values, and a data user verifies the signature of the measurement values respectively and verifies whether the calculation application and the detection algorithm are in compliance or not respectively based on a remote authentication process.
For example, the IAS based on Intel SGX is Intel Attestation Service or Intel DCAP is Extensions data Attestation Primitatives to verify the validity of hardware, then the hash measurement value is compared, and the detection algorithm and the calculation application are verified whether to be on the white list of the user terminal or not, or whether to be authorized to run by the user terminal.
4) Successful Remote authentication verification indicates that the trusted execution environment of the data owner runs the computing applications and detection algorithms that are required and authenticated by the data consumer, who then establishes a cryptographically secure connection (e.g., an Intel SGX-based RA-TLS: Remote authentication TLS connection) with the trusted execution environment of the data owner.
5) The data using party sends the symmetric encryption key K and the signature private key K _ pri to the trusted execution environment of the data owning party through the secure encryption connection.
6) The computing application reads the source data D and performs arithmetic processing based on the read source data. And the detection algorithm which is also operated in the trusted execution environment locally detects the source data D used by the calculation application according to the detection rule to obtain a detection result R, encrypts the detection result R by using a symmetric encryption key K to obtain an Enc _ R, signs the encrypted value Enc _ R based on a signature private key K _ pri to obtain a signature _ R, and then sends the signature result Sig _ R and the calculation result to the data user together, or sends the signature result Sig _ R and the calculation result to the data user independently at any time according to the requirement of the data user.
7) The data owner can verify Sig _ R based on the public signature key K _ pub to prove that the data owner is indeed signed by the private signature key K _ pri corresponding to the data consumer.
8) And the data user receives the signature result Sig _ R, verifies the signature result Sig _ R by using the corresponding signature public key K _ pub, and decrypts the encrypted value Enc _ R by using the encryption secret key K after the verification is successful to obtain a detection result R.
9) After the detection result R is legal through the step 8), the data user confirms whether the source data used by the calculation application is in compliance according to the detection result obtained by the step 8).
Specifically, the detection result R is a reliability percentage quantization value X% obtained by detecting the source data D according to the detection rule. In step 9), if the percentage of credibility value X% obtained by the data user is higher than a set threshold, the source data is considered to be in compliance, otherwise, the source data is not in compliance.
Specifically, the detection rule is determined by the data consumer or by negotiation between the data consumer and the data owner. In the embodiment, the former is taken as an example, and meanwhile, the detection algorithm is sent to the data owner by the data user, the data user sends the detection algorithm containing the detection rule required by the data user to the trusted execution environment, the detection algorithm detects the source data used by the computing application in the trusted execution environment according to the detection rule, and an X% detection result is given.
The detection rules include the decimation of the source data read by the computing application, the sampling frequency, the analysis of the sampled data, and the relationship between the analysis results and the confidence percentage. Taking the real-time detection of the real-time source data stream as an example, the sampling frequency may be sample data whose duration is a set duration extracted once every certain period of time, and the extraction mode may be all source data or part of source data in the current sampling period (for example, some rows and some columns are randomly extracted). The relationship between the analysis results and the reliability percentages for the various analysis modes is likewise determined by the particular detection algorithm, i.e. by the data consumer.
The analysis mode of the detection algorithm on the sampled data can be whether the sampled data meets a preset condition, or whether the content of the sampled data, the type of the sampled data, the format of the sampled data meets an expectation, or the like.
Whether the sampled data meets the preset condition: for example, the preset condition is that the numerical values in the payroll are all greater than 1 ten thousand, the preset condition is embedded into the detection algorithm, in the detection process, the payroll is found, whether the payroll satisfies all of the conditions greater than 1 ten thousand is judged, the final X% is given according to the relation between the judgment result and the analysis result of the detection rule and the reliability percentage, for example, all of the conditions satisfy all of the conditions greater than 1 ten thousand, and the given detection result is 100% or 99%.
Whether the sampled data type is expected: for example, in the set type, the header of the source data should be age, gender, and occupation, the age corresponding column should be numbers, the gender corresponding column should be "male" or "female", the occupation corresponding column should be a certain occupation, the set type is embedded with a detection algorithm, the header of the sampled data is compared with the set type, and the data type of each column is determined, the comparison result is an analysis result, and the final X% is given according to the comparison result and the relationship between the analysis result of the detection rule and the reliability percentage.
Whether the sampled data content meets expectations: for example, the detection algorithm embeds expected data content, the sampled data content is compared with the expected data content, the comparison coincidence degree is an analysis result, and the final X% is given according to the relation between the comparison result, the analysis result of the detection rule and the reliability percentage. Such as randomly spot-checking the corresponding row information of a particular column or a particular primary key in a database.
The data formats are similar and are not described in detail herein. The specific analysis mode is determined by a data user according to needs and embedded into the detection algorithm, and then the detection algorithm is sent to a trusted execution environment, or the detection algorithm with the required analysis mode is specified. The detection algorithm can have one analysis mode or a plurality of analysis modes, and the analysis results of the plurality of analysis modes can be weighted to give the final X%.
The scheme enables the detection algorithm to automatically and safely and trustfully check whether the data (which can be data format, content, type and the like) used in the calculation process accords with the expectation for the data user. The detection algorithm is specified or sent by a data user, hash value measurement and signature verification are carried out on the running memory of the detection algorithm in the trusted execution environment through the step 3), the detection algorithm has absolute reliability, and the detection result of the detection algorithm is signed by the signature private key of the data user in the trusted execution environment, cannot be changed by the data owner and also has absolute reliability. Therefore, the data using party can realize the credibility detection of the calculation use data by sending a detection algorithm to the data owning party and carrying out signature by the signature private key, can realize the credibility detection of the highly credible data on the premise that the data cannot go out of the local, and effectively solves the problem that the current data cannot go out of the local requirement and the legality of the data used by the data using party for credibility verification calculation cannot be simultaneously met.
Example two
As shown in fig. 2, this embodiment is similar to the embodiment, and is different in that the detection result of this embodiment is encrypted without using an encryption key K, and the detection result is signed and sent to the data user directly using a signature private key K _ pri.
EXAMPLE III
As shown in fig. 3, this embodiment is similar to the second embodiment, except that this embodiment calculates a hash value H _ R of the detection result R in the trusted execution environment, signs the hash value H _ R with a private signature key K _ pri to obtain Sig _ HR, and then sends the hash value H _ R, Sig _ HR to the data consumer.
The data consumer verifies the validity of H _ R based on the corresponding public signature key and signature Sig _ HR and, after verification is passed, requests the corresponding detection result R to the data owner, who therefore sends the corresponding detection result R to the data consumer, preferably via another connection channel. And the data using party calculates the hash value H _ R2 of the detection result R sent by the data owning party, verifies whether the hash value H _ R2 is consistent with the hash value H _ R obtained by signature verification, and if so, considers that the detection result R is legal.
Example four
The present embodiment is similar to the embodiment, except that the present embodiment further includes, before step S3:
and the data owner judges the file size of the detection report, and if the file size is larger than the set value of the file, the data owner does not allow the transmission. Since the detection result is returned to the data user in the form of an X% report, the size of the reported file is limited, and if the file exceeds a set value, it indicates that the file may contain private data. The file size is judged, the detection report that the file exceeds the set value is prevented from being transmitted, the safety of the private data can be absolutely guaranteed, and the private data is prevented from being transmitted out of the local place in the form of the detection report. The data owner does not need to verify the detection algorithm provided by the data user, and if the data user does not need to provide a source code of the monitoring algorithm and verify whether the application has the purpose of stealing data, the data owner can effectively avoid the data user from stealing the data source by receiving the detection report, so that the data owner has the advantage of simple detection mode and can ensure the safety of the source data.
The specific embodiments described herein are merely illustrative of the spirit of the invention. Various modifications or additions may be made to the described embodiments or alternatives may be employed by those skilled in the art without departing from the spirit or ambit of the invention as defined in the appended claims.
Although terms such as data consumer, data owner, computing application, detection algorithm, encryption key, private signature key, public signature key, etc. are used more often herein, the possibility of using other terms is not excluded. These terms are used merely to more conveniently describe and explain the nature of the present invention; they are to be construed as being without limitation to any additional limitations that may be imposed by the spirit of the present invention.
Claims (10)
1. A data source credibility verification method in a scene of computing to move to a data end under a high credibility environment is characterized by comprising the following steps:
s1, loading corresponding computing application and a detection algorithm in a trusted execution environment according to a request of a data user, and receiving a signature private key of the data user based on a secure encrypted connection between the data user and the trusted execution environment;
s2, reading source data by computing application, and performing operation processing based on the read source data;
detecting source data read by the computing application in a local trusted execution environment by using a detection algorithm;
s3, signing the detection result by using a signature private key and then sending the signed detection result and the calculation result to a data user together or respectively;
s4, the data user verifies the signature, if the signature passes the verification, the detection result is legal, otherwise, the signature is illegal;
and S5, after the detection result is confirmed to be legal, the data user confirms whether the source data used by the calculation application is in compliance or not according to the detection result.
2. The method for verifying the trustworthiness of a data source in a scenario of computing a move-to-data end under high-trust environment as claimed in claim 1, wherein step S1 comprises:
s11, loading a detection algorithm in a trusted execution environment, performing hash measurement on memory data loaded with the detection algorithm to generate a measurement value, signing the measurement value by chip hardware, and sending the signed measurement value to a data user;
s12, the data user verifies the measured value signature based on the remote authentication process and verifies whether the detection algorithm is in compliance;
and S13, after the remote verification is successful, the data user establishes encryption safe connection with the trusted execution environment of the data owner, and the signature private key is sent to the trusted execution environment through the safe encryption connection.
3. The method for verifying the credibility of the data source in the scenario that the computation moves to the data side under the high-credibility environment as claimed in claim 2, wherein in step S13 or S1, the data user sends the signature public key to the credible execution environment, so that the data owner can verify the signed detection result.
4. The data source credibility verification method in the scenario of moving computing to a data end under high-credibility environment according to claim 2, wherein in step S13, the data user simultaneously sends the encryption key to the credible execution environment;
in step S3, the detection result is encrypted by using the encryption key, then signed by using the signature private key, and sent to the data user together with or separately from the calculation result;
in step S4, the data user verifies the signature, and if the verification is passed, the data user further decrypts the signature with the encryption key to obtain a detection result.
5. The method for verifying the trustworthiness of a data source in a scenario of computing a move to a data end under a high-trustworthy environment according to claim 2, wherein in step S3, a hash value of the detection result is computed in the trusted execution environment, and the hash value is signed by using a private signature key and then sent to the data user together with or separately from the computation result;
in step S4, the data user verifies the signature, and requests the data owner for a corresponding detection result after the verification is passed, the data owner accordingly sends the corresponding detection result to the data user, the data user calculates a hash value of the detection result sent by the data owner, and verifies whether the hash value is consistent with the hash value obtained by the signature verification, and if so, the detection result is considered to be legal.
6. The method for verifying the trustworthiness of a data source in a scenario of computing moving to a data end under high trust environment of claim 2, wherein the detection rule of the detection algorithm is determined by a data user or by negotiation between the data user and a data owner.
7. The method for verifying the trustworthiness of a data source in a scenario of computing a move to a data side under high trust environment as claimed in claim 6, wherein the detection algorithm is executed by a trusted execution environment that the data consumer sends to the data owner, or the detection algorithm at the data owner is specified by the data consumer to be executed in the trusted execution environment.
8. The method for verifying the credibility of the data source in the scenario that the computation moves to the data end under the high-credibility environment as claimed in claim 7, wherein the detection rules include extraction manner of the source data read by the computation application, sampling frequency, analysis manner of the sampled data, and relationship between the analysis result and the credibility percentage;
and in step S3, the detection result is a reliability percentage report for the sampled data;
in step S4, if the reliability of the reliability report obtained by the data consumer is higher than the set threshold, the source data is considered to be compliant, otherwise, the source data is not compliant.
9. The method for verifying the credibility of the data source in the scenario of computing moving to the data end under the high-credibility environment as claimed in claim 8, wherein the analysis manner of the detection algorithm on the sampled data includes whether the sampled data meets a preset condition, or whether the content of the sampled data, the type of the sampled data, and the format of the sampled data meet expectations.
10. The method for verifying the trustworthiness of a data source in a scenario of computing a move to a data end under high trust environment of claim 9, wherein step S3 is preceded by:
and the data owner judges the file size of the detection report, and if the file size is larger than the set value of the file, the data owner does not allow the transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111529683.6A CN114201748B (en) | 2021-12-14 | 2021-12-14 | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111529683.6A CN114201748B (en) | 2021-12-14 | 2021-12-14 | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114201748A true CN114201748A (en) | 2022-03-18 |
| CN114201748B CN114201748B (en) | 2024-02-06 |
Family
ID=80653686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111529683.6A Active CN114201748B (en) | 2021-12-14 | 2021-12-14 | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114201748B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884714A (en) * | 2022-04-26 | 2022-08-09 | 北京百度网讯科技有限公司 | Task processing method, device, equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110264917A1 (en) * | 2008-10-22 | 2011-10-27 | Paycool International Ltd. | Method for two step digital signature |
| WO2021073170A1 (en) * | 2019-10-18 | 2021-04-22 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for data provision and fusion |
| CN113282946A (en) * | 2021-07-20 | 2021-08-20 | 南湖实验室 | Information security method and system based on data access process in high-reliability environment |
| WO2021190452A1 (en) * | 2020-03-23 | 2021-09-30 | 齐鲁工业大学 | Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things |
| CN113569266A (en) * | 2021-09-22 | 2021-10-29 | 南湖实验室 | Host remote monitoring method based on chip level privacy calculation |
-
2021
- 2021-12-14 CN CN202111529683.6A patent/CN114201748B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110264917A1 (en) * | 2008-10-22 | 2011-10-27 | Paycool International Ltd. | Method for two step digital signature |
| WO2021073170A1 (en) * | 2019-10-18 | 2021-04-22 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for data provision and fusion |
| WO2021190452A1 (en) * | 2020-03-23 | 2021-09-30 | 齐鲁工业大学 | Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things |
| CN113282946A (en) * | 2021-07-20 | 2021-08-20 | 南湖实验室 | Information security method and system based on data access process in high-reliability environment |
| CN113569266A (en) * | 2021-09-22 | 2021-10-29 | 南湖实验室 | Host remote monitoring method based on chip level privacy calculation |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884714A (en) * | 2022-04-26 | 2022-08-09 | 北京百度网讯科技有限公司 | Task processing method, device, equipment and storage medium |
| CN114884714B (en) * | 2022-04-26 | 2024-03-26 | 北京百度网讯科技有限公司 | Task processing method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114201748B (en) | 2024-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181928B (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
| US20080083039A1 (en) | Method for integrity attestation of a computing platform hiding its configuration information | |
| US11228438B2 (en) | Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN108322416B (en) | Security authentication implementation method, device and system | |
| CN109981680B (en) | Access control implementation method and device, computer equipment and storage medium | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN111800378A (en) | Login authentication method, device, system and storage medium | |
| CN110737905B (en) | Data authorization method, data authorization device and computer storage medium | |
| CN106656955A (en) | Communication method and system and user terminal | |
| CN114201748B (en) | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment | |
| CN111249740A (en) | Resource data access method and system | |
| CN115549930B (en) | Verification method for logging in operating system | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN116707983A (en) | Authorization authentication method and device, access authentication method and device, equipment and medium | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| KR101868564B1 (en) | Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same | |
| CN114024682A (en) | Cross-domain single sign-on method, service equipment and authentication equipment | |
| CN112822217A (en) | Server access method, device, equipment and storage medium | |
| KR20170111809A (en) | Bidirectional authentication method using security token based on symmetric key | |
| CN112733166A (en) | license authentication and authorization function realization method and system | |
| CN112784249A (en) | Method, system, processor and computer readable storage medium for implementing mobile terminal authentication processing under non-identification condition | |
| CN111382420A (en) | Data transaction method, device, system, electronic equipment and readable storage medium | |
| CN114640524B (en) | Method, apparatus, device and medium for processing transaction replay attack | |
| CN115952518B (en) | Data request method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |