CN114448648A - Sensitive credential management method and system based on RPA - Google Patents

Sensitive credential management method and system based on RPA Download PDF

Info

Publication number
CN114448648A
CN114448648A CN202210360858.3A CN202210360858A CN114448648A CN 114448648 A CN114448648 A CN 114448648A CN 202210360858 A CN202210360858 A CN 202210360858A CN 114448648 A CN114448648 A CN 114448648A
Authority
CN
China
Prior art keywords
execution environment
trusted execution
information
sensitive
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210360858.3A
Other languages
Chinese (zh)
Other versions
CN114448648B (en
Inventor
邢炬
左磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianju Dihe Suzhou Technology Co ltd
Original Assignee
Tianju Dihe Suzhou Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianju Dihe Suzhou Technology Co ltd filed Critical Tianju Dihe Suzhou Technology Co ltd
Priority to CN202210360858.3A priority Critical patent/CN114448648B/en
Publication of CN114448648A publication Critical patent/CN114448648A/en
Application granted granted Critical
Publication of CN114448648B publication Critical patent/CN114448648B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Abstract

The application discloses a sensitive credential management method and system based on RPA, belonging to the technical field of computers. The method comprises the following steps: the controller authenticates a trusted execution environment in the service host; after the authentication is passed, the trusted execution environment generates a mapping relation and a verification rule, wherein the mapping relation comprises caller information and sensitive credentials, the verification rule comprises a verification condition and a behavior, and the verification condition comprises current caller information of an application which is applied for calling currently, precursor caller information of an application which is applied for calling last time and a time period; receiving a calling request sent by an RPA component, wherein the calling request carries current calling party information; and acquiring the current time and the precursor caller information, matching the current caller information, the precursor caller information and the current time with a check rule, and calling and managing the sensitive credential according to the matched behavior. The method and the device reduce the risk of the sensitive credential being leaked, and provide constraint and controllability for the calling of the sensitive credential.

Description

Sensitive credential management method and system based on RPA
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and a system for managing sensitive credentials based on an RPA.
Background
With the proposal of 'digital China', the digital means plays an important role in the quality improvement and efficiency improvement of production and life. The RPA (robot Process Automation) technology which is popular in recent years can replace manpower in repeated and normalized digital activities, and the cost is remarkably reduced.
However, the RPA technology has some problems in process security, and especially in some scenarios where an automated program is used to execute sensitive credentials, the RPA component can generally directly acquire and operate the sensitive credentials, which brings a security risk to the development of critical services (such as payment).
Disclosure of Invention
The application provides a sensitive credential management method and system based on RPA, which are used for solving the problem that the RPA component can directly acquire and operate the sensitive credential, so that potential safety hazard exists in the business. The technical scheme is as follows:
in one aspect, a RPA-based sensitive credential management method is provided, for use in a sensitive credential management system including a controller and a plurality of traffic hosts, the method including:
the controller authenticates a trusted execution environment in the service host;
after the authentication is passed, the trusted execution environment generates a mapping relation and a verification rule, wherein the mapping relation comprises caller information and sensitive credentials, the verification rule comprises a verification condition and a behavior, and the verification condition comprises current caller information of an application which is currently applied for calling, precursor caller information of the application which is applied for calling at the previous time and a time period;
the trusted execution environment receives a calling request sent by a Robot Process Automation (RPA) component, wherein the calling request carries the current caller information;
and the trusted execution environment acquires the current time and the information of the precursor caller, matches the current caller information, the information of the precursor caller and the current time with the verification rule, and calls and manages the sensitive credential according to the matched behavior.
In one possible implementation, when an interface management module is included in the trusted execution environment, the method further includes: the trusted execution environment collects the characteristics of the control corresponding to each sensitive credential and adds the abstract of the characteristics to the interface management module;
when the behavior is allowed to be called, the calling management of the sensitive credential according to the matched behavior comprises: and the trusted execution environment searches for the sensitive credential corresponding to the current caller information from the mapping relation, and controls the interface management module to output the sensitive credential to the corresponding control based on the characteristics.
In one possible implementation, when the control is a desktop control class, the feature is a selected attribute identifier; and when the control is a webpage control class, the characteristic is a selected webpage DOM tree subtree.
In a possible implementation manner, when the trusted execution environment includes an interface management module and the behavior is to allow calling, the performing call management on the sensitive credential according to the matched behavior includes:
the trusted execution environment encrypts the sensitive credential to obtain a first ciphertext;
and the trusted execution environment sends the first ciphertext to an interface of an application which is currently applied for calling through the interface management module, and the application is used for decrypting the first ciphertext to obtain the sensitive credential.
In a possible implementation manner, when the caller information includes identity information and the behavior is to change the identity information, the invoking management of the sensitive credential according to the matched behavior includes:
the trusted execution environment replaces the identity information in the current caller information with corresponding target identity information;
and the trusted execution environment matches the replaced current caller information, the precursor caller information and the current time with the verification rule, and calls and manages the sensitive credential according to the matched behavior.
In a possible implementation manner, when the behavior is call prohibition, the performing call management on the sensitive credential according to the matched behavior includes:
and the trusted execution environment sends the generated alarm information to the controller.
In one possible implementation, the method further includes: the controller generates a public key and a private key corresponding to the service host, and sends the private key to a trusted execution environment in the service host; the trusted execution environment stores the private key;
the trusted execution environment in the service host generates a mapping relationship, including: the trusted execution environment receives a second ciphertext, wherein the second ciphertext is obtained by encrypting caller information and sensitive credential by a credential provider by using the public key; and decrypting the second ciphertext by using the private key, and generating a mapping relation between the caller information and the sensitive credential obtained after decryption.
In one possible implementation, after the call management of the sensitive credential according to the behavior, the method further includes:
the trusted execution environment generates calling information of each sensitive credential and sends the calling information to the controller, wherein the calling information comprises calling time, identity information and application information;
and the controller collects and analyzes the calling information sent by each service host according to the calling time.
In one possible implementation, the caller information includes identity information, application information, and destination information.
In one aspect, a RPA-based sensitive credential management system is provided, where the sensitive credential management system includes a controller and a plurality of service hosts;
the controller is used for authenticating a trusted execution environment in the service host;
after the authentication is passed, the trusted execution environment is used for generating a mapping relation and a verification rule, wherein the mapping relation comprises caller information and sensitive credentials, the verification rule comprises a verification condition and a behavior, and the verification condition comprises current caller information of an application which is currently applied for calling, precursor caller information of an application which is applied for calling at the previous time and a time period;
the trusted execution environment is also used for receiving a calling request sent by a robot process automation RPA component, wherein the calling request carries the information of the current calling party;
the trusted execution environment is further configured to obtain current time and the predecessor caller information, match the current caller information, the predecessor caller information, and the current time with the verification rule, and call and manage the sensitive credential according to a matched behavior.
The technical scheme provided by the application has the beneficial effects that:
generating a mapping relation and a check rule containing caller information and sensitive credentials through a trusted execution environment, wherein the check rule contains a check condition and a behavior, and the check condition comprises current caller information of an application which is applied for calling currently, precursor caller information of an application which is applied for calling last time and a time period; when receiving a call request carrying current caller information sent by an RPA component, the trusted execution environment can acquire current time and predecessor caller information, match the current caller information, the predecessor caller information and the current time with a check rule, and call and manage the sensitive credential according to the matched behavior. Because the sensitive credential is stored in the trusted execution environment, the sensitive credential can be locally managed by means of the trusted execution environment, so that the single-point security risk is reduced, the RPA establishment is decoupled from the management of the sensitive credential, the risk of the sensitive credential being leaked is reduced, and the security and the flexibility are improved. In addition, the calling behavior of the sensitive credential is verified and determined through the verification rule in the business host, so that restriction and controllability are provided for calling the sensitive credential, the detection capability of calling the sensitive credential in compliance is improved, and the orderly calling of the sensitive credential is promoted.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a block diagram illustrating a sensitive credential management system in accordance with some exemplary embodiments;
fig. 2 is a flowchart of a method for managing RPA-based sensitive credentials according to an embodiment of the present application;
fig. 3 is a flowchart of a method for RPA-based sensitive credential management according to another embodiment of the present application;
fig. 4 is a schematic diagram illustrating a storage structure of a sensitive credential according to another embodiment of the present application;
FIG. 5 is a schematic diagram of a verification rule provided by another embodiment of the present application;
FIG. 6 is a schematic diagram illustrating usage of a sensitive credential provided in a further embodiment of the present application;
fig. 7 is a block diagram of a sensitive credential management system according to yet another embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present application more clear, the embodiments of the present application will be further described in detail with reference to the accompanying drawings.
The trusted execution environment technology is a trusted application operation environment which is built in an unsafe operating system or application operation by means of instruction support of a computing chip, and can effectively guarantee storage and use of confidential information. Often different trusted execution environment technologies exist under different chip architectures. Such as ARM (Advanced RISC Machines), TrustZone, Intel (Intel) SGX (Software Guard Extensions), RISC-V (reduced instruction set principle based open source instruction set architecture) Keystone, etc. The invention constructs a sensitive credential management system suitable for RPA (robot Process Automation) based on a trusted execution environment.
The sensitive credential management system in this embodiment includes a controller 110 and a plurality of service hosts 120, each service host 120 is connected to the controller 110, and the structure of each service host 120 may be the same, as shown in fig. 1.
The service host 120 includes a trusted execution environment, a control corresponding to an application, N RPA components, and an RPA scheduler. The trusted execution environment comprises a key management module, an interface management module, a credential storage module and a credential use rule verification module, the credential use rule verification module is connected with the N RPA components, and the interface management module is connected with the corresponding control of the application.
The key management module is used for managing a private key issued by the controller so as to decrypt the encrypted sensitive credential by using the private key when receiving the encrypted sensitive credential sent by the credential provider, thereby obtaining the plaintext sensitive credential. The credential storage module is used for storing the decrypted sensitive credential.
The RPA scheduler is used for scheduling the RPA component to send the call request to the trusted execution environment. The credential usage rule checking module is configured to check the call request to determine whether the sensitive credential is allowed to be used. When the sensitive credential is allowed to be used, the interface management module is used for managing the use of the sensitive credential so as to send the sensitive credential to the corresponding control of the application.
The controller 110 includes a key distribution management module for issuing a private key to each of the service hosts 120 and a cross-host credential use association module for summarizing and tracking the use of sensitive credentials in each of the service hosts 120.
The sensitive credential in this embodiment includes, but is not limited to, an account, a password, an electronic signature, an electronic fingerprint, and other information entities commonly used for identity authentication.
Referring to fig. 2, a flowchart of a method for managing RPA-based sensitive credentials provided in an embodiment of the present application is shown, where the method for managing RPA-based sensitive credentials can be applied to the sensitive credentials management system shown in fig. 1. The RPA-based sensitive credential management method may include:
step 201, the controller authenticates the trusted execution environment in the service host.
And a key distribution management module in the controller performs identity authentication of the trusted execution environment through a remote authentication function of the trusted execution environment in each service host.
Step 202, after the authentication is passed, the trusted execution environment generates a mapping relationship and a verification rule, the mapping relationship includes caller information and sensitive credentials, the verification rule includes a verification condition and a behavior, and the verification condition includes current caller information of an application currently applied for calling, previous caller information of the application previously applied for calling, and a time period.
After the authentication is passed, various sensitive credentials can be added to the trusted execution environment for hosting, and the trusted execution environment mainly includes two types, the first type is to register the sensitive credentials, and the second type is to register the verification rule.
Upon registering the sensitive credential, the credential provider may add the caller information and the sensitive credential to the trusted execution environment, which generates the mapping relationship.
When registering the check rule, the administrator may establish the check rule in a check condition and behavior manner, add the check rule to the trusted execution environment, and the trusted execution environment generates the check rule.
Step 203, the trusted execution environment receives a call request sent by the RPA component, where the call request carries information of a current caller.
The RPA component may send a call request to the trusted execution environment, as scheduled by the RPA scheduler, which the trusted execution environment receives.
And 204, the trusted execution environment acquires the current time and the precursor caller information, matches the current caller information, the precursor caller information and the current time with a check rule, and calls and manages the sensitive credential according to the matched behavior.
When the trusted execution environment contains the history call record, the trusted execution environment can acquire predecessor calling party information of the application calling the sensitive credential at the previous time from the history call record, acquire the current time from the third-party timing unit, compare the current calling party information, the predecessor calling party information and the current time with the verification condition to match out a corresponding behavior, and finally manage the sensitive credential according to the behavior.
When the trusted execution environment does not contain the historical calling record, the trusted execution environment can acquire the current time from the third-party timing unit, compare the current caller information, the wildcard, the current time with the verification condition to match out a corresponding behavior, and finally manage the sensitive credential according to the behavior.
To sum up, in the sensitive credential management method based on RPA provided in this embodiment of the present application, a mapping relation including caller information and sensitive credential and a verification rule are generated through a trusted execution environment, where the verification rule includes a verification condition and a behavior, and the verification condition includes current caller information of an application that is currently applied for invocation, previous caller information of an application that is applied for invocation at a previous time, and a time period; when receiving a call request carrying current caller information sent by an RPA component, the trusted execution environment can acquire current time and precursor caller information, match the current caller information, the precursor caller information and the current time with a check rule, and call and manage sensitive credentials according to the matched behavior. Because the sensitive credential is stored in the trusted execution environment, the sensitive credential can be locally managed by means of the trusted execution environment, so that the single-point security risk is reduced, the RPA construction is decoupled from the management of the sensitive credential, the risk of the sensitive credential being leaked is reduced, and the security and the flexibility are improved. In addition, the calling behavior of the sensitive credential is verified and determined through the verification rule in the business host, so that restriction and controllability are provided for calling the sensitive credential, the detection capability of calling the sensitive credential in compliance is improved, and the orderly calling of the sensitive credential is promoted.
Referring to fig. 3, a flowchart of a method for managing RPA-based sensitive credentials provided in an embodiment of the present application is shown, where the method for managing RPA-based sensitive credentials can be applied to the sensitive credentials management system shown in fig. 1. The RPA-based sensitive credential management method may include:
in step 301, the controller authenticates the trusted execution environment in the service host.
And a key distribution management module in the controller performs identity authentication of the trusted execution environment through the remote authentication function of the trusted execution environment in each service host.
After the authentication is passed, various types of sensitive credentials can be added to the trusted execution environment for hosting, which mainly includes two types, the first type is to register the sensitive credentials, i.e. to execute step 302 and 304, and the second type is to register the verification rule, i.e. to execute step 305.
Step 302, after the authentication is passed, the controller generates a public key and a private key corresponding to the service host, and sends the private key to the trusted execution environment in the service host.
Upon registering the sensitive credential, the credential provider may add the caller information and the sensitive credential to a trusted execution environment, which generates the mapping relationship.
Specifically, the key distribution management module in the controller exchanges the trusted key of the trusted execution environment through the remote authentication function of the trusted execution environment in each service host. Then, the key distribution management module autonomously generates a public and private key pair, encrypts a private key by a communication secret key and sends the encrypted private key to a trusted execution environment of the service host. The key distribution management module in the controller discloses the public key to the credential provider, and the subsequent credential provider can encrypt the sensitive credential by using the corresponding public key when adding the sensitive credential to the trusted execution environment.
Step 303, the trusted execution environment stores the private key.
A key management module in the trusted execution environment stores the private key.
Step 304, the trusted execution environment receives a second ciphertext, wherein the second ciphertext is obtained by encrypting caller information and sensitive credential by the credential provider by using a public key; and decrypting the second ciphertext by using the private key, and generating a mapping relation between the caller information and the sensitive credential obtained after decryption, wherein the mapping relation comprises the caller information and the sensitive credential.
The caller information in this embodiment includes identity information, application information, and destination information. Wherein, the identity information refers to the identity (such as finance, audit and the like) of the manpower replaced by the RPA; the application information refers to a specific application (such as QQ, online OA, etc.) that currently applies for using the sensitive credential, where the application includes both the host application and the web application; destination information refers to the primary intent to use sensitive credentials (e.g., login, authorization, signing, etc.).
After the trusted execution environment obtains the decrypted caller information and sensitive credential, the triplet (identity information, application information, destination information) may be used as an index of the sensitive credential. As shown in fig. 4, the credential storage module shown in fig. 4 contains an identity list (Identifier), a desktop/web application list (App), a destination (login, authorization) and a sensitive credential.
In order to increase the capacity of managing the sensitive credentials, the credential storage module may encrypt some sensitive credentials in batches according to the occupied memory conditions and then fan out the memory of the trusted execution environment, and replace the sensitive credentials with the indexes of the encrypted sensitive credentials for retrieval. In order to facilitate subsequent fanning of the sensitive credential into the trusted execution environment for decryption, the credential storage module builds a check tree for the index of the fanned-out sensitive credential.
In this embodiment, the credential provider may dynamically update the sensitive credential.
Step 305, the trusted execution environment generates a check rule, where the check rule includes a check condition and a behavior, and the check condition includes current caller information of an application currently applied for calling, predecessor caller information of an application previously applied for calling, and a time period.
When registering the check rule, the administrator may establish the check rule in a check condition and behavior manner, add the check rule to the trusted execution environment, and the trusted execution environment generates the check rule.
In particular, the usage of sensitive credentials by the credential usage rule verification module is verified based on the context, and each verification rule can be divided into a verification condition and a behavior.
The verification conditions include: current identity information, current application information, current purpose, predecessor identity information, predecessor application information, predecessor purpose information, and time period. The precursor identity information, the precursor application information and the precursor destination information refer to related information of calling the sensitive credential in the previous time. In this way, the relevance of sensitive credential usage within a single host may be established through context-based validation rules.
Behaviors are divided into three categories: 1) allowing invocation: determining that the use of the sensitive credential is legal, and informing the credential storage module to provide the sensitive credential for use; 2) change to identity information (change to identifier X): converting the current identity information of the current caller information into specified target identity information, and then performing verification rule matching; 3) And forbidding calling, namely judging that the sensitive credential is illegally used, blocking the application and giving an alarm.
Referring to the two check rules shown in fig. 5, the current identity in the first check rule is Identifier1, the current application is app2, the current purpose is login, the predecessor application is app1, the predecessor identity is x, the predecessor purpose is x, the time is 13:00-17:00, and the behavior is allowed; the current identity in the second check rule is Identifier1, the current application is app2, the current purpose is authorization, the predecessor application is app1, the predecessor identity is x, the predecessor purpose is x, the time is 13:00-17:00, and the behavior is change to Identifier 2.
Step 306, the trusted execution environment receives the call request sent by the RPA component, and the call request carries the information of the current caller.
The RPA component may send a call request to the trusted execution environment under the scheduling of the RPA scheduler, and the trusted execution environment receives the call request, where the call request includes current identity information, current application information, and a current destination.
And 307, the trusted execution environment acquires the current time and the precursor caller information, matches the current caller information, the precursor caller information and the current time with a check rule, and calls and manages the sensitive credential according to the matched behavior.
When the trusted execution environment contains the history call record, the trusted execution environment can acquire predecessor calling party information of the application calling the sensitive credential at the previous time from the history call record, acquire the current time from the third-party timing unit, compare the current calling party information, the predecessor calling party information and the current time with the verification condition to match out a corresponding behavior, and finally manage the sensitive credential according to the behavior. When the trusted execution environment does not contain the historical calling record, the trusted execution environment can acquire the current time from the third-party timing unit, compare the current caller information, the wildcard characters and the current time with the verification conditions to match corresponding behaviors, and finally manage the sensitive credentials according to the behaviors.
In this embodiment, the behavior matched by the trusted execution environment may be to allow invocation, change identity information, or prohibit invocation, and the following describes a call management manner corresponding to each kind of language.
One, behavior is allowed to call
(1) And the interface management module outputs the sensitive credential to the control corresponding to the application.
When the trusted execution environment comprises the interface management module, the trusted execution environment can also collect the characteristics of the control corresponding to each sensitive credential and add the abstract of the characteristics to the interface management module. Specifically, when the control is a desktop control class, the control is characterized by an attribute identifier which is selected by a manager around the control; when the control is a webpage control class, the characteristic is a webpage DOM tree sub-tree autonomously selected by a manager around the control.
When the behavior is allowed to be called, calling management is carried out on the sensitive credential according to the matched behavior, and the method comprises the following steps: the trusted execution environment searches for the sensitive credential corresponding to the current caller information from the mapping relationship, and the control interface management module outputs the sensitive credential to the corresponding control based on the characteristics.
For example, when the sensitive credential includes identification card information and the control is characterized by an input box, the interface management module may output the identification card information to the input box.
(2) The interface management module outputs the sensitive credential to an interface of the application.
When the trusted execution environment comprises an interface management module and the behavior is calling permission, calling management is carried out on the sensitive credential according to the matched behavior, and the method comprises the following steps: the trusted execution environment encrypts the sensitive credential to obtain a first ciphertext; and the trusted execution environment sends the first ciphertext to an interface of the application which is currently applied for calling through the interface management module, and the application is used for decrypting the first ciphertext to obtain the sensitive credential.
In this implementation, a developer needs to develop an application interface in advance, the trusted execution environment may encrypt the sensitive credential by using a cryptography protocol (e.g., stateful encryption, zero-knowledge proof, etc.), output the encrypted first ciphertext to the application interface, and decrypt the first ciphertext by using the cryptography protocol to obtain the sensitive credential.
Secondly, the behavior is to change identity information
When the caller information contains identity information and the behavior is identity information change, calling management is carried out on the sensitive credential according to the matched behavior, and the method comprises the following steps: the trusted execution environment replaces the identity information in the current caller information with corresponding target identity information; and the trusted execution environment matches the replaced current caller information, the replaced precursor caller information and the current time with the verification rule, and calls and manages the sensitive credential according to the matched behavior.
Taking the second check rule in fig. 5 as an example, assuming that the current identity is Identifier1, the current application is app2, the current purpose is login, the predecessor application is app1, the predecessor identity is x, the predecessor purpose is x, and the current time is 14:00, determining that the behavior is change to Identifier2 according to the check rule, then the modification may be made such that the current identity is Identifier2, the current application is app2, the current purpose is login, the predecessor application is app1, the predecessor identity is x, the predecessor purpose is x, and the current time is 14:00, and determining the behavior again according to the check rule.
Thirdly, the behavior is forbidden to call
When the behavior is forbidden to be called, calling management is carried out on the sensitive credential according to the matched behavior, and the method comprises the following steps: the trusted execution environment sends the generated alarm information to the controller.
And 308, the trusted execution environment generates calling information of each sensitive credential and sends the calling information to the controller, wherein the calling information comprises calling time, identity information and application information.
The trusted execution environment may send the call information to the controller after each call is completed, or may send the call information to the controller at predetermined time intervals.
Step 309, the controller collects and analyzes the calling information sent by each service host according to the calling time.
As shown in fig. 6, the controller may summarize each piece of invocation information into a time sequence according to the invocation time for performing relevance analysis, so as to facilitate mining of abnormal situations of sensitive credential usage.
To sum up, in the sensitive credential management method based on RPA provided in this embodiment of the present application, a mapping relation including caller information and sensitive credential and a verification rule are generated through a trusted execution environment, where the verification rule includes a verification condition and a behavior, and the verification condition includes current caller information of an application that is currently applied for invocation, previous caller information of an application that is applied for invocation at a previous time, and a time period; when receiving a call request carrying current caller information sent by an RPA component, the trusted execution environment can acquire current time and precursor caller information, match the current caller information, the precursor caller information and the current time with a check rule, and call and manage sensitive credentials according to the matched behavior. Because the sensitive credential is stored in the trusted execution environment, the sensitive credential can be locally managed by means of the trusted execution environment, so that the single-point security risk is reduced, the RPA establishment is decoupled from the management of the sensitive credential, the risk of the sensitive credential being leaked is reduced, and the security and the flexibility are improved. In addition, the calling behavior of the sensitive credential is verified and determined through the verification rule in the business host, so that restriction and controllability are provided for calling the sensitive credential, the detection capability of calling the sensitive credential in compliance is improved, and the orderly calling of the sensitive credential is promoted.
Referring to fig. 7, a block diagram of a RPA-based sensitive credential management system according to an embodiment of the present application is shown. The sensitive credential management system comprises a controller 710 and a plurality of service hosts 720;
a controller 710 for authenticating a trusted execution environment 721 in a service host 720;
after the authentication is passed, the trusted execution environment 721 is configured to generate a mapping relationship and a verification rule, where the mapping relationship includes caller information and sensitive credentials, the verification rule includes a verification condition and a behavior, and the verification condition includes current caller information of an application currently applied for calling, previous caller information of an application previously applied for calling, and a time period;
the trusted execution environment 721 is further configured to receive an invocation request sent by the RPA component 722, where the invocation request carries information of a current caller;
the trusted execution environment 721 is further configured to obtain current time and predecessor caller information, match the current caller information, predecessor caller information, and current time with the verification rule, and perform call management on the sensitive credential according to the matched behavior.
In an optional embodiment, when the trusted execution environment 721 includes the interface management module, the trusted execution environment 721 is further configured to collect characteristics of the control corresponding to each sensitive credential, and add the summary of the characteristics to the interface management module;
when the behavior is allowed to be called, the trusted execution environment 721 is further configured to search for a sensitive credential corresponding to the current caller information from the mapping relationship, and the control interface management module outputs the sensitive credential to the corresponding control based on the feature.
In an alternative embodiment, when the control is of the desktop control class, the characteristic is the selected attribute identification; when the control is a webpage control class, the characteristic is a selected webpage DOM tree sub-tree.
In an alternative embodiment, when the interface management module is included in the trusted execution environment 721 and the behavior is allowed to be invoked, the trusted execution environment 721 is further configured to:
encrypting the sensitive credential to obtain a first ciphertext;
and sending the first ciphertext to an interface of an application which is currently applied for calling through an interface management module, wherein the application is used for decrypting the first ciphertext to obtain the sensitive credential.
In an alternative embodiment, when the identity information is included in the caller information and the behavior is to change the identity information, the trusted execution environment 721 is further configured to:
replacing the identity information in the current caller information with corresponding target identity information;
and matching the replaced current caller information, the precursor caller information and the current time with a check rule, and calling and managing the sensitive credential according to the matched behavior.
In an alternative embodiment, the trusted execution environment 721 may be further configured to send the generated alert message to the controller 710 when the behavior is call prohibited.
In an alternative embodiment, the controller 710 is further configured to generate a public key and a private key corresponding to the service host 720, and send the private key to the trusted execution environment 721 in the service host 720; a trusted execution environment 721 also for storing the private key;
the trusted execution environment 721 is further configured to receive a second ciphertext, where the second ciphertext is obtained by encrypting, by the credential provider, the caller information and the sensitive credential by using the public key; and decrypting the second ciphertext by using the private key, and generating a mapping relation between the caller information and the sensitive credential obtained after decryption.
In an alternative embodiment, after performing call management on the sensitive credentials according to the behavior, the trusted execution environment 721 is further configured to generate call information of each sensitive credential, send the call information to the controller 710, where the call information includes call time, identity information, and application information;
the controller 710 is further configured to aggregate and perform relevance analysis on the invocation information sent by each service host 720 according to the invocation time.
In an alternative embodiment, the caller information includes identity information, application information and destination information.
To sum up, the sensitive credential management system based on the RPA provided in the embodiment of the present application generates, through the trusted execution environment, a mapping relationship including caller information and sensitive credential and a verification rule, where the verification rule includes a verification condition and a behavior, and the verification condition includes current caller information of an application that is currently applied for invocation, previous caller information of an application that is applied for invocation at a previous time, and a time period; when receiving a call request carrying current caller information sent by an RPA component, the trusted execution environment can acquire current time and precursor caller information, match the current caller information, the precursor caller information and the current time with a check rule, and call and manage sensitive credentials according to the matched behavior. Because the sensitive credential is stored in the trusted execution environment, the sensitive credential can be locally managed by means of the trusted execution environment, so that the single-point security risk is reduced, the RPA construction is decoupled from the management of the sensitive credential, the risk of the sensitive credential being leaked is reduced, and the security and the flexibility are improved. In addition, the calling behavior of the sensitive credential is verified and determined through the verification rule in the business host, so that restriction and controllability are provided for calling the sensitive credential, the detection capability of calling the sensitive credential in compliance is improved, and the orderly calling of the sensitive credential is promoted.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description should not be taken as limiting the embodiments of the present application, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the embodiments of the present application should be included in the scope of the embodiments of the present application.

Claims (10)

1. An RPA-based sensitive credential management method for use in a sensitive credential management system comprising a controller and a plurality of traffic hosts, the method comprising:
the controller authenticates a trusted execution environment in the service host;
after the authentication is passed, the trusted execution environment generates a mapping relation and a verification rule, wherein the mapping relation comprises caller information and sensitive credentials, the verification rule comprises a verification condition and a behavior, and the verification condition comprises current caller information of an application which is currently applied to be called, precursor caller information of the application which is applied to be called last time and a time period;
the trusted execution environment receives a calling request sent by a Robot Process Automation (RPA) component, wherein the calling request carries the current caller information;
and the trusted execution environment acquires the current time and the information of the precursor caller, matches the current caller information, the information of the precursor caller and the current time with the verification rule, and calls and manages the sensitive credential according to the matched behavior.
2. The method of claim 1,
when an interface management module is included in the trusted execution environment, the method further comprises: the trusted execution environment collects the characteristics of the control corresponding to each sensitive credential and adds the abstract of the characteristics to the interface management module;
when the behavior is allowed to be called, the calling management of the sensitive credential according to the matched behavior comprises: and the trusted execution environment searches for the sensitive credential corresponding to the current caller information from the mapping relation, and controls the interface management module to output the sensitive credential to the corresponding control based on the characteristics.
3. The method of claim 2,
when the control is a desktop control class, the characteristic is a selected attribute identifier;
and when the control is a webpage control class, the characteristic is a selected webpage DOM tree subtree.
4. The method of claim 1, wherein when an interface management module is included in the trusted execution environment and the behavior is to allow invocation, the performing invocation management on the sensitive credential according to the matched behavior comprises:
the trusted execution environment encrypts the sensitive credential to obtain a first ciphertext;
and the trusted execution environment sends the first ciphertext to an interface of an application which is currently applied for calling through the interface management module, and the application is used for decrypting the first ciphertext to obtain the sensitive credential.
5. The method of claim 1, wherein when the caller information includes identity information and the behavior is change identity information, the invoking management of the sensitive credential according to the matched behavior comprises:
the trusted execution environment replaces the identity information in the current caller information with corresponding target identity information;
and the trusted execution environment matches the replaced current caller information, the precursor caller information and the current time with the verification rule, and calls and manages the sensitive credential according to the matched behavior.
6. The method of claim 1, wherein when the action is call barring, the call management of the sensitive credential according to the matched action comprises:
and the trusted execution environment sends the generated alarm information to the controller.
7. The method of claim 1,
the method further comprises the following steps: the controller generates a public key and a private key corresponding to the service host, and sends the private key to a trusted execution environment in the service host; the trusted execution environment stores the private key;
the trusted execution environment in the service host generates a mapping relationship, including: the trusted execution environment receives a second ciphertext, wherein the second ciphertext is obtained by encrypting caller information and sensitive credential by a credential provider by using the public key; and decrypting the second ciphertext by using the private key, and generating a mapping relation between the caller information and the sensitive credential obtained after decryption.
8. The method of claim 1, wherein after the call management of the sensitive credential according to the behavior, the method further comprises:
the trusted execution environment generates calling information of each sensitive credential and sends the calling information to the controller, wherein the calling information comprises calling time, identity information and application information;
and the controller collects and analyzes the calling information sent by each service host according to the calling time.
9. The method of any of claims 1-8, wherein the caller information comprises identity information, application information, and destination information.
10. A sensitive credential management system based on RPA is characterized in that the sensitive credential management system comprises a controller and a plurality of service hosts;
the controller is used for authenticating a trusted execution environment in the service host;
after the authentication is passed, the trusted execution environment is used for generating a mapping relation and a verification rule, wherein the mapping relation comprises caller information and a sensitive credential, the verification rule comprises a verification condition and a behavior, and the verification condition comprises current caller information of an application which is currently applied for calling, precursor caller information of the application which is applied for calling last time and a time period;
the trusted execution environment is also used for receiving a calling request sent by a robot process automation RPA component, wherein the calling request carries the information of the current calling party;
the trusted execution environment is further configured to obtain current time and the predecessor caller information, match the current caller information, the predecessor caller information, and the current time with the verification rule, and call and manage the sensitive credential according to a matched behavior.
CN202210360858.3A 2022-04-07 2022-04-07 Sensitive credential management method and system based on RPA Active CN114448648B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210360858.3A CN114448648B (en) 2022-04-07 2022-04-07 Sensitive credential management method and system based on RPA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210360858.3A CN114448648B (en) 2022-04-07 2022-04-07 Sensitive credential management method and system based on RPA

Publications (2)

Publication Number Publication Date
CN114448648A true CN114448648A (en) 2022-05-06
CN114448648B CN114448648B (en) 2022-08-23

Family

ID=81360465

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210360858.3A Active CN114448648B (en) 2022-04-07 2022-04-07 Sensitive credential management method and system based on RPA

Country Status (1)

Country Link
CN (1) CN114448648B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115545872A (en) * 2022-11-28 2022-12-30 杭州工猫科技有限公司 Risk early warning method in application of RPA financial robot based on AI
WO2023035938A1 (en) * 2021-09-09 2023-03-16 华为技术有限公司 Method for executing robot script and related device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111083093A (en) * 2018-10-22 2020-04-28 中国移动通信集团浙江有限公司 Method and device for calling terminal capability
US10733329B1 (en) * 2018-04-20 2020-08-04 Automation Anywhere, Inc. Robotic process automation system and method with secure credential vault
CN111783047A (en) * 2020-06-24 2020-10-16 广州海颐信息安全技术有限公司 RPA (resilient packet Access) automatic safety protection method and device
CN112434275A (en) * 2020-11-20 2021-03-02 中国建设银行股份有限公司 RPA user authentication method, device, electronic equipment and medium
CN113660229A (en) * 2021-07-30 2021-11-16 未鲲(上海)科技服务有限公司 Multi-system single sign-on method, device, equipment and medium based on RPA

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10733329B1 (en) * 2018-04-20 2020-08-04 Automation Anywhere, Inc. Robotic process automation system and method with secure credential vault
CN111083093A (en) * 2018-10-22 2020-04-28 中国移动通信集团浙江有限公司 Method and device for calling terminal capability
CN111783047A (en) * 2020-06-24 2020-10-16 广州海颐信息安全技术有限公司 RPA (resilient packet Access) automatic safety protection method and device
CN112434275A (en) * 2020-11-20 2021-03-02 中国建设银行股份有限公司 RPA user authentication method, device, electronic equipment and medium
CN113660229A (en) * 2021-07-30 2021-11-16 未鲲(上海)科技服务有限公司 Multi-system single sign-on method, device, equipment and medium based on RPA

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023035938A1 (en) * 2021-09-09 2023-03-16 华为技术有限公司 Method for executing robot script and related device
CN115545872A (en) * 2022-11-28 2022-12-30 杭州工猫科技有限公司 Risk early warning method in application of RPA financial robot based on AI

Also Published As

Publication number Publication date
CN114448648B (en) 2022-08-23

Similar Documents

Publication Publication Date Title
CN111191286B (en) HyperLegger Fabric block chain private data storage and access system and method thereof
EP3937424B1 (en) Blockchain data processing methods and apparatuses based on cloud computing
CN111783075B (en) Authority management method, device and medium based on secret key and electronic equipment
CN112422532B (en) Service communication method, system and device and electronic equipment
US8417964B2 (en) Software module management device and program
JP5100286B2 (en) Cryptographic module selection device and program
US6499110B1 (en) Method and apparatus for facilitating information security policy control on a per security engine user basis
US11290446B2 (en) Access to data stored in a cloud
US11025415B2 (en) Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device
CN111488598A (en) Access control method, device, computer equipment and storage medium
CN114448648B (en) Sensitive credential management method and system based on RPA
US20220114249A1 (en) Systems and methods for secure and fast machine learning inference in a trusted execution environment
CN110908786A (en) Intelligent contract calling method, device and medium
CN111340483A (en) Data management method based on block chain and related equipment
CN111917711B (en) Data access method and device, computer equipment and storage medium
CN116436682A (en) Data processing method, device and system
WO2021170049A1 (en) Method and apparatus for recording access behavior
US11481515B2 (en) Confidential computing workflows
CN114398623A (en) Method for determining security policy
CN111414640B (en) Key access control method and device
WO2022144024A1 (en) Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization
EP3975015B9 (en) Applet package sending method and device and computer readable medium
WO2021073383A1 (en) User registration method, user login method and corresponding device
CN114861144A (en) Data authority processing method based on block chain
CN111737725A (en) User marking method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant