CN116980158A - Data processing method and related equipment - Google Patents
Data processing method and related equipment Download PDFInfo
- Publication number
- CN116980158A CN116980158A CN202211431805.2A CN202211431805A CN116980158A CN 116980158 A CN116980158 A CN 116980158A CN 202211431805 A CN202211431805 A CN 202211431805A CN 116980158 A CN116980158 A CN 116980158A
- Authority
- CN
- China
- Prior art keywords
- target application
- data
- authentication
- version
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 33
- 238000012545 processing Methods 0.000 claims abstract description 122
- 238000000034 method Methods 0.000 claims abstract description 89
- 230000008569 process Effects 0.000 claims abstract description 53
- 238000012795 verification Methods 0.000 claims description 104
- 238000004891 communication Methods 0.000 claims description 71
- 230000001915 proofreading effect Effects 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 20
- 230000007613 environmental effect Effects 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 description 13
- 238000010586 diagram Methods 0.000 description 13
- 230000003993 interaction Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 238000002955 isolation Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Abstract
The embodiment of the application discloses a data processing method and related equipment, wherein the data processing method comprises the following steps: receiving service data sent by a data provider; the business data is to be sent to a target application in a trusted execution environment; the service data is sent by the data provider after the target application passes the security authentication, and the service data contains expected version information, wherein the expected version information is used for describing that the data provider expects to send the service data to the target application with a specified version; performing local authentication processing on the target application to obtain current version information of the target application, and performing security check processing on the target application by adopting the current version information and the expected version information to obtain a check result about the target application; and when the checking result indicates that the target application passes the security checking process, the business data is sent to the target application, so that the target application executes business processing based on the business data. By the embodiment of the application, the safety of service data can be ensured.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data processing method and related devices.
Background
With the rapid development of information technology, the internet plays an increasingly important role in daily life of people, and various information security problems, especially data security problems, are caused accordingly. An Application program (APP) running in a computer device may acquire and use service data from a data provider within an authorized range before providing corresponding functions.
In order to avoid data security problems such as data abuse, tampering, or theft, a data provider may perform trusted verification on an application (i.e., a data consumer), and the application may obtain service data after obtaining trust of the data provider. However, the current method also has some security holes, so that the security of the service data of the data provider when the service data is provided for other applications cannot be well guaranteed, and therefore, how to ensure the security of the service data of the data provider is a problem worthy of research.
Disclosure of Invention
The embodiment of the application provides a data processing method and related equipment, which can enable service data to be sent to an application of a designated version trusted by a data provider in a trusted execution environment, thereby ensuring data security.
In one aspect, an embodiment of the present application provides a data processing method, including:
receiving service data sent by a data provider; the service data is to be sent to a target application in a trusted execution environment; the service data is sent by the data provider after the target application passes the security authentication, and the service data comprises expected version information which is used for describing that the data provider expects to send the service data to the target application with a specified version;
performing local authentication processing on the target application to obtain current version information of the target application, and performing security check processing on the target application by adopting the current version information and the expected version information to obtain a check result about the target application;
and when the checking result indicates that the target application passes the security checking process, the business data is sent to the target application, so that the target application executes business processing based on the business data.
In one aspect, an embodiment of the present application provides a data processing method, including:
the receiving and transmitting module is used for receiving service data sent by the data provider; the service data is to be sent to a target application in a trusted execution environment; the service data is sent by the data provider after the target application passes the security authentication, and the service data comprises expected version information which is used for describing that the data provider expects to send the service data to the target application with a specified version;
The processing module is used for carrying out local authentication processing on the target application to obtain current version information of the target application, and carrying out security checking processing on the target application by adopting the current version information and the expected version information to obtain a checking result about the target application;
and the receiving and transmitting module is further used for transmitting the service data to the target application when the checking result indicates that the target application passes the security checking process, so that the target application executes service processing based on the service data.
Accordingly, an embodiment of the present application provides a computer device, including:
a processor adapted to execute a computer program;
a computer readable storage medium having a computer program stored therein, which when executed by the processor, performs a data processing method of an embodiment of the present application.
Accordingly, an embodiment of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, performs the data processing method of the embodiment of the present application.
Accordingly, embodiments of the present application provide a computer program product comprising a computer program or computer instructions which, when executed by a processor, implement a data processing method of embodiments of the present application.
In the embodiment of the application, the service data sent by the data provider can be received, the service data is sent by the data provider after the target application passes the security authentication, and the service data carries the expected version information, the service data is to be sent to the target application in the trusted execution environment, the target application can be locally authenticated when the service data is sent to the target application of the appointed version in the trusted execution environment, the current version information is obtained, the security check processing is carried out on the target application through the current version information and the expected version information, the security of the target application is further checked on the basis that the security authentication of the target application passes, and the service data can be provided to the target application in the trusted execution environment when the security check passes, so that the service data can be limited to be processed in the trusted execution environment and the service data is limited to be used by the application of the appointed version, thereby ensuring the security of the service data.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1a is a block diagram of a data processing system according to an embodiment of the present application;
FIG. 1b is an interactive flow diagram of a data processing system provided by an embodiment of the present application;
FIG. 2 is a schematic flow chart of a data processing method according to an embodiment of the present application;
FIG. 3 is a flowchart of another data processing method according to an embodiment of the present application;
FIG. 4a is a schematic diagram of an interaction flow when performing version authentication on a target application according to an embodiment of the present application;
FIG. 4b is a schematic diagram of an interaction flow when verifying environmental security and application security according to an embodiment of the present application;
FIG. 5 is a flowchart of another data processing method according to an embodiment of the present application;
FIG. 6a is a functional schematic of a proxy service provided by an embodiment of the present application;
FIG. 6b is a functional schematic of a target application according to an embodiment of the present application;
FIG. 6c is a functional schematic diagram of a data provisioning service according to an embodiment of the present application;
FIG. 7 is a schematic diagram of interaction flow of each party when security verification is performed by a target application according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides a data processing method, after a data provider determines that a target application passes security authentication, service data can be sent to a data user, the service data comprises expected version information, the expected version information is used for describing that the data provider expects to send the service data to the target application with a specified version, and thus the data provider can specify the application and the version of the specified application, and the sent target application with the specified version can be determined for the service data. The data user can receive the service data sent by the data provider, and before the service data is sent to a target application in a target trusted execution environment for use, the target application can be subjected to local authentication processing, and the security of the target application is checked based on the current version information and the expected version information obtained by the local authentication processing, so that the security of the version of the target application can be further checked through the security check on the basis of the security authentication of the target application. After the target application passes the security check, the target application is indicated to be a trusted and safe application, and the received service data can be further sent to the target application, so that the target application can execute service processing based on the service data provided by the data provider, the service data is ensured to be sent to the target application of the appointed version in the trusted execution environment, the service processing executed by the target application is realized in the trusted execution environment, and the running safety of the service data can be ensured. Therefore, the scheme can ensure that the service data is used for the application program with the appointed version, and can also ensure that the service data operates in a trusted execution environment, so that the safety of the service data can be ensured. In addition, the security check of the target application and the service processing executed by the target application are decoupled, the service data can be provided for any application program to verify whether the application program is trusted according to the scheme, and then the application executes the service processing, so that the service logic of the application is decoupled from the security-related logic, and the universality is strong.
Because the requirements of data dimension and data volume are increasing, the data generated by using self service by a mechanism is possibly insufficient to support the service requirements of the scenes, so that corresponding service processing can be executed by combining the data of other parties, and the data provider hopes that the privacy data in the service data are fully protected. By executing the service processing by the target application in the trusted execution environment, the security of the service data can be ensured, the service processing is ensured to be executed in a safe environment, and only the final processing result is output after the service processing, but the service data cannot be output, so that the service data can be used and invisible.
The data provided by the embodiment of the application is suitable for various business scenes related to big data, including but not limited to: sensitive data processing, accurate advertisement operation, intelligent city, intelligent navigation and other business scenes. The content of the service data and the service processing performed differ from service scenario to service scenario. For example, in an advertising fine operation scenario, the business data may include: social data in social applications, content data of content platforms, browsing data in shopping applications, etc., based on which advertisements that may be of interest to individual objects may be accurately recommended. For another example, in a smart navigation scenario, the business data may include: traffic road condition data and vehicle travel data. An optimal route planning for the vehicle can be performed based on these traffic data.
It will be appreciated that in the specific embodiments of the present application, related business data such as social data, content data, traffic road condition data, vehicle driving data, etc. are involved, when the above embodiments of the present application are applied to specific products or technologies, permission or consent of the subject needs to be obtained, and collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.
The architecture of the data processing system provided by the embodiment of the present application is described below.
With reference to FIG. 1a, FIG. 1a is a block diagram illustrating a data processing system according to an embodiment of the present application. As shown in fig. 1a, the data processing system comprises a data providing device 101, a proxy device 102, a service processing device 103 and a database 104. Wherein a communication connection is established between the data providing device 101 and the database 104 in a wired or wireless manner, the database 104 may be a local database or a cloud database associated with the data providing device 101, the service data is stored in the database 104, and the data providing device 101 may obtain the service data from the database 104. The data providing device 101 and the database 104 belong to a data provider; the proxy device 102 and the service processing device 103 establish communication connection in a wired or wireless manner, the proxy device 102 and the service processing device 103 belong to a data user, and data interaction between the data provider and the data user can be realized through the communication connection between the data provider 101 and the proxy device 102.
Any of the above devices (including the data providing device 101, the proxy device 102, the service processing device 103) may be a terminal device or a server, the terminal device including but not limited to: the intelligent mobile phone, the tablet personal computer, the intelligent wearable equipment, the intelligent voice interaction equipment, the intelligent household appliances, the personal computer, the vehicle-mounted terminal, the intelligent camera, the virtual reality equipment and the like are not limited in the application, and the number of the terminal equipment is not limited in the application. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN (Content Delivery Network ), basic cloud computing services such as big data and artificial intelligent platform, but is not limited thereto. The present application is not limited with respect to the number of servers.
The data provider may develop and deploy data provisioning services for providing service support for secure authentication of applications and transmission of business data, including, but not limited to: key service, network service, data acquisition service, data provision service; the key service is used for providing a data key to encrypt service data, the network service is used for transmitting a security authentication request (such as a remote authentication request) and sending the encrypted service data, the data acquisition service is used for acquiring the service data to be externally provided, namely, the service data to be provided to a target application of a data user, from the database 104, and the data providing service is used for initiating environment authentication (such as remote authentication) according to communication connection information of the data user, calling the key service and initiating a data transmission request. The data provision service may be specifically deployed in the data provision device 101, and when the data provision device 101 provides service data to the outside, security authentication of an external target application and transmission of the service data may be achieved through the data provision service.
The data consumer may provide a trusted execution environment, which is a secure area on the computing platform that is built by software and hardware methods (Trusted Execution Environment, TEE). Code and data loaded within the secure enclave can be protected in terms of confidentiality and integrity. The aim is to ensure that a task is executed as expected, and that the confidentiality and integrity of the initial state, and that of the runtime state, are ensured. Classical implementations of trusted execution environments are e.g. intel SGX (Intel Software Guard Extensions, intel developed software protection extensions) technology. The intel SGX technology helps to protect data in use through application isolation techniques. By protecting specific code and data from modification, a developer can divide its application into trusted application parts (enclaves) and untrusted application parts (normal programs), and improve the data privacy and confidentiality of the trusted parts through application isolation mechanisms and hardware-based authentication. At least one application and a proxy service can be deployed in the data consumer, the target application is any application in the at least one application, and the proxy service is developed by a third party unrelated to the service. The proxy service running in the trusted execution environment may be referred to as a trusted proxy service, the application running in the trusted execution environment may be referred to as a trusted application, and the target application may be a trusted application. The proxy service and the target application can run in the same or different trusted execution environments, the proxy service can be used as a proxy of the data user, a security authentication interface and a data proxy interface are provided for the data provider, and a local authentication interface, a data access interface and a data decryption interface are provided for the data user. When the data provider and the data user interact, various proxy interfaces provided by the proxy service can be called to realize the security authentication of the target application and the transmission of the service data.
Based on the data processing system, the interaction flow of each party approximately comprises: the data providing device 101 may perform security authentication on the target application first, including performing version authentication on the target application, initiating environment authentication on the target application deployed in the data user, and in the environment authentication process, may perform proxy by the proxy service deployed in the proxy device 102, obtain environment indication information and version information of the target application deployed in the data user, and further generate an environment authentication result. When the version authentication is passed, the data providing apparatus 101 may check whether the version of the target application approved by the data provider and the version of the target application deployed by the data consumer are identical, and then determine that the target application passes the security authentication when the version authentication is passed, and send the service data to the proxy apparatus 102 in the data consumer, and then perform the local authentication on the target application at the proxy apparatus 102, and perform security check on the target application based on the current version information and the expected version information obtained by the local authentication, and when the security check is passed, may send the service data to the service processing apparatus 103 so as to perform service processing. After receiving the service data sent to the target application, the service processing device 103 may process the service data by the target application to obtain a processing result, where the processing result may be shared by a data consumer or may be shared by a data provider. Alternatively, the service processing device 103 and the proxy device 102 may be the same computer device or different computer devices. The proxy device 102 is provided with a proxy service, the service data can be received by the proxy service first, then the local authentication is performed on the data acquisition request in response to the target application, the security check is realized, and the service data is provided for the target application to use after the security check is passed, so that privacy protection can be provided for the service data, and the security and the accuracy of the service data transmission can be ensured.
The technical scheme provided by the embodiment of the application is applied to the data processing system, and the interaction flow of each party at the software level can be shown as shown in fig. 1 b. Where security authentication of a target application includes remote authentication, which refers to a certification process between a secure enclave (which may be understood herein as a trusted execution environment) and a third party that is not on the same platform, in general, the goal of remote authentication is to have a hardware entity or a combination of hardware and software obtain trust of a remote service provider (e.g., a data provider) so that the service provider can provide a requested secret to a client (e.g., the target application) with confidence. By means of remote authentication, it can be verified that the hardware is a CPU (Central Processing Unit, central processing unit, final processing unit for information processing, program running) supporting a viable execution environment, thereby verifying that the target application and the proxy service are both securely running in a trusted execution environment.
It should be noted that, in the embodiment of the present application, the number of services and the processing result obtained by the service processing performed based on the service data may be stored in the blockchain. Blockchains are novel application modes of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanisms, encryption algorithms, and the like. The Blockchain (Blockchain) is essentially a decentralised database, which is a series of data blocks generated by association using a cryptography method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. In the embodiment of the application, the service data can be sent to the target application of the trusted execution environment, and in view of the fact that codes in the trusted execution environment cannot be tampered and executed in an expected mode, part of calculation of the blockchain can be moved to the trusted execution environment for execution, so that the consensus cost is reduced, the blockchain performance is increased, in addition, for the service processing related to the privacy data, the trusted execution environment provides end-to-end privacy protection, and the data to the calculation result can only be seen by an object, so that the security of the privacy data can be ensured.
In one mode, the processing results obtained by the business processing can be uplink and shared, for example, each resource transaction facility in the financial field has a respective abnormal object list, and the business processing executed by the target application refers to intersection of the abnormal object lists, so that a target abnormal object list is summarized and shared, and is applied to the anti-fraud scene. In another mode, the data provider can uplink the service data, if any data consumer wants to use the service data, the data consumer can apply for the service data required by authorization to use through the blockchain network, after receiving the application, the data consumer can perform security authentication and security check on the applicant based on the scheme, and then when the data consumer is determined to meet the expectation, the data consumer sends the authorization information to the chain to complete authorization, and then the data consumer can acquire the required service data from the data provider.
The following describes a data processing method provided by an embodiment of the present application.
Referring to fig. 2, fig. 2 is a flow chart of a data processing method according to an embodiment of the application. The data processing method may be performed by a computer device of a data consumer, such as the proxy device 102 in the data processing system shown in fig. 1a, and may comprise the following.
S201, receiving service data sent by a data provider, wherein the service data is to be sent to a target application in a trusted execution environment.
The data provider refers to a party providing service data, and the data provider may be any organization, object, group or the like, and the service data may refer to data owned and managed by an operation organization, including but not limited to: traffic data, road data, and the like. The business data may also be social data, which refers to data that is owned and managed by a group, such as content data of a content platform, purchase data in a shopping application, social data in a social application, and so forth.
In some business processing scenarios, the business data of the data provider may be sent for use by one or more applications of the trusted execution environment, thereby expanding the application of the business data into other business scenarios. For example, in a navigation scenario, traffic data acquired by organization a may be sent for use by objects developing navigation applications to plan an optimal navigation route based on the traffic data.
An application running in a trusted execution environment may be referred to as a trusted application, and a target application in the trusted execution environment may be any application (or application program) in the trusted execution environment, i.e., any trusted application. The target application may be an application with data analysis, statistics, etc. functions, and may be specified by the data provider, so that the specified application may be restricted to use the service data provided by the data provider. Business data is an important asset of objects, and the security of the business data is not negligible. To ensure data security, the service data is sent by the data provider after determining that the target application passes the security authentication. That is, the data provider may perform security authentication on the target application before sending the service data, and verify the environmental security and application security of the data user by the security authentication data provider to ensure that the target application is indeed an application program in the trusted execution environment, and the version of the target application is a specified version that the data provider desires to send.
The data consumer may receive the service data sent by the data provider, the service data including desired version information describing that the data provider desires to send the service data to a specified version of the target application. In one mode, the expected version information is generated after the data provider determines that the target application passes the security authentication, and the version appointed by the data provider for the service data can be obtained through the expected version information, so that the security of the target application can be checked in one step later, the accuracy and the security of the version of the service data sent to the target application in the trusted execution environment are ensured, and the service data is further ensured to be transmitted accurately and safely. Alternatively, the desired version information may be an application metric value of the target application, which is a metric value for measuring the version of the application. The application metric value is calculated by a Central Processing Unit (CPU) rather than manually set in the process of compiling the application source code, so that the non-tamper property of the application metric value can prevent the version of the target application from being falsified, the accuracy of the version of the target application is ensured, and the reliability of the version authentication of the target application is ensured.
After receiving the service data, the data user needs to fully verify the security of the target application before sending the service data to the target application in the trusted execution environment, and then gives the service data to the target application so as to prevent the service data from being leaked for other purposes which are not authorized by the data provider. In one manner, after passing the security authentication, the security of the target application may be further checked to ensure that the target application is a target application of a specified version, see in particular the description below.
S202, performing local authentication processing on the target application to obtain current version information of the target application, and performing security check processing on the target application by adopting the current version information and the expected version information to obtain a check result about the target application.
Local authentication refers to authentication between different applications on the same platform. In one way, local authentication may be initiated to a target application by a proxy service, which is developed by a developer independent of the service, and may also be considered as an application, so that the proxy service and the target application are different applications deployed by the data consumer, and in the present application, the proxy service and the proxy application represent the same object. The current version information of the target application can be obtained by performing local authentication processing on the target application. The current version information is used to describe a current version of the target application, which may be a version used by the target application in the security authentication process or may be a version of the target application upgraded after passing the security authentication. For example, when the data provider performs security authentication on the target application, the target application is application a in V1 version, and in the local authentication process, the target application is application a in V2 version. Alternatively, the current version information may be an application metric value.
And carrying out security check on the target application by adopting expected version information included in the service data and current version information returned by the local authentication, so as to obtain a check result about the target application, wherein the check result can be used for indicating whether the target application passes the security check process. In one implementation, the security check processing on the target application may be implemented by comparing consistency between the current version information returned by the local authentication processing and the expected version information included in the service data, that is, comparing whether the current version information and the expected version information are identical, and determining whether the target application passes the security check based on a comparison result obtained by the consistency comparison.
The current version information and the desired version information may be the same or different. When the current version information and the expected version information are the same, the current version of the target application is specified by the data provider, particularly the version used by the target application through security authentication, namely the version of the target application deployed by the data user and the version of the target application recognized by the data provider are consistent, and then the target application can be considered to pass security check; when the current version information and the expected version information are different, the current version of the target application is not the version designated by the data provider, and is not the version used when the target application passes the security authentication, namely, the version of the target application deployed by the data consumer and the version of the target application previously identified by the data provider are inconsistent, the inconsistency of the versions can indicate that the deployed target application can be tampered, the target application deployed by the data consumer can be hidden danger of privacy leakage, and then the target application can be considered to not pass the security check.
It can be seen that whether the version of the target application is the designated version expected by the data provider can be further verified through the security check, and whether the versions of the target application used in the security authentication process and the security check process are consistent can also be verified, so as to decide whether to transmit the service data to the target application. Through security check, further security guarantee can be provided for service data, so that more powerful privacy guarantee is provided.
And S203, when the checking result indicates that the target application passes the security checking process, the business data is sent to the target application, so that the target application executes the business process based on the business data.
When the checking result indicates that the target application passes the security checking process, the current version of the deployed target application is consistent with the appointed version expected by the data provider, the target application is the application of the same version in the security authentication link and the security checking process link, the target application can be considered to be not upgraded after passing the security authentication, the target application is not tampered, the target application meets the security guarantee required by the data provider, at the moment, the service data can be sent to the target application, so that the target application executes the service processing based on the service data after receiving the service data, and the corresponding service request is completed after the service processing is completed. Since the target application runs in the trusted execution environment, the business processes performed by the target application are also implemented in the trusted execution environment.
The trusted execution environment is, for example, an Intel sgx trusted execution environment provided by a data user, and based on hardware technology, the key (including a data key for decrypting service data, a communication private key and the like) can be ensured not to leave a secure enclave (i.e. special hardware control is used to securely isolate data and instructions at the level of a CPU), so that the security of the key is ensured. In one mode, the received service data is encrypted data, so that the transmission safety of the service data in the network can be ensured, and the service data can be sent after being encrypted based on a data key by a data provider. Under the condition, the service data is usually sent to the target application in the plaintext after decryption for direct use, so that the service data can be decrypted by utilizing the data key, and the trusted execution environment can effectively ensure the security of the data key required by decryption.
In addition, the acquired service data is subjected to privacy calculation in a trusted execution environment, and a safe operation environment can be provided for the privacy calculation of the service data through the trusted execution environment, so that the service data is ensured not to be revealed. The service processing based on service data relates to privacy computing, which is also called privacy protection computing, and refers to the fact that on the premise of guaranteeing that original data of a data provider are not revealed, the data are analyzed and computed through a series of technical means including fields of artificial intelligence, cryptography, data science and the like, and the data value is fully released on the basis of guaranteeing the data security and personal privacy, so that the data can be "available and invisible" in the data circulation process is realized. For example, in a vehicle navigation scenario, the traffic data includes historical traffic data and real-time road condition data, and the traffic processing performed based on the traffic data may be to comprehensively analyze the traffic data and the real-time road condition data, and predict the road traffic condition, so as to optimize the vehicle route and alleviate traffic jam.
Therefore, after the target application passes the security authentication, the security of the target application can be further checked by the local authentication of the target application, and the service data is sent to the target application after the target application passes the security check processing, so that the service data can be ensured to run in the target application of the appointed version in the trusted execution environment. Therefore, the target application can be prevented from being privately upgraded after the target application of the old version is used for security authentication by the data user, and because the privately upgraded target application possibly provides some interfaces, external applications outside the trusted execution environment can request service data from the trusted execution environment through the interfaces, so that the service data received by the target application is transferred from the trusted execution environment to the non-trusted execution environment, and the service data is resale or used as other unauthorized applications, the leakage of the private data has a great hidden trouble, and the privacy leakage can be prevented and the security of the service data is ensured by further checking the application security.
In one embodiment, when the verification result indicates that the target application does not pass the security verification process, it is indicated that the current version of the deployed target application is inconsistent with the designated version expected by the data provider, the versions of the target application related to the security authentication process and the security verification process are different, the target application related to the security verification process may be the target application upgraded after passing the security authentication, the upgraded target application may have a potential safety hazard of data leakage, and in order to ensure the security of service data, the service data may not be sent to the target application for use, or alternatively, the service data to be sent to the target application may not be saved to ensure the security of the data.
The manner in which the data provider securely authenticates the target application is described below.
Referring to fig. 3, fig. 3 is a flowchart illustrating another data processing method according to an embodiment of the application. The data processing method may be performed by a computer device of a data provider (e.g. a data providing device in a data processing system as shown in fig. 1 a), and may comprise the following.
S301, acquiring application source codes of the target application and public version information of the target application, and carrying out version authentication on the target application based on the application source codes and the public version information to obtain a version authentication result.
When the data provider needs to carry out version authentication on the target application, the application source code and the public version information of the target application can be sent to the data provider by the data provider due to the privacy protection problem, so that the application source code and the public version information of the target application developed by the data provider can be safely given to the data provider, the data provider can obtain the application source code of the target application and the public version information of the target application, and carry out version authentication on the target application based on the application source code and the public version information, and further a version authentication result is obtained. Version authentication of the target application can be understood as authentication of whether the version of the target application is matched with the version of the executable file or not, and the application source code of the target application can be ensured to correspond to the executable file through the version authentication, so that the problem of data security caused by processing business data by using the target application when the application source code is not corresponding to the executable file is avoided. Optionally, due to the public key disclosure of the developer signature target application file, the data provider may obtain the developer signature public key of the target application to prove that the application corresponding to the obtained data is indeed the target application that the data provider wants to authenticate.
In one implementation, the public version information is used to indicate a public version of the executable file corresponding to the target application. The disclosed version is a version of an executable file that the data user discloses to the data provider, and the disclosed version information is provided by the data user, has uniqueness and does not support being tampered with, for example, is an application metric value obtained by compiling application source code of the target application, and can identify the version of the target application. When the target application is deployed on the data user, the application source code of the target application can be compiled to obtain an executable file, and then the executable file is obtained based on compiling to be deployed, so that the version of the target application is the version of the executable file, the corresponding executable file and the application metric value can be obtained after compiling the application source code of one version, and the application metric value is matched with the executable file.
A version of an executable file matches a version of application source code, where matching means that the version of the executable file and the version of the application source code remain consistent, since the executable file is compiled from the application source code, which version of the application source code is the version for which the executable file is the version. For example, the application source code of the target application is the V1 version of application source code, and the V1 version of executable file can be obtained by compiling the application source code, so that the application source code corresponds to the executable file. However, the application source code and the executable file of the target application provided by the data user to the data provider may not correspond to the application source code and the executable file, for example, the data provider may obtain the V1 version of application source code and the V2 version of executable file, the V2 version of application source code corresponding to the V2 version of executable file, the V2 version of application source code and the V1 version of application source code are different, if the V2 version of application source code is the application source code obtained by adding an interface after private upgrade, and the data user deploys the target application based on the V2 version of executable file, which threatens the security of the service data of the data provider.
The data provider carries out version authentication on the target application based on the application source code and the public version information to obtain an implementation mode of a version authentication result, and the method comprises the following steps: firstly, compiling application source codes of target applications to obtain proofreading version information; and then, consistency comparison can be carried out on the public version information and the proofreading version information to obtain a comparison result, and the comparison result is used as a version authentication result.
Specifically, the data provider can obtain the collated version information by compiling the application source code of the target application, and can also obtain the executable file corresponding to the application source code. The proofreading version information is used for describing the version of the executable file obtained by compiling the application source code of the target application, is obtained by calculation of a CPU and has non-tamper property and uniqueness. The data provider can compare the obtained public version information with the collated version information in consistency, namely, whether the public version information and the collated version information are identical or not can obtain a comparison result, and the comparison result can be used as a version authentication result.
The version authentication result is used for indicating whether the target application passes the version authentication; when the public version information and the proofreading version information are different, the version authentication result indicates that the target application fails the version authentication. That is, when the open version information and the collation version information are the same, it is explained that the application source code of the target application and the executable file of the target application can correspond, that is, the version of the application source code and the version of the executable file are identical, so that the version consistency of the development data (including the application source code and the executable file) of the target application can be preliminarily confirmed, and thus, the target application can be confirmed to pass the version authentication. When the public version information and the proofreading version information are different, the application source code of the target application and the executable file of the target application are not corresponding, and further it can be determined that the target application fails the version authentication.
It should be noted that, in the embodiment of the present application, various version information (such as public version information, proofreading version information, version information to be proofread, expected version information, etc.) is obtained by running corresponding application source codes through a central processing unit, unlike a version number manually set by a developer, the use of version information can avoid the situation that an application version is randomly set and the version number is falsified, ensure the accuracy, uniqueness and non-falsifiability of the version information, and can more accurately and reliably authenticate and verify the security of a target application. The above version information may be represented by corresponding application metrics, which are calculated.
In one implementation, during the process of version authentication of a target application by a data provider, a data consumer may deploy a target application developed by itself and deploy a proxy service developed by a third party. A proxy service is an open-source service that can be used for subsequent assisted authentication of the environmental security and version kernel peering of a target application deployed by a data consumer. Since the proxy service developer can upload development data of the proxy service (including application source code, executable files, developer signature public keys, version information, etc.) to a code manager (e.g., a code hosting website GitHub). Development data of the proxy service can be disclosed through the code manager, so that any object can obtain the development data of the open source from the code manager and serve as corresponding processing (such as deploying the proxy service, verifying the proxy service, and the like). The data consumer may obtain an executable file of the proxy service from the code manager to deploy the proxy service.
The service data provided by the data providing direction target application can be sent through the proxy service, so that the safety of the proxy service of an open source is ensured, potential safety hazards are not brought to the service data of the data provider, and version authentication can be carried out on the proxy service, thereby verifying the safety of the proxy service. The method for authenticating the version of the target application is also suitable for authenticating the version of the proxy service, ensures that the application source code of the proxy service corresponds to the executable file, and also ensures that the proxy service deployed by the data provider is safe. A proxy service running in a trusted execution environment may be referred to as a trusted proxy service. The proxy service and the target application may be used as data users, in the environment authentication process performed on the target application, environment authentication may be performed on the execution environment where the proxy service is located, when the data provider determines that the proxy service is a trusted proxy service and the target application is a trusted application, and determines that the version information is expected, the service data may be sent to the trusted proxy service, and the trusted proxy service performs security check, and when the target application is a trusted application of a specified version, the proxy service may send the service data to the target application. Optionally, before verifying whether the application source code corresponds to the executable file, the security of the application source code of the proxy service may be checked, so as to improve the security guarantee. It can be appreciated that due to the openness and universality of the proxy service, the proxy service can be audited by the object using the proxy service, so that the vulnerability can be reduced, the credibility can be improved, and the security audit is an option.
Based on this, reference may be made to the schematic interaction flow when version authentication is performed on the target application as shown in fig. 4 a. The proxy service developer can develop and compile the application source code of the proxy service, upload the application metric value (a public version information) obtained by compiling and the executable file and the developer signature public key to the code manager, further open the proxy service, and verify the security of the application source code before verifying whether the application source code and the executable file of the proxy service correspond. The data provider may develop and deploy the data provisioning service and the data consumer may deploy the proxy service and the target application. In order to ensure the security of the target application, the data provider can also verify whether the application source code of the target application corresponds to the executable file, thereby ensuring that the target application deployed by the data consumer is relatively secure.
S302, performing environment authentication on an execution environment where the target application is located to obtain an environment authentication result, and generating a security authentication result of the target application based on the version authentication result and the environment authentication result.
The execution environment in which the target application is located may be an execution environment provided by the data consumer for the target application, which may provide security support for business processes of the target application. The execution environment in which the target application is located may be a trusted execution environment or a non-trusted execution environment. The trusted execution environment can ensure that the service data is processed in a safe and reliable environment, the security of the non-trusted execution environment is relatively low, and the security and reliability of service processing of the service data are facilitated by performing environment authentication on the execution environment where the target application is located. It should be noted that, because the target application is not deployed on the data provider, the environment authentication for the target application is a remote authentication, and the environment authentication result is returned by the data consumer on which the target application is deployed. The method is not limited to the order of the version authentication of the target application and the environment authentication of the execution environment where the target application is located, and for example, the method can also be used for performing the environment authentication of the execution environment where the target application is located first and then performing the version authentication of the target application.
The environment authentication result may be used to indicate whether the target application passes the environment authentication, thereby reflecting whether the execution environment in which the target application is located is a trusted execution environment. When the execution environment where the target application is located is a trusted execution environment, the target application can be determined to pass the environment authentication, the environment authentication result is used for indicating that the target application passes the environment authentication, and when the execution environment where the target application is located is a non-feasible execution environment, the target application can be determined to fail the environment authentication, and the environment authentication result is used for indicating that the target application fails the environment authentication.
In one embodiment, before performing environment authentication on an execution environment where a target application is located, a data provider and a data user may pre-establish a communication connection, so that the data provider may obtain communication connection information (such as an IP address, a port, etc.) of the data user, and further initiate environment authentication according to the communication connection information, the data provider may further generate a first verification parameter (such as a random number), where the first verification parameter may be sent to the target application along with a security authentication request, and determine whether the content is the content of the current environment authentication through the first verification parameter and a second verification parameter in a result returned by the target application, so as to avoid the target application from using a historical authentication report to pass authentication, and then privately upgrade the target application to receive service data and transfer the service data from the trusted execution environment to the untrusted execution environment, thereby causing private data leakage.
The data provider may send a remote authentication request (i.e., a security authentication request) carrying the first verification parameter to the data consumer, so that the data consumer may generate a remote authentication report (i.e., an environment authentication result) based on the remote authentication request, and return the remote authentication report to the data provider, and the data provider may verify the remote authentication report, thereby proving the environment security of the target application, i.e., the execution environment in which the target application is located is a trusted execution environment, and may also prove that the proxy service actually operates in the trusted execution environment if the proxy service exists. Thus, for verification of the remote authentication report, on one hand, whether the content in the returned remote authentication report is the latest life can be determined based on comparison among the verification parameters, and on the other hand, the authentication based on the remote authentication report can also determine that the execution environment where the target application is located and the execution environment where the proxy service is located are trusted execution environments, so that the environment is proved to be safe.
Based on the version authentication result and the environment authentication result, a security authentication result is generated, multiple aspects of authentication on the target application can be comprehensively performed, a reliable security authentication result is generated, and whether the target application passes the security authentication can be determined based on the security authentication result.
In one possible implementation, the environmental authentication result includes version information about the target application to be collated. The version information to be checked is returned to the data provider by the target application deployed by the data consumer in the process of environment authentication of the data provider. The version information to be collated may be used to indicate the version of the target application deployed by the data consumer.
Based on the version authentication result and the environment authentication result, carrying out security authentication on the target application to obtain a security authentication result, which can comprise the following contents:
(1) If the version authentication result indicates that the target application passes the version authentication and the environment authentication result indicates that the target application passes the environment authentication, the data provider performs verification processing on the version information to be verified according to the public version information to obtain a verification result; the proof results are used as security authentication results.
The version authentication result indicates that the target application passes the version authentication, and indicates that the application source code disclosed by the target application corresponds to the executable file, the version of the application source code is matched with the version of the executable file, and the disclosed version information can be used for verifying the version of the deployed target application. The environment authentication result indicates that the target application passes the environment authentication, and the execution environment where the target application is located is indicated to be a trusted execution environment, and the execution environment where the target application is located is reliable. Since the target application may be upgraded or privately tampered after deployment, the version of the target application is inconsistent with the public version, at this time, the public version information may be used to perform a verification process on the version information to be verified, which is included in the environment authentication result, that is, verify the consistency of the public version information and the version information to be verified, so as to obtain a verification result, where the verification result may be used as a security authentication result obtained by performing security authentication on the target application by the data provider. Based on the different content indicated by the collation results, it may be determined whether the target application passes the security authentication.
Therefore, under the conditions that the target application passes the version authentication and the target application passes the environment authentication, the deployed target application can be subjected to the version authentication, on one hand, the reliability of the execution environment of the target application can be checked, and the service data is ensured to be sent to the trusted execution environment, so that the safety of the service data operation environment is ensured; on the other hand, the version of the target application can be checked, so that the version of the target application deployed by the data user is ensured to be in line with expectations, and the service data is limited to the target application of the authenticated version for use.
If the verification result indicates that the public version information is consistent with the version information to be verified, the data provider determines that the target application passes the security authentication, the public version information of the target application is used as expected version information, and otherwise, the target application is determined not to pass the security authentication.
The disclosed version information is consistent with the version information to be checked, and the fact that the target application deployed in the data user has no version change, namely no upgrading and no tampering in the security authentication process is explained. The application version of the target application is expected, and here, it can be determined that the target application passes the security authentication, and the public version information of the target application can also be used as the expected version information of the target application, so that the data provider can determine the appointed version of the target application, and then can send the service data to the target application of the appointed version. The disclosed version information is inconsistent with the version information to be checked, which indicates that the target application deployed by the data user side can be privately upgraded, and it can be determined that the target application fails to pass the security authentication, the target application of the version in the data user side is not trusted by the data provider, and the data provider can choose not to send service data.
(2) If the version authentication result indicates that the target application fails the version authentication, or the environment authentication result indicates that the target application fails the environment authentication, the data provider generates a security authentication result based on the version authentication result and the environment authentication result.
In other words, there are any of the following cases: the version authentication result indicates that the target application fails the version authentication, the version authentication result indicates that the target application fails the environment authentication, the version authentication result indicates that the target application fails the version authentication and the environment authentication result indicates that the target application fails the environment authentication, the data provider can generate a security authentication result based on the version authentication result and the environment authentication result, and the security authentication result is used for indicating that the target application fails the security authentication. In one manner, the version authentication result and the environment authentication result may be directly determined as the security authentication result, so that the security authentication result is the integrated content of the version authentication result and the environment authentication result. In another mode, the security authentication result may be a result obtained by integrating the version authentication result and the environment authentication result.
It may be appreciated that when the security authentication result indicates that the target application passes the security authentication, the public version information may be determined as the expected version information, and service data carrying the expected version information may be sent to the data user to perform the data processing method described in the embodiment shown in fig. 2, and when the security authentication result indicates that the target application passes the security authentication, the security authentication may be performed again on the target application.
In one possible implementation, the data consumer includes a target application and a proxy service, in which case, the data provider may perform security authentication on the proxy service together during security authentication of the target application, where the security authentication on the proxy service includes: version authentication of the proxy service and security authentication of an execution environment in which the proxy service is located, and after the proxy service passes the version authentication and the environment authentication, version information of the proxy service may be verified based on public version information used in the version authentication. The version authentication of the proxy service can refer to the version authentication process of the target application, and the security authentication of the execution environment where the proxy service is located can be realized based on the environment authentication of the execution environment where the target application is located, namely the environment authentication result can comprise the version information of the proxy service, and the security of the proxy service can be determined by checking the version information. It will be appreciated that after the data provider determines that both the target application and the proxy service pass the security authentication, the traffic data may be sent to the data consumer.
In combination with the above, as shown in fig. 4b, the data provider may generate a first verification parameter (e.g., a random number) based on the data providing service, then initiate remote authentication (i.e., the environment authentication in the present application) to the proxy service, obtain a local authentication report through the interaction between the proxy service and the target application, generate a communication key pair by the proxy service, and generate a remote authentication including based on the local authentication report, the communication public key, and the first verification parameter. The remote authentication report comprises version information (such as an application metric value) of the proxy service to be checked, a first check parameter, the content of the local authentication report and environment indication information of the proxy service, and the local authentication report comprises version information (such as the application metric value) of the target application to be checked, a second check parameter and the environment indication information of the target application. The data providing service can verify the local authentication report and the remote authentication report after receiving the remote authentication report, prove the environmental security of the proxy service and the target application, and then can verify the returned version information (such as an application metric value) and the expected version information (such as an application metric value obtained by the deployment flow of fig. 4 a) of the target application, so that the proxy service and the target application can be ensured to be safe by verifying the version information for the same reason of the proxy service. For a more detailed description of the interaction between the proxy service and the target application, reference is made to the following corresponding steps in the embodiment shown in fig. 5.
The data processing method provided by the embodiment of the application particularly relates to a mode of carrying out safety authentication on a target application by a data provider, wherein the data provider can carry out version authentication on the target application, obtain corresponding version information by compiling application source codes, and compare the corresponding version information with the obtained public version information, thereby ensuring that the application source codes correspond to executable files and avoiding private upgrading of the application by a data user. The data provider can also perform environment authentication on the execution environment where the target application is located, and generate a reliable security authentication result through the version authentication result and the environment authentication result, so as to better determine whether the target application passes the security authentication based on the security authentication result. In addition, when the data user comprises the target application and the proxy service, the security authentication is carried out on the proxy service in addition to the security authentication of the target application, so that the security of the proxy service and the target application is ensured, and the service data is sent to the target application of the appointed version based on the security proxy service, so that the security of service data transmission and use can be ensured.
Referring to fig. 5, fig. 5 is a flowchart of another data processing method according to an embodiment of the application. The data processing method may be performed by a computer device of a data consumer, such as the proxy device 102 in the data processing system shown in fig. 1a, and may comprise the following.
In one embodiment, the data processing method is performed by a proxy device in which a proxy service is deployed, the proxy service and the target application being the data consumer. The data user refers to a party using service data, the data user can develop and deploy the target application, the public key of the target application file signed by the developer can be disclosed, so that the identity of the developer of the target application can be verified based on the public key, the signature certificate of the developer of the target application can be disclosed, and the signature certificate can be further provided for the data provider in the environment authentication process, so that the target application is complete and is not tampered. The proxy device may obtain an executable file of the proxy service of the open source from a code manager (such as a GitHub (a host platform facing the open source and the private software project)), and further deploy the proxy service in the proxy device based on the obtained executable file of the proxy service, where the target application and the proxy service may be deployed in different devices or in the same device, which is not limited in this aspect of the present application.
The data consumer may provide the following functions: providing a trusted execution environment for ensuring the security of the secret key; and requesting service data, and carrying out privacy calculation on the acquired service data in a Trusted Execution Environment (TEE). The service data provided by the data provider is sent to the target application through the proxy service. The proxy service operates in a trusted execution environment, and can act as a proxy for the data consumer, providing an environment authentication service to the data provider, which can be a remote authentication service.
The proxy service is an open source proxy service developed and provided by a proxy service developer (namely a third party irrelevant to the service), the proxy service does not store any data, the application source code of the proxy service is open source, and an executable file, an application metric value and a public key corresponding to a developer signature are disclosed. The functions that the proxy service may provide can be seen in fig. 6a. The target application is developed by the data consumer, and the application source code, executable file, public key corresponding to the developer signature, and application metric value of the target application are all public. The target application runs in a viable execution environment, and the functions of the target application can be seen in fig. 6b.
In one implementation, the proxy service provides one or more of the following functional interfaces: the system comprises a data proxy interface, a security authentication interface, a local authentication interface, a data access interface and a data decryption interface; the data proxy interface is used for receiving the service data sent by the data provider so as to send the service data to the target application of the appointed version indicated by the expected version information; the safety authentication interface is used for receiving a safety authentication request and an environment authentication result; the local authentication interface is used for sending a local authentication request to the target application and receiving a local authentication result returned by the target application; the data access interface is used for authorizing the target application to acquire service data; the data decryption interface is used for decrypting the service data to obtain decrypted service data.
The security authentication interface and the data proxy interface are both data provider oriented, the data provider can call the security authentication interface to perform environment authentication on an execution environment where the target application is located in the process of performing environment authentication on the data provider, after the security authentication is determined to pass, the data proxy interface can be called to send service data to the proxy service, the local authentication interface, the data access interface and the data decryption interface are both data user oriented, the local authentication interface can be called to send and receive data in the process of environment authentication and the local authentication processing after the security authentication passes, when the proxy service receives the service data, the target application can be notified that the corresponding service data exists, the target application can call the data access interface to send a data acquisition request, then the local authentication interface is called to perform local authentication processing, after the target application is determined to pass the security check, the data decryption interface can be called to decrypt the service data, and the decrypted service data is sent to the target application.
The data provider may provide the following functions: verifying the environmental security of a data user, verifying the security of a target application, generating and transmitting a data key, encrypting service data and transmitting the service data. The data provider may deploy the data provision service, and further implement the above functions based on the data provision service, and specific reference may be made to the modules and specific functional description of the data provision service shown in fig. 6 c.
The proxy service can provide related security services for the target application, and the proxy service can provide unified security services for one or more applications, so that the service codes of the target application and the security related codes can be decoupled, the universality of the security related codes can be fully exerted, the coding amount of a developer of the target application on the service codes can be reduced, and the workload of code auditing and the difficulty of code auditing can be reduced. In addition, the open source of the proxy service can enable the application source code of the code service to be more supervised and checked, the security of the application source code is promoted, the security vulnerability of the proxy service is effectively reduced, the credibility of the proxy service is promoted from the side, the proxy service can provide security service for any application, and more developers can benefit.
In the process of carrying out environment authentication on the execution environment where the target application is located, the data provider generates and returns an environment authentication result to the data provider by the data user. Based on the above, the contents performed by the data consumer in generating the environment authentication result include the following S501 to S502.
S501, receiving a security authentication request sent by a data provider.
Wherein the secure authentication request includes an identification of the target application for which authentication is requested by the data provider. Since the data consumer may deploy at least one application, and the data provider expects the service data to be provided for use by a specified target application, the target application for which authentication is requested by the data provider may be indicated by an identification of the target application, which may be an application name of the target application. The data user can receive the security authentication request sent by the data provider, and the security authentication request carries the identification of the target application, so that the environment authentication of the target application in the data user can be accurately performed.
S502, determining a target application based on the identification included in the security authentication request, and calling the proxy service to perform environment authentication on the target application to generate an environment authentication result.
The data user can firstly determine a target application from one or more applications deployed by the data user based on the identification in the security authentication request, and then call the proxy service to perform environment authentication on the determined target application to generate an environment authentication result. Because the proxy service and the target application belong to the same platform side, the environment authentication executed by the proxy service on the target application is called as a local authentication, and the generation of the environment authentication result is a function supported by the proxy service.
In one implementation, the secure authentication request further includes a first verification parameter generated by the data provider. The first verification parameter may be used to verify validity of an environment authentication result, where the validity of the environment authentication result may reflect that the environment authentication result is generated based on the environment authentication initiated the current time. The first verification parameter is unique and fails after being used, alternatively the first verification parameter may be a random number. The proxy service is invoked to perform environment authentication on the target application, and the implementation steps for generating the environment authentication result can be seen from the following descriptions 1) -3).
1) The proxy service is invoked to send a local authentication request carrying the first verification parameter to the target application, so that the target application returns local authentication information about the target application based on the local authentication request.
The local authentication can be initiated to the target application through the proxy service, and a local authentication request can be sent to the target application, wherein the local authentication request carries a first verification parameter, so that the first verification parameter generated by the data provider can be sent to the target application. Further, the local authentication information further includes a second verification parameter, and the second verification parameter is the same as the first verification parameter, thereby indicating that the local authentication information is based on the returned local authentication information of the current local authentication rather than the history. In another mode, after receiving the local authentication request, the target application can directly return historical local authentication information, the verification parameters contained in the local authentication information generated by different local authentications are different, and each local authentication information contains a unique verification parameter. Alternatively, the local authentication information may be a local authentication report. Therefore, based on the second verification parameter carried in the local authentication information returned by the target application, comparison is carried out between the second verification parameter and the first verification parameter, whether the local authentication information is up-to-date can be determined, and corresponding processing is executed.
2) Local authentication information about the target application is received and a communication key pair is generated.
The data consumer may receive the local authentication information via the proxy service and generate a communication key pair via the proxy service, which may be generated based on an asymmetric encryption technique, the communication key pair ensuring that data is not stolen by both parties (including the data consumer and the data provider here) during the communication. The communication key pair includes a communication public key and a communication private key. The communication public key is held by a communication key to an owner (namely, a data user) and is published to other people, the communication private key is held by the owner and cannot be published, the communication public key is used for encrypting the data, and the data encrypted by the communication public key can only be decrypted by using the communication private key.
3) And generating an environment authentication result about the target application according to the local authentication information, the first verification parameter and the communication public key in the communication key pair.
The call proxy service can generate an environment authentication result according to the local authentication information, the first verification parameter and the communication public key, wherein the environment authentication result comprises the local authentication information, the second verification parameter and the communication public key. Since the local authentication information includes the second verification parameter, the environment authentication result further includes the second verification parameter, and in addition, the environment authentication result may further include environment indication information about the proxy service, where the environment indication information of the proxy service is used to indicate an execution environment in which the proxy service is located. Optionally, when the local authentication information is a local authentication report, the environment authentication result belongs to a remote authentication report, and the content of the local authentication report including the first verification parameter is embedded in the remote authentication report, and then when the environment authentication result is verified, the local authentication report and the remote authentication report need to be verified, so that the environment security is proved.
When the second verification parameter is the same as the first verification parameter, the local authentication information returned by the target application is the latest local authentication information generated based on the first verification parameter, and the environment authentication result can be considered to be valid. After the environment authentication result is sent to the data provider, the data provider can verify the environment authentication result, can authenticate the second verification parameter and the first verification parameter included in the local authentication information, and then verify the local authentication information and the environment indication information of the proxy service contained in the local authentication information, so that the proxy service and the target application are proved to be operated in a trusted execution environment, and further after the environment authentication is passed, the version information to be verified can be verified by using the public version information of the target application used by the version authentication, and whether the target application deployed in the data user accords with expectations is determined.
When the second verification parameter is different from the first verification parameter, the local authentication information returned by the target application is not generated in response to the current local authentication request, and possibly is historical local authentication information, the environment authentication result can be considered invalid, the environment authentication result is returned to the data provider, the data provider can determine that the environment authentication result is invalid based on comparison among the verification parameters, and the environment authentication can be restarted for the target application or the target application can be directly determined that the environment authentication is not passed.
The environment authentication result is returned to the data provider, the environment authentication result comprises a communication public key, and therefore the communication public key is sent to the data provider through the environment authentication result, so that the data provider encrypts a data key based on the obtained communication public key and sends the encrypted data key to a data user, and then proxy equipment in the data user can call key service provided by proxy service, obtain a communication private key and decrypt the encrypted data key to obtain a data key. Wherein the data key is a key (key) for encrypting or decrypting data (data) and not for encrypting or decrypting other keys, and the service data received by the data consumer is encrypted based on the data key, so that the service data can be decrypted based on the data key. The proxy service provides a capability of data key exchange, and the data key of the data provider can be acquired and used by encrypting and decrypting the data key through the use of the communication key pair, so that the safety of data key transmission is ensured.
For what the proxy device performs to invoke the proxy service, see the detailed interaction diagram shown in fig. 4b described above. It may be appreciated that after the environment authentication result is returned to the data provider, the data provider may determine whether the target application passes the security authentication based on the version authentication result and the environment authentication result of the target application, and the data provider may determine whether the proxy service passes the security authentication based on the version authentication result and the environment authentication result of the proxy service. And the service data is sent to the target application through the proxy service after the data provider determines that the proxy service and the target application pass the security authentication. Specifically, the service data is sent to the proxy service, and the security of the target application is checked by the local authentication initiated by the proxy service, so as to determine whether the service data can be sent to the target application. See in particular the content of S503-S505.
And S503, receiving service data sent by a data provider, wherein the service data is to be sent to a target application in a trusted execution environment.
In one implementation, the data provider sends the service data based on the data key by encrypting the service data. The data consumer may receive, in addition to the service data, an encrypted data key that is encrypted based on the public communication key of the communication key pair. And then, when the service data can be sent to the target application in the trusted execution environment, the encrypted data key can be decrypted based on the communication private key in the communication key pair to obtain the data key, and further the service data can be decrypted.
S504, carrying out local authentication processing on the target application to obtain current version information of the target application, and carrying out security check processing on the target application by adopting the current version information and the expected version information to obtain a check result about the target application.
In one implementation, performing local authentication processing on a target application to obtain current version information of the target application, including: acquiring a reference check parameter and sending a local authentication request carrying the reference check parameter to a target application so that the target application returns a local authentication result based on the local authentication request; receiving a local authentication result sent by a target application, wherein the local authentication result comprises a current verification parameter and version information; and when the current verification parameter is consistent with the reference verification parameter, determining that the version information contained in the local authentication result is the current version information of the target application.
The local authentication of the target application is initiated after the service data is received, the reference check parameter can be carried by the data provider when the service data is sent, can be automatically generated on the data user side and is used for checking whether the returned local authentication result is generated in response to the current local authentication request, so that the target application can be prevented from using the historical local authentication result to perform security check, and the security check processing is ensured to be based on the check of the current version of the template application.
The target application may return the local authentication result after receiving the local authentication request carrying the reference verification parameter. In one mode, the local authentication result is generated by the target application based on the reference verification parameter included in the local authentication request, and in another mode, the local authentication request is a historical local authentication result directly returned by the target application, and the historical local authentication result is generated by performing local authentication on the target application in a historical version. For example, the local authentication request is sent to the V2 version target application, and the V2 version target application may directly return the local authentication result saved by the V1 version target application during local authentication. Each local authentication result carries a verification parameter corresponding to the local authentication, and the verification parameters of different local authentication results are different. The local authentication result includes version information and a current verification parameter of the target application, and when the current verification parameter is the same as the reference verification parameter, it is explained that the local authentication result is generated in real time based on the reference verification parameter and the version information in response to the local authentication request, and then the version information can be considered as the latest version information, namely, the current version information of the target application. Otherwise, the local authentication result is a historical local authentication result, and the version information contained in the local authentication result cannot indicate the current version of the target application, so that the target application can be considered to fail the security check. The local authentication result may be a local authentication report.
In one implementation, the verification result for the target application is obtained by consistency verification of the current version information using the desired version information. If the expected version information is consistent with the current version information, the checking result indicates that the target application passes the security checking process; if the expected version information and the current version information are inconsistent, the checking result indicates that the target application does not pass the security checking process. Specifically, consistency verification may be understood as a consistency comparison between desired version information and current version information, where the desired version information is consistent with the current version information, and indicates that a target application deployed by a data user is a target application of a public version, and the public version is a specified version desired by a data provider, where it may be determined that the target application does not pass the security check process. Otherwise, it is explained that the target application of the current version is not the target application of the public version after the version authentication, and the version of the target application of the current version is not the target application of the specified version expected by the data provider, at this time, it may be determined that the target application does not pass the security check process.
And S505, when the checking result indicates that the target application passes the security checking process, the business data is sent to the target application, so that the target application executes the business process based on the business data.
In one embodiment, the service data is obtained by encrypting the service data based on the data key, and before the service data is determined to be sent to the target application, the service data can be decrypted and then sent, so that the target application can directly acquire the service data in the plaintext to execute service processing, and the service data is processed efficiently.
Decryption of the service data includes the following: acquiring an encrypted data key and a communication key pair; decrypting the encrypted data key based on a communication private key in the communication key pair to obtain a data key; and decrypting the service data based on the data key to obtain decrypted service data, and transmitting the decrypted service data to the target application.
The encrypted data key is sent by the data provider, the communication key is generated by calling the proxy service in the data consumer, and the encrypted data key is obtained by encrypting the data key through a communication public key in a communication key pair; the security of the data key transmission can be ensured through encryption, and the data key obtained through decryption is consistent with the data key generated by the data provider at the data user. After decrypting the service data using the data key, the decrypted service data may be obtained and sent to the target application. Thus, the business processes performed by the target application are performed in the trusted execution environment, in particular based on the decrypted business data. Before the service data is sent to the target application, the data provider performs security authentication on the target application, and the proxy server performs security check on the target application, so that the target application is an application which can be trusted by the data provider, and the service data can be ensured to run in a limited application (namely, the target application with a specified version) of a limited environment (namely, a trusted execution environment), thereby realizing the invisible characteristic of the service data, effectively protecting the privacy of the object, and widening the service scene of the service data.
Based on the above description, the processes of data key transmission, service data transmission, local authentication, service processing, and the like are related. A schematic diagram of the interaction flow of the parties in determining the security check of the target application can be seen in fig. 7. Based on the data providing service deployed by the data provider, the key can be called to generate a data key, and the data key is encrypted by using a communication public key to obtain an encrypted data key, wherein the communication public key is contained in a remote authentication report (namely, an environment authentication report) returned by the proxy service. The data provider may send the encrypted data key to the proxy service based on the data providing service. Then, the data providing service may acquire service data and encrypt the service data using a data key, and may specify an application metric value of a target application (for indicating a specified version of the target application) and a signature message (for indicating that the service data is transmitted to a data provider), and then may transmit the encrypted service data to a proxy service, which may notify the target application after receiving the encrypted service data, may request the proxy service to acquire the data, the proxy service may initiate a local authentication to the target application in response to the request for data acquisition, obtain a result of the local authentication (i.e., a current metric value of the target application), and may verify whether the application metric value in the service data and the current metric value obtained by the local authentication are consistent, and if so, the proxy service may invoke the key service to decrypt the data and return the decrypted data to the target application, and may perform service processing based on the service data received to process the service request.
The data processing apparatus provided by the embodiments of the present application will be described in connection with the following.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a data processing apparatus according to an exemplary embodiment of the present application. The data processing apparatus may be a computer program (including program code) running on a computer device (such as any one of the terminal devices in a data processing system), for example the data processing apparatus is an application software; the data processing device may be used to execute corresponding steps in the data processing method provided by the embodiment of the present application. As shown in fig. 8, the data processing apparatus 800 includes: a transceiver module 801, a processing module 802, an acquisition module 803, and a decryption module 804.
A transceiver module 801, configured to receive service data sent by a data provider; the business data is to be sent to a target application in a trusted execution environment; the service data is sent by the data provider after the target application passes the security authentication, and the service data contains expected version information, wherein the expected version information is used for describing that the data provider expects to send the service data to the target application with a specified version;
the processing module 802 is configured to perform local authentication processing on the target application to obtain current version information of the target application, and perform security verification processing on the target application by adopting the current version information and the expected version information to obtain a verification result about the target application;
The transceiver module 801 is further configured to send service data to the target application when the verification result indicates that the target application passes the security verification process, so that the target application performs the service process based on the service data.
In one embodiment, the manner in which the data provider securely authenticates the target application includes: the data provider acquires application source codes of the target application and public version information of the target application, and carries out version authentication on the target application based on the application source codes and the public version information to obtain a version authentication result; the data provider performs environment authentication on an execution environment where the target application is located to obtain an environment authentication result, and generates a security authentication result of the target application based on the version authentication result and the environment authentication result; the security authentication result is used to indicate whether the target application passes the security authentication.
In one embodiment, the public version information is used to indicate a public version of the executable file corresponding to the target application, where one version of the executable file matches one version of the application source code; performing version authentication on the target application based on the application source code and the public version information to obtain a version authentication result, wherein the method comprises the following steps: compiling an application source code of a target application by a data provider to obtain proofreading version information, wherein the proofreading version information is used for describing a version of an executable file obtained by compiling the application source code of the target application; the data provider compares the consistency of the public version information and the proofreading version information to obtain a comparison result, and takes the comparison result as a version authentication result; the version authentication result is used for indicating whether the target application passes the version authentication; when the public version information and the proofreading version information are different, the version authentication result indicates that the target application fails the version authentication.
In one embodiment, the environmental authentication result includes version information about the target application to be collated; the data provider generating a security authentication result of the target application based on the version authentication result and the environment authentication result, comprising: if the version authentication result indicates that the target application passes the version authentication and the environment authentication result indicates that the target application passes the environment authentication, the data provider performs verification processing on the version information to be verified according to the public version information to obtain a verification result; the proofreading result is used as a security authentication result; if the version authentication result indicates that the target application fails the version authentication, or the environment authentication result indicates that the target application fails the environment authentication, the data provider generates a security authentication result based on the version authentication result and the environment authentication result; and when the execution environment where the target application is located is a trusted execution environment, the target application passes the environment authentication.
In one embodiment, if the verification result indicates that the public version information is consistent with the version information to be verified, the data provider determines that the target application passes the security authentication, and the public version information of the target application is taken as the expected version information; otherwise, determining that the target application fails the security authentication.
In one embodiment, the method provided by the embodiment of the application can be executed by proxy equipment, proxy service is deployed in the proxy equipment, the proxy service and the target application are used as data users, and after the data provider determines that the proxy service and the target application pass through security authentication, the service data is sent to the target application through the proxy service;
a transceiver module 801, configured to receive a security authentication request sent by a data provider, where the security authentication request includes an identifier of a target application requested to be authenticated by the data provider;
and a processing module 802, configured to determine a target application based on the identifier included in the security authentication request, and invoke the proxy service to perform environment authentication on the target application, generate an environment authentication result, and return the environment authentication result to the data provider.
In one embodiment, the secure authentication request further includes a first verification parameter generated by the data provider; a processing module 802 for: the proxy service is called to send a local authentication request carrying a first check parameter to the target application, so that the target application returns local authentication information about the target application based on the local authentication request; receiving local authentication information about a target application and generating a communication key pair; generating an environment authentication result about the target application according to the local authentication information, the first verification parameter and the communication public key in the communication key pair; the local authentication information comprises a second verification parameter, and when the first verification parameter is the same as the second verification parameter, the environment authentication result is valid.
In one embodiment, the processing module 802 is configured to: acquiring a reference check parameter and sending a local authentication request carrying the reference check parameter to a target application so that the target application returns a local authentication result based on the local authentication request; receiving a local authentication result sent by a target application, wherein the local authentication result comprises a current verification parameter and version information; and when the current verification parameter is consistent with the reference verification parameter, determining that the version information contained in the local authentication result is the current version information of the target application.
In one embodiment, the service data is obtained by encrypting the service data based on a data key;
an obtaining module 803, configured to: acquiring an encrypted data key and a communication key pair; the encrypted data key is obtained by encrypting the data key through a communication public key in a communication key pair;
a decryption module 804, configured to decrypt the encrypted data key based on the communication private key in the communication key pair, to obtain a data key;
the decryption module 804 is further configured to decrypt the service data based on the data key to obtain decrypted service data;
and the transceiver module 801 is configured to send the decrypted service data to the target application.
In one embodiment, the computer device is a proxy device, a proxy service is deployed in the proxy device, and the service data is sent to the target application through the proxy service after the data provider determines that the proxy service and the target application pass the security authentication; the proxy service provides one or more of the following functional interfaces: the system comprises a data proxy interface, a security authentication interface, a local authentication interface, a data access interface and a data decryption interface; the data proxy interface is used for receiving the service data sent by the data provider so as to send the service data to the target application of the appointed version indicated by the expected version information; the safety authentication interface is used for receiving a safety authentication request and an environment authentication result; the local authentication interface is used for sending a local authentication request to the target application and receiving a local authentication result returned by the target application; the data access interface is used for authorizing the target application to acquire service data; the data decryption interface is used for decrypting the service data to obtain decrypted service data.
In one embodiment, the verification result about the target application is obtained by performing consistency verification on the current version information by using the expected version information; if the expected version information is consistent with the current version information, the checking result indicates that the target application passes the security checking process; if the expected version information and the current version information are inconsistent, the checking result indicates that the target application does not pass the security checking process.
It may be understood that the functions of each functional module of the data processing apparatus described in the embodiments of the present application may be specifically implemented according to the method in the embodiments of the method, and the specific implementation process may refer to the relevant description of the embodiments of the method and will not be repeated herein. In addition, the description of the beneficial effects of the same method is omitted.
Computer devices provided by embodiments of the present application are described in connection with the following.
Referring to fig. 9, fig. 9 is a schematic structural diagram of a computer device according to an embodiment of the application. The computer device 900 may include a stand-alone device (e.g., one or more of a node, a terminal, etc.), or may include components (e.g., a chip, a software module, a hardware module, etc.) internal to the stand-alone device. The digital computer device 900 may include at least one processor 901 and a network interface 902, and further optionally the digital computer device 900 may also include at least one memory 903 and a bus 904. Wherein the processor 901, the network interface 902 and the memory 903 are coupled by a bus 904.
The processor 901 is a module for performing arithmetic operation and/or logic operation, and may specifically be one or more of a central processing unit (central processing unit, CPU), a picture processor (graphics processing unit, GPU), a microprocessor (microprocessor unit, MPU), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array (Field Programmable Gate Array, FPGA), a complex programmable logic device (Complex programmable logic device, CPLD), a coprocessor (assisting the central processing unit to perform corresponding processing and application), a micro control unit (Microcontroller Unit, MCU), and other processing modules.
The network interface 902 may be used to provide information input or output to at least one processor. And/or the network interface 902 may be configured to receive data sent externally and/or send data to the outside, and may be a wired link interface including, for example, an ethernet cable, or may be a wireless link (Wi-Fi, bluetooth, universal wireless transmission, vehicle-mounted short-range communication technology, and other short-range wireless communication technologies, etc.) interface.
The memory 903 is used to provide storage space in which data such as an operating system and computer programs can be stored. The memory 903 may be one or more of a random access memory (random access memory, RAM), a read-only memory (ROM), an erasable programmable read-only memory (erasable programmable read only memory, EPROM), or a portable read-only memory (compact disc read-only memory, CD-ROM), etc.
The at least one processor 901 in the computer device 900 is adapted to invoke the computer programs stored in the at least one memory 903 to perform the data processing methods described in the illustrated embodiments of the present application.
In a possible implementation, the processor 901 in the number of computer devices 900 is configured to invoke a computer program stored in the at least one memory 903 for performing the following operations: receiving service data sent by a data provider; the business data is to be sent to a target application in a trusted execution environment; the service data is sent by the data provider after the target application passes the security authentication, and the service data contains expected version information, wherein the expected version information is used for describing that the data provider expects to send the service data to the target application with a specified version; performing local authentication processing on the target application to obtain current version information of the target application, and performing security check processing on the target application by adopting the current version information and the expected version information to obtain a check result about the target application; and when the checking result indicates that the target application passes the security checking process, the business data is sent to the target application, so that the target application executes business processing based on the business data.
In one embodiment, the manner in which the data provider securely authenticates the target application includes: the data provider acquires application source codes of the target application and public version information of the target application, and carries out version authentication on the target application based on the application source codes and the public version information to obtain a version authentication result; the data provider performs environment authentication on an execution environment where the target application is located to obtain an environment authentication result, and generates a security authentication result of the target application based on the version authentication result and the environment authentication result; the security authentication result is used to indicate whether the target application passes the security authentication.
In one embodiment, the public version information is used to indicate a public version of the executable file corresponding to the target application, where one version of the executable file matches one version of the application source code; performing version authentication on the target application based on the application source code and the public version information to obtain a version authentication result, wherein the method comprises the following steps: compiling an application source code of a target application by a data provider to obtain proofreading version information, wherein the proofreading version information is used for describing a version of an executable file obtained by compiling the application source code of the target application; the data provider compares the consistency of the public version information and the proofreading version information to obtain a comparison result, and takes the comparison result as a version authentication result; the version authentication result is used for indicating whether the target application passes the version authentication; when the public version information and the proofreading version information are different, the version authentication result indicates that the target application fails the version authentication.
In one embodiment, the environmental authentication result includes version information about the target application to be collated; the data provider generating a security authentication result of the target application based on the version authentication result and the environment authentication result, comprising: if the version authentication result indicates that the target application passes the version authentication and the environment authentication result indicates that the target application passes the environment authentication, the data provider performs verification processing on the version information to be verified according to the public version information to obtain a verification result; the proofreading result is used as a security authentication result; if the version authentication result indicates that the target application fails the version authentication, or the environment authentication result indicates that the target application fails the environment authentication, the data provider generates a security authentication result based on the version authentication result and the environment authentication result; and when the execution environment where the target application is located is a trusted execution environment, the target application passes the environment authentication.
In one embodiment, if the verification result indicates that the public version information is consistent with the version information to be verified, the data provider determines that the target application passes the security authentication, and the public version information of the target application is taken as the expected version information; otherwise, determining that the target application fails the security authentication.
In one embodiment, the method provided by the embodiment of the application can be executed by proxy equipment, proxy service is deployed in the proxy equipment, the proxy service and the target application are used as data users, and after the data provider determines that the proxy service and the target application pass through security authentication, the service data is sent to the target application through the proxy service;
a processor 901, configured to receive a security authentication request sent by a data provider, where the security authentication request includes an identifier of a target application requested to be authenticated by the data provider;
and the processor 901 is configured to determine a target application based on the identifier included in the security authentication request, and invoke the proxy service to perform environment authentication on the target application, generate an environment authentication result, and return the environment authentication result to the data provider.
In one embodiment, the secure authentication request further includes a first verification parameter generated by the data provider; processor 901 for: the proxy service is called to send a local authentication request carrying a first check parameter to the target application, so that the target application returns local authentication information about the target application based on the local authentication request; receiving local authentication information about a target application and generating a communication key pair; generating an environment authentication result about the target application according to the local authentication information, the first verification parameter and the communication public key in the communication key pair; the local authentication information comprises a second verification parameter, and when the first verification parameter is the same as the second verification parameter, the environment authentication result is valid.
In one embodiment, processor 901 is configured to: acquiring a reference check parameter and sending a local authentication request carrying the reference check parameter to a target application so that the target application returns a local authentication result based on the local authentication request; receiving a local authentication result sent by a target application, wherein the local authentication result comprises a current verification parameter and version information; and when the current verification parameter is consistent with the reference verification parameter, determining that the version information contained in the local authentication result is the current version information of the target application.
In one embodiment, the service data is obtained by encrypting the service data based on a data key;
processor 901 for: acquiring an encrypted data key and a communication key pair; the encrypted data key is obtained by encrypting the data key through a communication public key in a communication key pair; decrypting the encrypted data key based on a communication private key in the communication key pair to obtain a data key; decrypting the service data based on the data key to obtain decrypted service data; and sending the decrypted service data to the target application.
In one embodiment, the computer device is a proxy device, a proxy service is deployed in the proxy device, and the service data is sent to the target application through the proxy service after the data provider determines that the proxy service and the target application pass the security authentication; the proxy service provides one or more of the following functional interfaces: the system comprises a data proxy interface, a security authentication interface, a local authentication interface, a data access interface and a data decryption interface; the data proxy interface is used for receiving the service data sent by the data provider so as to send the service data to the target application of the appointed version indicated by the expected version information; the safety authentication interface is used for receiving a safety authentication request and an environment authentication result; the local authentication interface is used for sending a local authentication request to the target application and receiving a local authentication result returned by the target application; the data access interface is used for authorizing the target application to acquire service data; the data decryption interface is used for decrypting the service data to obtain decrypted service data.
In one embodiment, the verification result about the target application is obtained by performing consistency verification on the current version information by using the expected version information; if the expected version information is consistent with the current version information, the checking result indicates that the target application passes the security checking process; if the expected version information and the current version information are inconsistent, the checking result indicates that the target application does not pass the security checking process.
It should be understood that the computer device 900 described in the embodiment of the present application may perform the description of the data processing method in the embodiment corresponding to the foregoing description, and may also perform the description of the data processing apparatus 800 in the embodiment corresponding to the foregoing description of fig. 8, which is not repeated herein. In addition, the description of the beneficial effects of the same method is omitted.
In addition, it should be noted that, in an exemplary embodiment of the present application, a storage medium is further provided, where a computer program of the foregoing data processing method is stored, where the computer program includes program instructions, and when one or more processors loads and executes the program instructions, descriptions of the data processing method in the embodiment may be implemented, and details of beneficial effects of the same method are not repeated herein, and are not repeated herein. It will be appreciated that the program instructions may be executed on one or more computer devices that are capable of communicating with each other.
The computer readable storage medium may be the data processing apparatus provided in any one of the foregoing embodiments or an internal storage unit of the computer device, for example, a hard disk or a memory of the computer device. The computer readable storage medium may also be an external storage device of the computer device, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) card, a flash card (flash card) or the like, which are provided on the computer device. Further, the computer-readable storage medium may also include both internal storage units and external storage devices of the computer device. The computer-readable storage medium is used to store the computer program and other programs and data required by the computer device. The computer-readable storage medium may also be used to temporarily store data that has been output or is to be output.
In one aspect of the application, a computer program product or computer program is provided that includes computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the method provided in an aspect of the embodiment of the present application.
The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs.
The modules in the device of the embodiment of the application can be combined, divided and deleted according to actual needs.
The above disclosure is only a few examples of the present application, and it is not intended to limit the scope of the present application, but it is understood by those skilled in the art that all or a part of the above embodiments may be implemented and equivalents thereof may be modified according to the scope of the present application.
Claims (15)
1. A method of data processing, comprising:
receiving service data sent by a data provider; the service data is to be sent to a target application in a trusted execution environment; the service data is sent by the data provider after the target application passes the security authentication, and the service data comprises expected version information which is used for describing that the data provider expects to send the service data to the target application with a specified version;
performing local authentication processing on the target application to obtain current version information of the target application, and performing security check processing on the target application by adopting the current version information and the expected version information to obtain a check result about the target application;
And when the checking result indicates that the target application passes the security checking process, the business data is sent to the target application, so that the target application executes business processing based on the business data.
2. The method of claim 1, wherein the manner in which the data provider securely authenticates the target application comprises:
the data provider acquires application source codes of the target application and public version information of the target application, and carries out version authentication on the target application based on the application source codes and the public version information to obtain a version authentication result;
the data provider performs environment authentication on an execution environment where the target application is located to obtain an environment authentication result, and generates a security authentication result of the target application based on the version authentication result and the environment authentication result; the security authentication result is used for indicating whether the target application passes the security authentication.
3. The method of claim 2, wherein the public version information indicates that the target application corresponds to a public version of an executable file, one version of the executable file matching one version of application source code; the step of carrying out version authentication on the target application based on the application source code and the public version information to obtain a version authentication result comprises the following steps:
The data provider compiles the application source code of the target application to obtain proofreading version information, wherein the proofreading version information is used for describing the version of the executable file obtained by compiling the application source code of the target application;
the data provider compares the consistency of the public version information and the proofreading version information to obtain a comparison result, and takes the comparison result as a version authentication result;
the version authentication result is used for indicating whether the target application passes version authentication or not; when the public version information and the proofreading version information are the same, the version authentication result indicates that the target application passes the version authentication, and when the public version information and the proofreading version information are different, the version authentication result indicates that the target application fails the version authentication.
4. The method of claim 2, wherein the environmental authentication result includes version information about the target application to be collated; the generating a security authentication result of the target application based on the version authentication result and the environment authentication result includes:
if the version authentication result indicates that the target application passes the version authentication and the environment authentication result indicates that the target application passes the environment authentication, the data provider performs the checking processing on the version information to be checked according to the public version information to obtain a checking result; the proofreading result is used as a security authentication result;
If the version authentication result indicates that the target application fails the version authentication, or the environment authentication result indicates that the target application fails the environment authentication, the data provider generates a security authentication result based on the version authentication result and the environment authentication result;
and when the execution environment where the target application is located is a trusted execution environment, the target application passes the environment authentication.
5. The method of claim 4, wherein the method further comprises:
if the proofreading result indicates that the public version information is consistent with the version information to be proofread, the data provider determines that the target application passes the security authentication, and the public version information of the target application is taken as expected version information;
otherwise, determining that the target application fails the security authentication.
6. The method according to any of claims 1-5, wherein the method is performed by a proxy device having a proxy service deployed therein, the proxy service and the target application being treated as data consumers, the traffic data being sent to the target application by the proxy service after the data provider determines that both the proxy service and the target application are secure authenticated; the method further comprises the steps of:
The data user receives a security authentication request sent by the data provider, wherein the security authentication request comprises an identification of a target application requested to be authenticated by the data provider;
and the data user determines a target application based on the identifier included in the security authentication request, invokes the proxy service to perform environment authentication on the target application, and generates an environment authentication result, wherein the environment authentication result is returned to the data provider.
7. The method of claim 6, wherein the secure authentication request further comprises a first verification parameter generated by the data provider; the invoking the proxy service to perform environment authentication on the target application, generating an environment authentication result, including:
invoking the proxy service to send a local authentication request carrying the first verification parameter to the target application so that the target application returns local authentication information about the target application based on the local authentication request;
receiving the local authentication information about the target application and generating a communication key pair;
generating an environment authentication result about the target application according to the local authentication information, the first verification parameter and the communication public key in the communication key pair;
The local authentication information comprises a second verification parameter, and when the first verification parameter is the same as the second verification parameter, the environment authentication result is valid.
8. The method of claim 1, wherein the performing local authentication processing on the target application to obtain current version information of the target application includes:
acquiring a reference check parameter and sending a local authentication request carrying the reference check parameter to the target application so that the target application returns a local authentication result based on the local authentication request;
receiving a local authentication result sent by the target application, wherein the local authentication result comprises a current verification parameter and version information;
and when the current verification parameter is consistent with the reference verification parameter, determining that the version information contained in the local authentication result is the current version information of the target application.
9. The method of claim 1, wherein the service data is obtained by encrypting the service data based on a data key, and wherein the sending the service data to the target application comprises:
acquiring an encrypted data key and a communication key pair; the encrypted data key is obtained by encrypting the data key through a communication public key in a communication key pair;
Decrypting the encrypted data key based on a communication private key in the communication key pair to obtain a data key;
and decrypting the service data based on the data key to obtain decrypted service data, and sending the decrypted service data to the target application.
10. The method of claim 1, wherein the method is performed by a proxy device having a proxy service deployed therein, the business data being sent to the target application through the proxy service after the data provider determines that both the proxy service and the target application pass security authentication; the proxy service provides one or more of the following functional interfaces: the system comprises a data proxy interface, a security authentication interface, a local authentication interface, a data access interface and a data decryption interface;
the data proxy interface is used for receiving the service data sent by the data provider, so as to send the service data to a target application of a specified version indicated by the expected version information;
the safety authentication interface is used for receiving a safety authentication request and an environment authentication result;
the local authentication interface is used for sending a local authentication request to the target application and receiving a local authentication result returned by the target application;
The data access interface is used for authorizing the target application to acquire the service data;
the data decryption interface is used for decrypting the service data to obtain decrypted service data.
11. The method of claim 1, wherein the collation result for the target application is obtained by consistency verification of the current version information using the expected version information;
if the expected version information is consistent with the current version information, the checking result indicates that the target application passes security checking processing;
and if the expected version information is inconsistent with the current version information, the checking result indicates that the target application does not pass the security checking process.
12. A data processing apparatus, comprising:
the receiving and transmitting module is used for receiving service data sent by the data provider; the service data is to be sent to a target application in a trusted execution environment; the service data is sent by the data provider after the target application passes the security authentication, and the service data comprises expected version information which is used for describing that the data provider expects to send the service data to the target application with a specified version;
The processing module is used for carrying out local authentication processing on the target application to obtain current version information of the target application, and carrying out security checking processing on the target application by adopting the current version information and the expected version information to obtain a checking result about the target application;
and the receiving and transmitting module is further used for transmitting the service data to the target application when the checking result indicates that the target application passes the security checking process, so that the target application executes service processing based on the service data.
13. A computer device, comprising:
a processor adapted to execute a computer program;
a computer readable storage medium having stored therein a computer program which, when executed by the processor, performs the data processing method according to any of claims 1-11.
14. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, performs the data processing method of any one of claims 1-11.
15. A computer program product, characterized in that the computer program product comprises a computer program or computer instructions which, when executed by a processor, perform the data processing method according to any of claims 1-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211431805.2A CN116980158A (en) | 2022-11-15 | 2022-11-15 | Data processing method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211431805.2A CN116980158A (en) | 2022-11-15 | 2022-11-15 | Data processing method and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116980158A true CN116980158A (en) | 2023-10-31 |
Family
ID=88473672
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211431805.2A Pending CN116980158A (en) | 2022-11-15 | 2022-11-15 | Data processing method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116980158A (en) |
-
2022
- 2022-11-15 CN CN202211431805.2A patent/CN116980158A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111429254B (en) | Business data processing method and device and readable storage medium | |
| CN110011956B (en) | Data processing method and device | |
| US20210091963A1 (en) | System and method for managing installation of an application package requiring high-risk permission access | |
| CN110677418B (en) | Trusted voiceprint authentication method and device, electronic equipment and storage medium | |
| US11917074B2 (en) | Electronic signature authentication system based on biometric information and electronic signature authentication method | |
| CN111262889B (en) | Authority authentication method, device, equipment and medium for cloud service | |
| KR20170129866A (en) | Automated demonstration of device integrity using block chains | |
| CN111431707B (en) | Service data information processing method, device, equipment and readable storage medium | |
| Park et al. | TM-Coin: Trustworthy management of TCB measurements in IoT | |
| CN111770200A (en) | Information sharing method and system | |
| CN111770199B (en) | Information sharing method, device and equipment | |
| CN111914293A (en) | Data access authority verification method and device, computer equipment and storage medium | |
| CN111460457A (en) | Real estate property registration supervision method, device, electronic equipment and storage medium | |
| CN115580413B (en) | Zero-trust multi-party data fusion calculation method and device | |
| CN112765637A (en) | Data processing method, password service device and electronic equipment | |
| CN113282946A (en) | Information security method and system based on data access process in high-reliability environment | |
| CN111932261A (en) | Asset data management method and device based on verifiable statement | |
| CN113055182B (en) | Authentication method and system, terminal, server, computer system, and medium | |
| CN111431840A (en) | Security processing method and device | |
| Crowther et al. | Securing Over-the-Air Firmware Updates (FOTA) for Industrial Internet of Things (IIOT) Devices | |
| US20240113898A1 (en) | Secure Module and Method for App-to-App Mutual Trust Through App-Based Identity | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN113691508B (en) | Data transmission method, system, device, computer equipment and storage medium | |
| CN116980158A (en) | Data processing method and related equipment | |
| CN114584347A (en) | Verification short message receiving and sending method, server, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication |