CN109634619A - Credible performing environment implementation method and device, terminal device, readable storage medium storing program for executing - Google Patents
Credible performing environment implementation method and device, terminal device, readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN109634619A CN109634619A CN201811406497.1A CN201811406497A CN109634619A CN 109634619 A CN109634619 A CN 109634619A CN 201811406497 A CN201811406497 A CN 201811406497A CN 109634619 A CN109634619 A CN 109634619A
- Authority
- CN
- China
- Prior art keywords
- mirror image
- data
- remote access
- performing environment
- credible performing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of credible performing environment implementation method, comprising: closes all remote access services that data provide the pre-selection underlying Operating System at end, and installs the remote access to application of preset kind;Make the mirror image of underlying Operating System;Digital signature is added to mirror image, and block chain is written into digital signature;When receiving credible performing environment enabled instruction, digital signature corresponding with target mirror image is obtained from block chain and is signed as check digit;If judging check digit signature effectively, target mirror image is transferred;Mounted remote access to application is run, and generates data and the remote access address at end is provided, and remote access address is sent to data and uses end.The present invention also provides a kind of credible performing environment realization devices, terminal device, readable storage medium storing program for executing.The present invention solves the technical issues of available data presentation mode is easy to appear leaking data, algorithm leakage.
Description
Technical field
The present invention relates to technical field of data processing more particularly to a kind of credible performing environment implementation method and devices, end
End equipment, readable storage medium storing program for executing.
Background technique
At present the data providing formula between different institutions be by the environment of data copy to other side, all sides of data without
Whether method effective monitoring data are copied illegally or are lost;Or data user uses number in the environment of all sides of data
According to existing and pried through by all sides of data data usage mode.In other words, when carrying out data sharing between current different institutions,
Source data safety or algorithm security by sacrificing a side is needed to complete;Data or algorithm use in non-security environment
And generation, be easy to appear leaking data, algorithm leakage the problem of.
Above content is only used to facilitate the understanding of the technical scheme, and is not represented and is recognized that above content is existing skill
Art.
Summary of the invention
The main purpose of the present invention is to provide a kind of credible performing environment implementation method and devices, terminal device, readable
Storage medium, it is intended to solve available data presentation mode and be difficult to the safety of effective guarantee source data or the safety of algorithm, be easy
The technical issues of existing leaking data, algorithm leakage.
To achieve the above object, the present invention provides a kind of credible performing environment implementation method, and the method includes walking as follows
It is rapid:
All remote access services that data provide the pre-selection underlying Operating System at end are closed, and the remote of preset kind is installed
Journey access application;
Make the mirror image of the underlying Operating System;
Digital signature is added to the mirror image, and block chain is written into the digital signature;
When receiving the enabled instruction of credible performing environment, found out from each mirror image made and credible execution ring
The mirror image of the corresponding underlying Operating System in border is as target mirror image;
Digital signature corresponding with target mirror image is obtained from block chain to sign as check digit;
Judge whether the check digit signature is effective;If effectively, transferring target mirror image;
The mounted remote access to application is run, and generates data and the remote access address at end is provided, and
The remote access address is sent to data and uses end.
Preferably, it is described judge check digit signature whether effective step, specifically include:
Obtain the digital signature for being added to target mirror image;
The digital signature of target mirror image is compared with check digit signature;
If the two is consistent, determine that the target mirror image is effective;Otherwise, it is determined that the target mirror image is invalid.
Preferably, after described the step of transferring target mirror image, further includes:
Confirm the data cloud computing service type currently used using end;
If currently used cloud computing service type is first service type, start target mirror image;And in starting target
After mirror image, step is executed: the mounted remote access to application of operation, and generate data and the remote access at end is provided
Address, and the remote access address is sent to data and uses end;
If currently used cloud computing service type is second service type, start virtual machine, and by the virtual machine
Administrator's password reset to random cipher, then execute step: the mounted remote access to application of operation, and raw
The remote access address at end is provided at data, and the remote access address is sent to data and uses end;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure takes
Business IaaS type.
Preferably, after the step of mirror image of the production underlying Operating System, further includes:
The content of the mirror image made is trimmed, to delete the service of the preselected types of the mirror image.
Preferably, the remote access to application includes Jupyter application.
In addition, to achieve the above object, the present invention also provides a kind of credible performing environment realization device, described device packets
It includes:
Preparatory unit, all remote access services for providing the pre-selection underlying Operating System at end for closing data, and pacify
Fill the remote access to application of preset kind;
Mirror image production unit, for making the mirror image of the underlying Operating System;
For adding digital signature to the mirror image, and block chain is written in the digital signature by digital signature unit;
Mirror image searching unit, for when receiving the enabled instruction of credible performing environment, from each mirror image made
The mirror image of underlying Operating System corresponding with credible performing environment is found out as target mirror image;
Verification unit is signed for obtaining digital signature corresponding with target mirror image from block chain as check digit;
Judge whether the check digit signature is effective;
Mirror image transfers unit, for transferring target mirror image when judging that the check digit signature is effective;
Applying unit for running the mounted remote access to application, and generates data and provides the long-range of end
Access address, and the remote access address is sent to data and uses end.
Preferably, the verification unit is added to the digital signature of target mirror image specifically for obtaining;By target mirror image
Digital signature is compared with check digit signature;If the two is consistent, determine that the target mirror image is effective;Otherwise, sentence
The fixed target mirror image is invalid.
Preferably, the applying unit is also used to confirm the data cloud computing service type currently used using end;If working as
The preceding cloud computing service type used is first service type, then starts target mirror image;And after starting target mirror image, execute
Step: the mounted remote access to application of operation, and generate data and the remote access address at end is provided, and by institute
It states remote access address and is sent to data using end;
If it is second service type that the applying unit, which is also used to currently used cloud computing service type, starting is virtual
Machine, and the administrator's password of the virtual machine is reset into random cipher, then execute step: operation is mounted described long-range
Access application, and generate data and the remote access address at end is provided, and the remote access address is sent to data
Use end;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure takes
Business IaaS type.
In addition, to achieve the above object, the present invention also provides a kind of terminal device, the terminal device include: memory,
The credible performing environment that processor and being stored in can be run on the memory and on the processor realizes program, it is described can
Letter performing environment realizes the step of credible performing environment implementation method as described above is realized when program is executed by the processor.
In addition, to achieve the above object, the present invention also provides a kind of readable storage medium storing program for executing, being deposited on the readable storage medium storing program for executing
It contains credible performing environment and realizes that program, the credible performing environment are realized and realized as described above when program is executed by processor
The step of credible performing environment implementation method.
The embodiment of the present invention proposes a kind of credible performing environment implementation method and device, terminal device, readable storage medium storing program for executing,
Close the fundamental operation system of the remote access to application of all remote access services and installation preset kind in advance by making
The mirror image of system, creation are only capable of realizing the mirror image operation system that remote access, other third parties can not access with cloud server;With
And digital signature is added to mirror image, and by digitized signature record to block chain, to for the subsequent validity to target mirror image
Verifying provides verifying foundation.When data need to obtain data using end and provide the local data at end, data provide end operation
The remote access to application of installation generates and sends the remote access address that data use end using end to data.I.e. can only
End is provided to data by cloud server and is remotely accessed and obtained related data, and related data is back to data to make
With end.As a result, performing environment is deployed in cloud server, data can not directly contact data using end and provide end side
Physical equipment;Cloud deployment simultaneously and remote access mode ensure that the input of performing environment, output element are in controllably
State avoids and data is provided with the unauthorized access of the local data at end, while data offer end can not also obtain data use
The data generated in data procedures and algorithm are obtained in square performing environment beyond the clouds.To effectively ensure the safety of source data
Or the safety of algorithm, reduce the risk of leaking data, algorithm leakage.
Detailed description of the invention
Fig. 1 is the flow diagram of the credible performing environment implementation method first embodiment of the present invention;
Fig. 2 is the first schematic diagram of cloud service functional framework of the credible performing environment implementation method first embodiment of the present invention;
Fig. 3 is the second schematic diagram of cloud service functional framework of the credible performing environment implementation method first embodiment of the present invention;
Fig. 4 is that the process of the credible performing environment implementation method second embodiment of the present invention realizes schematic diagram;
Fig. 5 is the composition schematic diagram of the credible each functional unit of performing environment realization device of the present invention;
Fig. 6 is each composition partial block diagram of terminal device of the present invention.
The object of the invention is realized, the embodiments will be further described with reference to the accompanying drawings for functional characteristics and advantage.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Part term of the present invention and its explanation are listed below:
SaaS (Software-as-a-Service): software services.SaaS is a kind of service mode of cloud computing,
The service for being supplied to client is application program that operator operates in cloud computing infrastructure, and user can be in various equipment
It is accessed by client end interface, such as browser.Consumer does not need to manage or control any cloud computing infrastructure, including net
Network, server, operating system, storage etc..
IaaS (Infrastructure-as-a-Service): infrastructure services.IaaS is a kind of clothes of cloud computing
Business mode, the service for being supplied to consumer is utilization to all computing basic facilities, including processing CPU, memory, storage,
Network and other basic computing resources, user can dispose and run any software, including operating system and application program.
Credible performing environment (TEE): the safety zone in primary processor.It operate in an independent environment and with behaviour
Make system in parallel operation.By protecting data and code using hardware and software simultaneously, it is ensured that the generation loaded in this context
Code and the confidentiality and integrity of data all obtain protecting safer than legacy system (i.e. REE, rich performing environment).In TEE
The repertoire of the trusted application program of middle operation accessible equipment primary processor and memory, and hardware isolated protects these
Component is not influenced by the user installation application program run in master operating system.TEE is protected jointly by software and encryption isolation
Protect different trusted application programs.
Data provide end: providing related port/device/equipment of data.
Data use end: carrying out related port/device/equipment of data acquisition.
A kind of Docker: application container engine of open source.Based on Docker, developer can be packaged they application and
Packet is relied on into a transplantable container, is then published on all kinds of machines using linux system, also may be implemented virtual
Change.
The present invention provides a kind of credible performing environment implementation method.
Fig. 1 is please referred to, Fig. 1 is the flow diagram of the credible performing environment implementation method first embodiment of the present invention.At this
In implementation, described method includes following steps:
Step S10 closes all remote access services that data provide the pre-selection underlying Operating System at end, and installs default
The remote access to application of type;
Wherein, the specific requirements condition of the credible performing environment based on cloud server preselects corresponding fundamental operation system
System.Cloud server is wide in range property concept, including all kinds of servers for belonging to cloud architecture, platform, system.It services beyond the clouds
It may include different credible performing environments on device;Corresponding, different credible performing environments has corresponding specific requirements condition,
It answers depending on the circumstances.For a certain credible performing environment, needs to pre-select and provide on end that run and meet can in data
Believe the underlying Operating System of performing environment specific requirements condition.Then step S10 is executed.Preferably, the remote access application
Program includes Jupyter application.Jupyter application program is a open source, the interactive of a variety of programming languages is supported to calculate ring
Connection and remote access between data offer end and Cloud Server may be implemented in border tool.
Step S20 makes the mirror image of the underlying Operating System;
The implementation for making the mirror image of underlying Operating System has been mature technology, and which is not described herein again.
Optionally, after making mirror image, further includes: the content for the mirror image that trimming has made, to delete the mirror
The service of the preselected types of picture.Understandably, the mirror image of underlying Operating System includes several different types of services.Here institute
Refer to that " service " is a broad concept, such as types of functionality code, application program, software.Mirror image is trimmed, is deleted useless
Service only retains infrastructure service relevant to data sharing, to construct the image file of lightweight, helps to reduce mirror image text
Part is uploaded to the time-consuming of Cloud Server, also helps the operational efficiency and stability for promoting data sharing.
Step S30 adds digital signature to the mirror image, and block chain is written in the digital signature;
In embodiment, the digital signature can be one group of abstract that image file is generated according to certain digest algorithm
Information (characteristic information), or the electronic signature obtained after being encrypted to the summary info.Specifically, it is calculated using public key encryption
The method that method signs to electronic information.For example, one group for being first depending on certain digest algorithm generation image file is plucked
It wants information (characteristic information), and the summary info is encrypted with the private key in generated public private key pair, form signature text
Part.
The digital signature of generation is directly appended in the default storage region of the mirror image, or as the one of the mirror image
Item attachment.
Distributed Storage, point-to-point transmission, common recognition machine on the digitized signature record of mirror image to block chain, that is, will be based on
The digital signature of mirror image is recorded (book keeping operation) by the block chain technology of the computer technologies such as system, Encryption Algorithm.Block is recorded
The digital signature of mirror image on chain is modified will to leave the modification trace (voucher) for being easy acquisition, therefore can be used for subsequent
Digital signature authentication, and then verify the validity mirror image of production (judge whether be tampered) of mirror image.
It should be noted that each step as described above is the series of steps of the mirror image production of basic operating system.It is all kinds of
The mirror image of underlying Operating System need to only make one.
Preferably, after step S30, comprising: the mirror image is uploaded to cloud storage region;
The image file for being added to digital signature is uploaded to the default storage region on Cloud Server, presets storage region
It can be dedicated for storing the mirror image warehouse of the image file of each mirror image.What image file was uploaded on Cloud Server default deposits
Storage area domain can be avoided image file and be stored in the home environment of data providing and illegally be distorted, only need using
Credible performing environment carries out just downloading the image file when data sharing, helps to improve the flexibility in use of image file.
Step S40, when receiving the enabled instruction of credible performing environment, found out from each mirror image made with can
Believe the mirror image of the corresponding underlying Operating System of performing environment as target mirror image;
When data, which need to obtain data using end, provides the related data at end, data log in Cloud Server using end, and
Data acquisition request is sent to Cloud Server and selects specific credible performing environment as the credible performing environment of target, thus
So that Cloud Server provides the enabled instruction that end sends credible performing environment to data.Data provide end according to the enabled instruction,
Confirm the credible performing environment of target (i.e. data use credible performing environment selected by end);Based on credible performing environment, basis behaviour
The incidence relation for making system and corresponding mirror image, determines target mirror image corresponding with the credible performing environment of target.Such as determine target
The title of mirror image and version number.
Step S50 obtains digital signature corresponding with target mirror image from block chain and signs as check digit;
Specifically, the location information of digital signature corresponding with target mirror image is obtained, and according to the position of the digital signature
Set information extraction digital signature.
Step S60 judges whether the check digit signature is effective;If effectively, transferring target mirror image;
Specifically, a kind of to judge whether effective embodiment includes: the check digit signature
Step S61 obtains the digital signature for being added to target mirror image;
For example, from the digital signature file of cloud server downloading target mirror image.Alternatively, generating the digital signature of mirror image
Afterwards, which is stored to data and the local position at end is provided;The digital signature is extracted when executing step S71.
The digital signature of target mirror image is compared step S62 with check digit signature;
The unencryption if check digit is signed directly carries out the digital signature of target mirror image and check digit signature
It compares.If check digit signature is encrypted using public key encryption mode described above, the public key in public private key pair is used
Check digit signature is decrypted, then compares the check digit signature after the digital signature and decryption of target mirror image
It is right.
Step S63 determines that the target mirror image is effective if the two is consistent;Otherwise, it is determined that the target mirror image is invalid.
When the digital signature of target mirror image and consistent check digit signature, it was demonstrated that target mirror image is not tampered with, mesh
The safety of index glass picture determines that target mirror image is effective by verifying at this time;Otherwise, it is determined that check digit signature is invalid, directly tie
Shu Benci data sharing operations, and provide end using end or data to data and send the invalid prompt letter of digital signature verification
Breath, so that data user or data providing learn the information of authentication failed and make relevant counter-measure.
When determining that target mirror image is effective, if target mirror image is stored in advance in cloud storage region, Cloud Server is called,
And download the local storage region that target mirror image is stored in data offer end;If target mirror image is stored in advance in data and provides end
Local storage region then calls directly simultaneously operational objective mirror image.
Step S70 runs the mounted remote access to application, and with generating the remote access at data offer end
Location, and the remote access address is sent to data and uses end.
After the target mirror image downloaded from the mirror memory areas of Cloud Server passes through digital signature consistency checking, in data
The local boot target mirror image at end, namely starting target mirror image operating system are provided.Start and transport in the mirror image operation system
The mounted remote access to application of row.Such as starting Jupyter program;Based on Jupyter program, realize that data provide end
Connection and remote access between Cloud Server.It is and specific remote at this point, data provide end as a target access port
Journey access address is corresponding.The remote access address can be based on the generation of preset network communication protocol.
The remote access address of generation is sent to data and uses end.In turn, data user is carried out in data using end
Operation;Correspondingly, data connect Cloud Server using end, and input the remote access address, to be visited by cloud server
It asks that the data under target mirror image operating system provide end, and obtains corresponding local data, then pass via cloud server
It transports to data and uses end.In this way, data user, which realizes, provides the data acquisition of end side to data.
Cloud service functional framework schematic diagram as shown in Figure 2 and Figure 3, the building of the credible performing environment in the present embodiment and
Operation be related to the service of block chain, credible performing environment service, container service, mirroring service, calculate service, storage service, virtually
Change technology and cloud server it is specifically used, by the way that a variety of services, technology and equipment are carried out fusion utilization, realize this reality
The realization of the credible performing environment in example based on cloud service is applied, and then is protected in data sharing process to the guarantor of data and algorithm
Shield.
In the present embodiment, by making the remote access closed all remote access services in advance and install preset kind
The mirror image of the underlying Operating System of application program, creation are only capable of realizing that remote access, other third parties can not with cloud server
The mirror image operation system of access;And digital signature is added to mirror image, and by digitized signature record to block chain, to for after
The continuous validation verification to target mirror image provides verifying foundation.It needs to obtain data using end in data and the local data at end is provided
When, data provide end and run mounted remote access to application, generate and use end using end transmission data to data
Remotely access address.End can only be provided to data by cloud server and be remotely accessed and obtained related data, and will
Related data is back to data and uses end.As a result, performing environment is deployed in cloud server, data can not be direct using end
It touches data and the physical equipment of end side is provided;Cloud deployment simultaneously and remote access mode ensure that the defeated of performing environment
Enter, output element is in controllable state, avoid to data provide end local data unauthorized access, while data provide
End can not also obtain data user and obtain the data generated in data procedures and algorithm in performing environment beyond the clouds.To have
Effect ground ensures the safety of source data or the safety of algorithm, reduces the risk of leaking data, algorithm leakage.
Further, after described the step of transferring target mirror image, further includes:
Step S80, the confirmation data cloud computing service type currently used using end;
Understandably, cloud server provides a variety of different cloud computing service types, so that data are selected using end.Number
Suitable cloud computing service type (including but not limited to following first/second can be selected according to actual needs according to user
Service type).Correspondingly, different cloud computing service types corresponds to different target image starting and the method for operation.Step
S81, S82 are the correspondence step of two class difference service types.
Step S81 starts target mirror image if currently used cloud computing service type is first service type;And
After starting target mirror image, step S80 is executed;
Step S82 starts virtual machine if currently used cloud computing service type is second service type, and by institute
The administrator's password for stating virtual machine resets to random cipher, then executes step S80;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure takes
Business IaaS type.
It is illustrated below with reference to flow chart shown in Fig. 4.It is Jupyter application with the remote access to application of installation
As an example.If currently used cloud computing service type is first service type (preferably software services SaaS type),
Container service (Container Service) is used at this time.Container service provides the container application pipe of building high performance and scalability
Reason service is supported to carry out Application Lifecycle Management with Docker container, provides a variety of application published methods and persistently deliver energy
Power simultaneously supports micro services framework.After calling Cloud Server downloading target mirror image, end is provided in data and directly initiates target mirror image,
Then start the Jupyter application in mirror image, and run corresponding Jupyter service.Then access Jupyter serviced
Location is sent to data and uses end.Data log in Cloud Server using end, and remotely access Jupyter service by Cloud Server
Access address, and then obtain data and the local data at end is provided.
If currently used cloud computing service type is that (preferably infrastructure services IaaS class to second service type
Type), use calculating to service at this time.It is serviced based on IaaS, can use all computing basic facilities on Cloud Server.Cause
This provides in data after calling Cloud Server downloading target mirror image and first starts virtual machine on end, and reset the pipe on virtual machine
Reason person's password is random cipher.By resetting password, improves data and provide to terminate and prevented by the safety of the remote access of Cloud Server
Model grade.At this point, without starting target mirror image, need to only start the Jupyter application in mirror image due to the starting of virtual machine, and
Run corresponding Jupyter service.Then the Jupyter access address serviced is sent to data and uses end.Data use end
Cloud Server is logged in, and remotely accesses the access address of Jupyter service by Cloud Server, and then obtains data and end is provided
Local data.
In the present embodiment, the corresponding credible mesh based on cloud service is provided for the specific cloud computing service type of two classes
The running way for marking environment, facilitates the usage scenario for enriching credible target environment, helps to provide a user and meets different use
The different services selection of family demand, service function.
In addition, the present invention also provides a kind of credible performing environment realization devices.
Referring to figure 5., Fig. 5 is the composition schematic diagram of each functional unit of the device.Described device includes:
Preparatory unit 10, all remote access services for providing the pre-selection underlying Operating System at end for closing data, and
The remote access to application of preset kind is installed;
Wherein, the specific requirements condition of the credible performing environment based on cloud server preselects corresponding fundamental operation system
System.Cloud server is wide in range property concept, including all kinds of servers for belonging to cloud architecture, platform, system.It services beyond the clouds
It may include different credible performing environments on device;Corresponding, different credible performing environments has corresponding specific requirements condition,
It answers depending on the circumstances.For a certain credible performing environment, needs to pre-select and provide on end that run and meet can in data
Believe the underlying Operating System of performing environment specific requirements condition.Then step S10 is executed.Preferably, the remote access application
Program includes Jupyter application.Jupyter application program is a open source, the interactive of a variety of programming languages is supported to calculate ring
Connection and remote access between data offer end and Cloud Server may be implemented in border tool.
Mirror image production unit 20, for making the mirror image of the underlying Operating System;
The implementation that mirror image production unit 20 makes the mirror image of underlying Operating System has been mature technology, no longer superfluous here
It states.
Optionally, after making mirror image, mirror image production unit 20 is also used to: trimming the interior of the mirror image made
Hold, to delete the service of the preselected types of the mirror image.Understandably, the mirror image of underlying Operating System includes several inhomogeneities
The service of type." service " referred herein is a broad concept, such as types of functionality code, application program, software.Mirror image is carried out
Trimming, deletes useless service, only retains infrastructure service relevant to data sharing, so that the image file of lightweight is constructed,
Help to reduce the time-consuming that image file is uploaded to Cloud Server, also helps the operational efficiency and stability for promoting data sharing.
For adding digital signature to the mirror image, and block chain is written in the digital signature by digital signature unit 30;
In embodiment, the digital signature can be one group of abstract that image file is generated according to certain digest algorithm
Information (characteristic information), or the electronic signature obtained after being encrypted to the summary info.Specifically, it is calculated using public key encryption
The method that method signs to electronic information.For example, one group for being first depending on certain digest algorithm generation image file is plucked
It wants information (characteristic information), and the summary info is encrypted with the private key in generated public private key pair, form signature text
Part.
The digital signature of generation is directly appended in the default storage region of the mirror image by digital signature unit 30, or
An attachment as the mirror image.
Digital signature unit 30 is based on Distributed Storage, point on the digitized signature record of mirror image to block chain
(note is recorded by the digital signature of mirror image to the block chain technology of the computer technologies such as transmission, common recognition mechanism, Encryption Algorithm
Account).The digital signature for the mirror image being recorded on block chain is modified will to leave the modification trace (voucher) for being easy acquisition, because
This can be used for subsequent digital signature authentication, and then the validity for verifying mirror image (judges whether the mirror image of production is usurped
Change).
It should be noted that each step as described above is the series of steps of the mirror image production of basic operating system.It is all kinds of
The mirror image of underlying Operating System need to only make one.
Preferably, described device further includes mirror image uploading unit (not indicating in Fig. 6), for the mirror image to be uploaded to cloud
Hold storage region;
The image file for being added to digital signature is uploaded to the default storage region on Cloud Server by mirror image uploading unit,
Default storage region can be to store the mirror image warehouse of the image file of each mirror image.Image file is uploaded to cloud service
Default storage region on device can be avoided image file and be stored in the home environment of data providing and illegally be distorted,
The image file is just only downloaded when needing and carrying out data sharing using credible performing environment, helps to improve making for image file
Use flexibility ratio.
Mirror image searching unit 40, for when receiving the enabled instruction of credible performing environment, from each mirror image made
In find out the mirror image of underlying Operating System corresponding with credible performing environment as target mirror image;
When data, which need to obtain data using end, provides the related data at end, data log in Cloud Server using end, and
Data acquisition request is sent to Cloud Server and selects specific credible performing environment as the credible performing environment of target, thus
So that Cloud Server provides the enabled instruction that end sends credible performing environment to data.Mirror image searching unit 40 refers to according to the starting
It enables, the confirmation credible performing environment of target (i.e. data use credible performing environment selected by end);Based on credible performing environment, basis
The incidence relation of operating system and corresponding mirror image, determines target mirror image corresponding with the credible performing environment of target.Such as determine mesh
The title of index glass picture and version number.
Verification unit 50, for obtaining digital signature corresponding with target mirror image from block chain as check digit label
Name;Judge whether the check digit signature is effective;
Specifically, verification unit 50 obtains the location information of digital signature corresponding with target mirror image, and according to the number
The location information of word signature extracts digital signature.
When judging whether the check digit signature is effective, the verification unit 50 is specifically used for:
A. the digital signature for being added to target mirror image is obtained;
For example, from the digital signature file of cloud server downloading target mirror image.Alternatively, in the digital signature for generating mirror image
Afterwards, which is stored to data and the local position at end is provided;When needing to be added to the digital signature of target mirror image, mention
Take the digital signature.
B. the digital signature of target mirror image is compared with check digit signature;
The unencryption if check digit is signed directly carries out the digital signature of target mirror image and check digit signature
It compares.If check digit signature is encrypted using public key encryption mode described above, the public key in public private key pair is used
Check digit signature is decrypted, then compares the check digit signature after the digital signature and decryption of target mirror image
It is right.
If c. the two is consistent, determine that the target mirror image is effective;Otherwise, it is determined that the target mirror image is invalid.
When the digital signature of target mirror image and consistent check digit signature, it was demonstrated that target mirror image is not tampered with, mesh
The safety of index glass picture determines that target mirror image is effective by verifying at this time;Otherwise, it is determined that check digit signature is invalid, directly tie
Shu Benci data sharing operations, and provide end using end or data to data and send the invalid prompt letter of digital signature verification
Breath, so that data user or data providing learn the information of authentication failed and make relevant counter-measure.
Mirror image transfers unit 60, for transferring target mirror image when judging that the check digit signature is effective;
When determining that target mirror image is effective, if target mirror image is stored in advance in cloud storage region, mirror image transfers unit
60 call Cloud Server, and download the local storage region that target mirror image is stored in data offer end;If target mirror image is deposited in advance
It stores up and provides the local storage region at end in data, then mirror image transfers unit 60 and calls directly simultaneously operational objective mirror image.
Applying unit 70 for running the mounted remote access to application, and generates data and provides the remote of end
Journey access address, and the remote access address is sent to data and uses end.
After the target mirror image downloaded from the mirror memory areas of Cloud Server passes through digital signature consistency checking, using list
Member 70 provides the local boot target mirror image at end, namely starting target mirror image operating system in data.In the mirror image operation system
Middle starting simultaneously runs mounted remote access to application.Such as starting Jupyter program;Based on Jupyter program, realize
Data provide the connection and remote access between end and Cloud Server.At this point, data provide end as a target access port,
It is corresponding with specific remote access address.The remote access address can be based on the generation of preset network communication protocol.
The remote access address of generation is sent to data and uses end.In turn, data user is carried out in data using end
Operation;Correspondingly, data connect Cloud Server using end, and input the remote access address, to be visited by cloud server
It asks that the data under target mirror image operating system provide end, and obtains corresponding local data, then pass via cloud server
It transports to data and uses end.In this way, data user, which realizes, provides the data acquisition of end side to data.
Cloud service functional framework schematic diagram as shown in Figure 2 and Figure 3, the building of the credible performing environment in the present embodiment and
Operation be related to the service of block chain, credible performing environment service, container service, mirroring service, calculate service, storage service, virtually
Change technology and cloud server it is specifically used, by the way that a variety of services, technology and equipment are carried out fusion utilization, realize this reality
The realization of the credible performing environment in example based on cloud service is applied, and then is protected in data sharing process to the guarantor of data and algorithm
Shield.
In the present embodiment, by making the remote access closed all remote access services in advance and install preset kind
The mirror image of the underlying Operating System of application program, creation are only capable of realizing that remote access, other third parties can not with cloud server
The mirror image operation system of access;And digital signature is added to mirror image, and by digitized signature record to block chain, to for after
The continuous validation verification to target mirror image provides verifying foundation.It needs to obtain data using end in data and the local data at end is provided
When, data provide end and run mounted remote access to application, generate and use end using end transmission data to data
Remotely access address.End can only be provided to data by cloud server and be remotely accessed and obtained related data, and will
Related data is back to data and uses end.As a result, performing environment is deployed in cloud server, data can not be direct using end
It touches data and the physical equipment of end side is provided;Cloud deployment simultaneously and remote access mode ensure that the defeated of performing environment
Enter, output element is in controllable state, avoid to data provide end local data unauthorized access, while data provide
End can not also obtain data user and obtain the data generated in data procedures and algorithm in performing environment beyond the clouds.To have
Effect ground ensures the safety of source data or the safety of algorithm, reduces the risk of leaking data, algorithm leakage.
Further, the applying unit 70 is also used to: a. confirms the data cloud computing service class currently used using end
Type;
Understandably, cloud server provides a variety of different cloud computing service types, so that data are selected using end.Number
Suitable cloud computing service type (including but not limited to following first/second can be selected according to actual needs according to user
Service type).Correspondingly, different cloud computing service types corresponds to different target image starting and the method for operation.Following b, c
It is realized for the function of 70 liang of class difference service types of applying unit.
If b. currently used cloud computing service type is first service type, start target mirror image;And in starting mesh
After index glass picture, step is executed: the mounted remote access to application of operation, and generate data and the long-range visit at end is provided
It asks address, and the remote access address is sent to data and uses end;
If it is second service type that c. the applying unit, which is also used to currently used cloud computing service type, start void
Quasi- machine, and the administrator's password of the virtual machine is reset into random cipher, then execute step: operation is mounted described remote
Journey access application, and generate data and the remote access address at end is provided, and the remote access address is sent to number
It is held according to using;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure takes
Business IaaS type.
It is illustrated below with reference to flow chart shown in Fig. 4.It is Jupyter application with the remote access to application of installation
As an example.If currently used cloud computing service type is first service type (preferably software services SaaS type),
Container service (Container Service) is used at this time.Container service provides the container application pipe of building high performance and scalability
Reason service is supported to carry out Application Lifecycle Management with Docker container, provides a variety of application published methods and persistently deliver energy
Power simultaneously supports micro services framework.After calling Cloud Server downloading target mirror image, end is provided in data and directly initiates target mirror image,
Then start the Jupyter application in mirror image, and run corresponding Jupyter service.Then access Jupyter serviced
Location is sent to data and uses end.Data log in Cloud Server using end, and remotely access Jupyter service by Cloud Server
Access address, and then obtain data and the local data at end is provided.
If currently used cloud computing service type is that (preferably infrastructure services IaaS class to second service type
Type), use calculating to service at this time.It is serviced based on IaaS, can use all computing basic facilities on Cloud Server.Cause
This provides in data after calling Cloud Server downloading target mirror image and first starts virtual machine on end, and reset the pipe on virtual machine
Reason person's password is random cipher.By resetting password, improves data and provide to terminate and prevented by the safety of the remote access of Cloud Server
Model grade.At this point, without starting target mirror image, need to only start the Jupyter application in mirror image due to the starting of virtual machine, and
Run corresponding Jupyter service.Then the Jupyter access address serviced is sent to data and uses end.Data use end
Cloud Server is logged in, and remotely accesses the access address of Jupyter service by Cloud Server, and then obtains data and end is provided
Local data.
In the present embodiment, the corresponding credible mesh based on cloud service is provided for the specific cloud computing service type of two classes
The running way for marking environment, facilitates the usage scenario for enriching credible target environment, helps to provide a user and meets different use
The different services selection of family demand, service function.
In addition, the terminal device includes: memory, processor and is stored in the present invention also provides a kind of terminal device
On the memory and the credible performing environment that can run on the processor realizes that program, the credible performing environment are realized
The step of credible performing environment implementation method as described above is realized when program is executed by the processor.
As shown in fig. 6, the present embodiments relate to terminal device can be it is all kinds of for realizing central controlled device/
Equipment, such as computer, single-chip microcontroller, MCU (Microcontroller Unit, i.e. micro-control unit), smart phone, plate electricity
Brain, laptop.As shown in fig. 6, Fig. 6 is the credible performing environment realization device operation ring that the embodiment of the present invention is related to
The structure of the structural schematic diagram in border, running environment can specifically include: processor 1001, such as CPU, network interface 1004, use
Family interface 1003, memory 1005, communication bus 1002.Wherein, communication bus 1002 is for realizing the company between these components
Connect letter.User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), can be selected
Family interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include standard
Wireline interface, wireless interface (such as WI-FI interface).Memory 1005 can be high speed RAM memory, be also possible to stable deposit
Reservoir (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned place
Manage the storage device of device 1001.
It will be understood by those skilled in the art that the structure of running environment shown in Fig. 6 is not constituted to credible execution ring
The restriction of border realization device may include perhaps combining certain components or different portions than illustrating more or fewer components
Part arrangement.
As shown in fig. 6, as may include operating system, network communication in a kind of memory 1005 of readable storage medium storing program for executing
Module, Subscriber Interface Module SIM and credible performing environment realize program.
In terminal device shown in Fig. 6, network interface 1004 is mainly used for connecting background server, with background server
Carry out data communication;User interface 1003 is mainly used for connecting client (user terminal), carries out data communication with client;And locate
Reason device 1001 can be used for that the credible performing environment stored in memory 1005 is called to realize program, and execute following operation:
All remote access services that data provide the pre-selection underlying Operating System at end are closed, and the remote of preset kind is installed
Journey access application;
Make the mirror image of the underlying Operating System;
Digital signature is added to the mirror image, and block chain is written into the digital signature;
When receiving the enabled instruction of credible performing environment, found out from each mirror image made and credible execution ring
The mirror image of the corresponding underlying Operating System in border is as target mirror image;
Digital signature corresponding with target mirror image is obtained from block chain to sign as check digit;
Judge whether the check digit signature is effective;If effectively, transferring target mirror image;
The mounted remote access to application is run, and generates data and the remote access address at end is provided, and
The remote access address is sent to data and uses end.
Further, processor 1001 can call the credible performing environment stored in memory 1005 to realize program, also
Execute following operation:
Obtain the digital signature for being added to target mirror image;
The digital signature of target mirror image is compared with check digit signature;
If the two is consistent, determine that the target mirror image is effective;Otherwise, it is determined that the target mirror image is invalid.
Further, processor 1001 can call the credible performing environment stored in memory 1005 to realize program, also
Execute following operation:
Confirm the data cloud computing service type currently used using end;
If currently used cloud computing service type is first service type, start target mirror image;And in starting target
After mirror image, step is executed: the mounted remote access to application of operation, and generate data and the remote access at end is provided
Address, and the remote access address is sent to data and uses end;
If currently used cloud computing service type is second service type, start virtual machine, and by the virtual machine
Administrator's password reset to random cipher, then execute step: the mounted remote access to application of operation, and raw
The remote access address at end is provided at data, and the remote access address is sent to data and uses end;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure takes
Business IaaS type.
Further, processor 1001 can call the credible performing environment stored in memory 1005 to realize program, also
Execute following operation:
The content of the mirror image made is trimmed, to delete the service of the preselected types of the mirror image.
Preferably, the remote access to application includes Jupyter application.
In addition, being stored with credible execution ring on the readable storage medium storing program for executing the present invention also provides a kind of readable storage medium storing program for executing
Program is realized in border, and the credible performing environment, which is realized, realizes that credible performing environment as described above is real when program is executed by processor
The step of each embodiment of existing method.
The credible performing environment, which is realized, realizes following operation when program is executed by processor:
All remote access services that data provide the pre-selection underlying Operating System at end are closed, and the remote of preset kind is installed
Journey access application;
Make the mirror image of the underlying Operating System;
Digital signature is added to the mirror image, and block chain is written into the digital signature;
When receiving the enabled instruction of credible performing environment, found out from each mirror image made and credible execution ring
The mirror image of the corresponding underlying Operating System in border is as target mirror image;
Digital signature corresponding with target mirror image is obtained from block chain to sign as check digit;
Judge whether the check digit signature is effective;If effectively, transferring target mirror image;
The mounted remote access to application is run, and generates data and the remote access address at end is provided, and
The remote access address is sent to data and uses end.
Further, the credible performing environment, which is realized, also realizes following operation when program is executed by processor:
Obtain the digital signature for being added to target mirror image;
The digital signature of target mirror image is compared with check digit signature;
If the two is consistent, determine that the target mirror image is effective;Otherwise, it is determined that the target mirror image is invalid.
Further, the credible performing environment, which is realized, also realizes following operation when program is executed by processor:
Confirm the data cloud computing service type currently used using end;
If currently used cloud computing service type is first service type, start target mirror image;And in starting target
After mirror image, step is executed: the mounted remote access to application of operation, and generate data and the remote access at end is provided
Address, and the remote access address is sent to data and uses end;
If currently used cloud computing service type is second service type, start virtual machine, and by the virtual machine
Administrator's password reset to random cipher, then execute step: the mounted remote access to application of operation, and raw
The remote access address at end is provided at data, and the remote access address is sent to data and uses end;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure takes
Business IaaS type.
Further, the credible performing environment, which is realized, also realizes following operation when program is executed by processor:
The content of the mirror image made is trimmed, to delete the service of the preselected types of the mirror image.
Preferably, the remote access to application includes Jupyter application.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
The embodiment of the present invention is described with above attached drawing, but the invention is not limited to above-mentioned specific
Embodiment, the above mentioned embodiment is only schematical, rather than restrictive, those skilled in the art
Under the inspiration of the present invention, without breaking away from the scope protected by the purposes and claims of the present invention, it can also make very much
Form, all of these belong to the protection of the present invention.
Claims (10)
1. a kind of credible performing environment implementation method, which is characterized in that described method includes following steps:
All remote access services that data provide the pre-selection underlying Operating System at end are closed, and the long-range visit of preset kind is installed
Ask application program;
Make the mirror image of the underlying Operating System;
Digital signature is added to the mirror image, and block chain is written into the digital signature;
When receiving the enabled instruction of credible performing environment, found out from each mirror image made and credible performing environment pair
The mirror image for the underlying Operating System answered is as target mirror image;
Digital signature corresponding with target mirror image is obtained from block chain to sign as check digit;
Judge whether the check digit signature is effective;If effectively, transferring target mirror image;
The mounted remote access to application is run, and generates data and the remote access address at end is provided, and by institute
It states remote access address and is sent to data using end.
2. credible performing environment implementation method as described in claim 1, which is characterized in that the judgement check digit label
Name whether effective step, specifically include:
Obtain the digital signature for being added to target mirror image;
The digital signature of target mirror image is compared with check digit signature;
If the two is consistent, determine that the target mirror image is effective;Otherwise, it is determined that the target mirror image is invalid.
3. credible performing environment implementation method as described in claim 1, which is characterized in that described the step of transferring target mirror image
Later, further includes:
Confirm the data cloud computing service type currently used using end;
If currently used cloud computing service type is first service type, start target mirror image;And in starting target mirror image
Later, step is executed: the mounted remote access to application of operation, and the remote access at data offer end is provided
Location, and the remote access address is sent to data and uses end;
If currently used cloud computing service type is second service type, start virtual machine, and by the pipe of the virtual machine
Reason person's password resets to random cipher, then executes step: the mounted remote access to application of operation, and generates number
According to the remote access address at offer end, and the remote access address is sent to data and uses end;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure services
IaaS type.
4. credible performing environment implementation method as described in claim 1, which is characterized in that the production fundamental operation system
After the step of mirror image of system, further includes:
The content of the mirror image made is trimmed, to delete the service of the preselected types of the mirror image.
5. credible performing environment implementation method as described in claim 1, which is characterized in that the remote access to application packet
Include Jupyter application.
6. a kind of credible performing environment realization device, which is characterized in that described device includes:
Preparatory unit, all remote access services for providing the pre-selection underlying Operating System at end for closing data, and install pre-
If the remote access to application of type;
Mirror image production unit, for making the mirror image of the underlying Operating System;
For adding digital signature to the mirror image, and block chain is written in the digital signature by digital signature unit;
Mirror image searching unit, for being searched from each mirror image made when receiving the enabled instruction of credible performing environment
The mirror image of underlying Operating System corresponding with credible performing environment is as target mirror image out;
Verification unit is signed for obtaining digital signature corresponding with target mirror image from block chain as check digit;Judgement
Whether the check digit signature is effective;
Mirror image transfers unit, for transferring target mirror image when judging that the check digit signature is effective;
Applying unit for running the mounted remote access to application, and generates data and provides the remote access at end
Address, and the remote access address is sent to data and uses end.
7. credible performing environment realization device as claimed in claim 6, which is characterized in that the verification unit is specifically used for
Obtain the digital signature for being added to target mirror image;The digital signature of target mirror image is compared with check digit signature;
If the two is consistent, determine that the target mirror image is effective;Otherwise, it is determined that the target mirror image is invalid.
8. credible performing environment realization device as claimed in claim 6, which is characterized in that the applying unit is also used to confirm
The data cloud computing service type currently used using end;If currently used cloud computing service type is first service type,
Then start target mirror image;And after starting target mirror image, execute step: journey is applied in the mounted remote access of operation
Sequence, and generate data and the remote access address at end is provided, and the remote access address is sent to data and uses end;
If it is second service type that the applying unit, which is also used to currently used cloud computing service type, start virtual machine,
And the administrator's password of the virtual machine is reset into random cipher, then execute step: the mounted long-range visit of operation
It asks application program, and generates data and the remote access address at end is provided, and the remote access address is sent to data to make
With end;
Wherein, first service type includes that software services SaaS type, and second service type includes that infrastructure services
IaaS type.
9. a kind of terminal device, which is characterized in that the terminal device includes: memory, processor and is stored in the storage
On device and the credible performing environment that can run on the processor realizes that program, the credible performing environment realize program by institute
State the step of realizing the credible performing environment implementation method as described in any one of claims 1 to 5 when processor executes.
10. a kind of readable storage medium storing program for executing, which is characterized in that be stored with credible performing environment on the readable storage medium storing program for executing and realize journey
Sequence, the credible performing environment realization program are realized according to any one of claims 1 to 5 credible when being executed by processor
The step of performing environment implementation method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811406497.1A CN109634619B (en) | 2018-11-23 | 2018-11-23 | Trusted execution environment implementation method and device, terminal device and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811406497.1A CN109634619B (en) | 2018-11-23 | 2018-11-23 | Trusted execution environment implementation method and device, terminal device and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109634619A true CN109634619A (en) | 2019-04-16 |
| CN109634619B CN109634619B (en) | 2022-05-10 |
Family
ID=66069297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811406497.1A Active CN109634619B (en) | 2018-11-23 | 2018-11-23 | Trusted execution environment implementation method and device, terminal device and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109634619B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110070300A (en) * | 2019-04-29 | 2019-07-30 | 百度在线网络技术(北京)有限公司 | Data audit and acquisition methods, device, system, equipment and medium |
| CN111241580A (en) * | 2020-01-09 | 2020-06-05 | 广州大学 | Trusted execution environment-based federated learning method |
| CN111562970A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Container instance creating method and device, electronic equipment and storage medium |
| CN111625815A (en) * | 2020-05-26 | 2020-09-04 | 牛津(海南)区块链研究院有限公司 | Data transaction method and device based on trusted execution environment |
| CN111787116A (en) * | 2020-07-07 | 2020-10-16 | 上海道客网络科技有限公司 | System and method for trusted authentication of container mirror image based on block chain technology |
| CN112491548A (en) * | 2020-12-07 | 2021-03-12 | 苏州浪潮智能科技有限公司 | Cloud platform signature mirror image uploading and deleting method and device |
| CN113378174A (en) * | 2020-03-10 | 2021-09-10 | 续科天下(北京)科技有限公司 | Trusted computing method and device |
| CN113703927A (en) * | 2021-10-29 | 2021-11-26 | 杭州链城数字科技有限公司 | Data processing method, privacy computing system, electronic device, and storage medium |
| WO2022156507A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Virtual optical disc drive generating method and apparatus, and computer readable storage medium |
| US11604633B2 (en) | 2020-07-08 | 2023-03-14 | Alipay (Hangzhou) Information Technology Co., Ltd. | Trusted startup methods and apparatuses of blockchain integrated station |
| US11616636B2 (en) | 2020-07-08 | 2023-03-28 | Alipay (Hangzhou) Information Technology Co., Ltd. | Hash updating methods and apparatuses of blockchain integrated station |
| CN118153120A (en) * | 2024-05-10 | 2024-06-07 | 中国科学院微生物研究所 | Biological information analysis method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | Method for realizing BMC U-boot trusted boot control |
| US9697371B1 (en) * | 2015-06-30 | 2017-07-04 | Google Inc. | Remote authorization of usage of protected data in trusted execution environments |
| CN107729743A (en) * | 2016-08-10 | 2018-02-23 | 中国电信股份有限公司 | The method, apparatus and system started for realizing mobile terminal safety |
-
2018
- 2018-11-23 CN CN201811406497.1A patent/CN109634619B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
| US9697371B1 (en) * | 2015-06-30 | 2017-07-04 | Google Inc. | Remote authorization of usage of protected data in trusted execution environments |
| CN107729743A (en) * | 2016-08-10 | 2018-02-23 | 中国电信股份有限公司 | The method, apparatus and system started for realizing mobile terminal safety |
| CN106384052A (en) * | 2016-08-26 | 2017-02-08 | 浪潮电子信息产业股份有限公司 | Method for realizing BMC U-boot trusted boot control |
Non-Patent Citations (1)
| Title |
|---|
| 刘志娟等: ""移动终端TEE技术进展研究"", 《信息科技》 * |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110070300A (en) * | 2019-04-29 | 2019-07-30 | 百度在线网络技术(北京)有限公司 | Data audit and acquisition methods, device, system, equipment and medium |
| CN110070300B (en) * | 2019-04-29 | 2022-08-05 | 百度在线网络技术(北京)有限公司 | Data auditing and acquiring method, device, system, equipment and medium |
| CN111241580A (en) * | 2020-01-09 | 2020-06-05 | 广州大学 | Trusted execution environment-based federated learning method |
| CN111241580B (en) * | 2020-01-09 | 2022-08-09 | 广州大学 | Trusted execution environment-based federated learning method |
| CN113378174A (en) * | 2020-03-10 | 2021-09-10 | 续科天下(北京)科技有限公司 | Trusted computing method and device |
| CN111625815A (en) * | 2020-05-26 | 2020-09-04 | 牛津(海南)区块链研究院有限公司 | Data transaction method and device based on trusted execution environment |
| CN111625815B (en) * | 2020-05-26 | 2023-09-26 | 牛津(海南)区块链研究院有限公司 | Data transaction method and device based on trusted execution environment |
| CN111787116A (en) * | 2020-07-07 | 2020-10-16 | 上海道客网络科技有限公司 | System and method for trusted authentication of container mirror image based on block chain technology |
| CN111787116B (en) * | 2020-07-07 | 2021-08-20 | 上海道客网络科技有限公司 | System and method for trusted authentication of container mirror image based on block chain technology |
| US11604633B2 (en) | 2020-07-08 | 2023-03-14 | Alipay (Hangzhou) Information Technology Co., Ltd. | Trusted startup methods and apparatuses of blockchain integrated station |
| US11616636B2 (en) | 2020-07-08 | 2023-03-28 | Alipay (Hangzhou) Information Technology Co., Ltd. | Hash updating methods and apparatuses of blockchain integrated station |
| CN111562970B (en) * | 2020-07-15 | 2020-10-27 | 腾讯科技(深圳)有限公司 | Container instance creating method and device, electronic equipment and storage medium |
| CN111562970A (en) * | 2020-07-15 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Container instance creating method and device, electronic equipment and storage medium |
| CN112491548B (en) * | 2020-12-07 | 2022-12-09 | 苏州浪潮智能科技有限公司 | Cloud platform signature mirror image uploading and deleting method and device |
| CN112491548A (en) * | 2020-12-07 | 2021-03-12 | 苏州浪潮智能科技有限公司 | Cloud platform signature mirror image uploading and deleting method and device |
| WO2022156507A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Virtual optical disc drive generating method and apparatus, and computer readable storage medium |
| CN113703927A (en) * | 2021-10-29 | 2021-11-26 | 杭州链城数字科技有限公司 | Data processing method, privacy computing system, electronic device, and storage medium |
| CN118153120A (en) * | 2024-05-10 | 2024-06-07 | 中国科学院微生物研究所 | Biological information analysis method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109634619B (en) | 2022-05-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109634619A (en) | Credible performing environment implementation method and device, terminal device, readable storage medium storing program for executing | |
| CN108628658B (en) | License management method and device for container | |
| CN106874461B (en) | A kind of workflow engine supports multi-data source configuration security access system and method | |
| CN105493044B (en) | Mobile communications device and its operating method | |
| CN102546788B (en) | Cloud platform management method and cloud platform | |
| CN103457733B (en) | A kind of cloud computing environment data sharing method and system | |
| CN104506487B (en) | The credible execution method of privacy policy under cloud environment | |
| CN109922106B (en) | Cloud mobile phone system realized based on Docker container | |
| JP6079875B2 (en) | Application execution program, application execution method, and information processing terminal device for executing application | |
| CN110661831B (en) | Big data test field security initialization method based on trusted third party | |
| CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
| CN107528865B (en) | File downloading method and system | |
| CN105308561A (en) | Providing a native desktop using cloud-synchronized data | |
| CN103002445A (en) | Safe mobile electronic equipment for providing application services | |
| CN105379223A (en) | Validating the identity of a mobile application for mobile application management | |
| CN104104692A (en) | Virtual machine encryption method, decryption method and encryption-decryption control system | |
| CN104486086B (en) | Digital signature method and mobile terminal and server | |
| CN113505354B (en) | Data processing method, device and storage medium | |
| CN104104650B (en) | data file access method and terminal device | |
| CN107040520A (en) | A kind of cloud computing data-sharing systems and method | |
| CN105812370B (en) | Intelligent card in processing method, apparatus and system | |
| CN107438067A (en) | A kind of multi-tenant construction method and system based on mesos container cloud platforms | |
| CN109067809A (en) | Authority configuring method, device, equipment and the storage medium of security component | |
| CN115168064A (en) | Application service calling method and device and application program access method | |
| US20210248090A1 (en) | Protecting cache accesses in multi-tenant processing environments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220831 Address after: Room 1006, Building 16, Yingcai North 3rd Street, Future Science City, Changping District, Beijing 102200 Patentee after: China Mobile Information Technology Co.,Ltd. Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Patentee before: SHIJINSHI CREDIT SERVICE Co.,Ltd. |