CN110011801A - Remote certification method and device, the electronic equipment of trusted application - Google Patents

Remote certification method and device, the electronic equipment of trusted application Download PDF

Info

Publication number
CN110011801A
CN110011801A CN201811364461.1A CN201811364461A CN110011801A CN 110011801 A CN110011801 A CN 110011801A CN 201811364461 A CN201811364461 A CN 201811364461A CN 110011801 A CN110011801 A CN 110011801A
Authority
CN
China
Prior art keywords
public key
long
remote proving
private key
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811364461.1A
Other languages
Chinese (zh)
Other versions
CN110011801B (en
Inventor
陆钟豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Advanced New Technologies Co Ltd
Advantageous New Technologies Co Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201811364461.1A priority Critical patent/CN110011801B/en
Priority to CN202011295708.6A priority patent/CN112468473B/en
Publication of CN110011801A publication Critical patent/CN110011801A/en
Priority to TW108129629A priority patent/TWI716078B/en
Priority to PCT/CN2019/106607 priority patent/WO2020098377A1/en
Application granted granted Critical
Publication of CN110011801B publication Critical patent/CN110011801B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Abstract

A kind of remote certification method of trusted application, the protected code in trusted application are isolated load in the target container as credible performing environment;Protected code includes pending code and objective function;It include: to call the objective function to generate private key and public key in the target container, and encrypt to the private key of generation, and carry out persistent storage to encrypted private key;The private key of encryption is provided with the decryption policy being only decrypted by target container;The remote proving for being directed to public key is initiated to the long-range object that receives by third party's remote proving server-side, and when public key passes through remote proving, public key is sent to the long-range object that receives and carries out persistent storage;Obtain the implementing result of pending code;The implementing result is signed by target container based on the private key decrypted;Implementing result is sent to long-range reception object, is verified by remotely receiving object based on signature of the public key of storage to implementing result.

Description

Remote certification method and device, the electronic equipment of trusted application
Technical field
This specification one or more embodiment is related to block chain technical field more particularly to a kind of trusted application Remote certification method and device, electronic equipment.
Background technique
Remote proving (Remote Attestation) is that a kind of hardware or software and hardware obtain remote provider or production The method of the trust of person is one of key technology of trust computing.For example, in practical applications, it can be by trusted application In protected code be isolated in credible performing environment, and can be based on remote proving technology, be protected not revealing It protects on the basis of code, proves that the implementing result of these protected codes is trust data to the long-range object that receives.
Summary of the invention
This specification proposes a kind of remote certification method of trusted application, protected in the trusted application Code is isolated load in the target container as credible performing environment;Wherein, the protected code includes pending generation Code, and the objective function for generating private key and public key;The described method includes:
It calls the objective function to generate private key and public key in the target container, and the private key of generation is added It is close, and persistent storage is carried out to encrypted private key;Wherein, the private key of encryption, which is provided with, is only held by the target The decryption policy that device is decrypted;
By third party's remote proving server-side to the long-range remote proving for receiving object initiation and being directed to the public key, and When the public key passes through remote proving, the public key is sent to the long-range reception object and carries out persistent storage;
Obtain the implementing result of the pending code;Wherein, the implementing result is based on decryption by the target container The private key out has carried out signature processing;
The implementing result is sent to the long-range reception object, by the institute of the long-range reception object based on storage It states public key to verify the signature of the implementing result, to confirm whether the implementing result is trust data.
Optionally, the objective function is called to generate private key and public key in the target container, comprising:
In response to executing instruction for the pending code, the objective function is called to generate private in the target container Key and public key;Alternatively,
Based on the preset calling period, the periodically invoked objective function generated in the target container private key and Public key.
Optionally, the long-range card for being directed to the public key is initiated to the long-range object that receives by third party's remote proving server-side It is bright, and when the public key passes through remote proving, the public key is sent to the long-range reception object and carries out persistent storage, Include:
The public key based on generation creates remote proving voucher;
The remote proving voucher is sent to third party's remote proving server-side, to be serviced by the remote proving End is verified by the remote proving voucher;
Obtain the verification result that the remote proving server-side returns;Wherein, the verification result is by the remote proving Server-side has carried out signature processing based on the private key held;
The public key of the verification result and generation is sent to the long-range reception object, remotely to be connect by described Public key of the object at least based on third party's remote proving server-side is received to verify the signature of the verification result, and After the signature verification passes through, the public key of generation is locally subjected to persistent storage in the long-range reception object.
Optionally, the credible performing environment is the credible performing environment built based on SGX technology;The target container is Enclave program in SGX technology;Wherein, the decryption policy of the encrypted private key is arranged to keypolicy- MRENCLAVE strategy.
Optionally, the long-range reception object is the intelligent contract for being distributed to block chain.
This specification also proposes a kind of remote proving device of trusted application, being protected in the trusted application Shield code is isolated load in the target container as credible performing environment;Wherein, the protected code includes pending Code, and the objective function for generating private key and public key;Described device includes:
Generation module calls the objective function to generate private key and public key in the target container, and to generation Private key is encrypted, and carries out persistent storage to encrypted private key;Wherein, the private key of encryption be provided with only by The decryption policy that the target container is decrypted;
It proves module, is initiated to the long-range object that receives for the long-range of the public key by third party's remote proving server-side It proves, and when the public key passes through remote proving, the public key is sent to the long-range reception object progress persistence and is deposited Storage;
Module is obtained, the implementing result of the pending code is obtained;Wherein, the implementing result is by the target container Signature processing has been carried out based on the private key decrypted;
The implementing result is sent to the long-range reception object, by the long-range reception object base by authentication module The signature of the implementing result is verified in the public key of storage, to confirm whether the implementing result is credible number According to.
Optionally, the generation module:
In response to executing instruction for the pending code, the objective function is called to generate private in the target container Key and public key;Alternatively,
Based on the preset calling period, the periodically invoked objective function generated in the target container private key and Public key.
Optionally, the proof module:
The public key based on generation creates remote proving voucher;
The remote proving voucher is sent to third party's remote proving server-side, to be serviced by the remote proving End is verified by the remote proving voucher;
Obtain the verification result that the remote proving server-side returns;Wherein, the verification result is by the remote proving Server-side has carried out signature processing based on the private key held;
The public key of the verification result and generation is sent to the long-range reception object, remotely to be connect by described Public key of the object at least based on third party's remote proving server-side is received to verify the signature of the verification result, and After the signature verification passes through, the public key of generation is locally subjected to persistent storage in the long-range reception object.
Optionally, the credible performing environment is the credible performing environment built based on SGX technology;The target container is Enclave program in SGX technology;Wherein, the decryption policy of the encrypted private key is arranged to keypolicy- MRENCLAVE strategy.
Optionally, the long-range reception object is the intelligent contract for being distributed to block chain.
This specification also proposes a kind of electronic equipment, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, the long-range card with the trusted application based on block chain stored by reading and executing the memory The corresponding machine-executable instruction of bright control logic, the protected code in the trusted application are isolated load and are making In target container for credible performing environment;Wherein, the protected code includes pending code, and for generate private key with And the objective function of public key;The processor is prompted to:
It calls the objective function to generate private key and public key in the target container, and the private key of generation is added It is close, and persistent storage is carried out to encrypted private key;Wherein, the private key of encryption, which is provided with, is only held by the target The decryption policy that device is decrypted;
By third party's remote proving server-side to the long-range remote proving for receiving object initiation and being directed to the public key, and When the public key passes through remote proving, the public key is sent to the long-range reception object and carries out persistent storage;
Obtain the implementing result of the pending code;Wherein, the implementing result is based on decryption by the target container The private key out has carried out signature processing;
The implementing result is sent to the long-range reception object, by the institute of the long-range reception object based on storage It states public key to verify the signature of the implementing result, to confirm whether the implementing result is trust data.
In above technical scheme, on the one hand, since the public private key pair for remote proving is as credible performing environment Target container in be autonomously generated, no longer generated by software supplier;Also, the encrypted private key of persistent storage, quilt Provided with the decryption policy being only decrypted by the target container;Therefore, even software developer can not also get generation Private key, so as to be obviously improved the security level of private key;
On the other hand, since trusted application is only needed through third party's remote proving server-side, to long-range reception pair It is subsequent as initiating once for the remote proving for the public key being autonomously generated, and after the public key is by remote proving It is directly signed using the private key generated to the implementing result of the pending code in protected code, and by holding after signature Row result is sent to the long-range object that receives and completes the remote proving for being directed to the implementing result, and no longer needs long-range by third party Prove that server-side is initiated the remote proving for being directed to the implementing result to the long-range object that receives;Therefore, it can no longer need and the Tripartite's remote proving server-side is frequently interacted, so that it may can be easily to remote based on the public private key pair being autonomously generated Journey, which receives object, proves that the implementing result is trust data.
Detailed description of the invention
Fig. 1 is a kind of flow chart of the remote certification method for trusted application that an exemplary embodiment provides.
Fig. 2 is the structural schematic diagram for a kind of electronic equipment that an exemplary embodiment provides.
Fig. 3 is a kind of block diagram of the remote proving device for trusted application that an exemplary embodiment provides.
Specific embodiment
In practical applications, usually can by build TEE (Trusted Execution Environment, it is credible to hold Row environment), and by the protected code in trusted application, it is isolated in TEE, to realize to these protected codes Security protection.
It wherein, usually can be using the processor of equipment bottom as hardware support, to build one only when building TEE The container (container) that can be accessed by processor is used as credible performing environment, and will be protected in trusted application Code-insulated loads in this embodiment, to carry out insulation blocking to the protected code in container.
For example, to be taken using the SGX of Intel (Software Guard Extensions, software protection extension) technology It builds for TEE, is based on SGX technology, it will usually using the CPU of equipment as hardware support, to create the referred to as program of Enclave As protection container, and the code-insulated being protected will be needed to load in Enclave program, protects it from being attacked.
And in some scenes, the implementing result of the protected code in above-mentioned trusted application, if necessary to participate in Long-range trust computing, then the trusted application remotely connects in addition to needing the implementing result by above-mentioned protected code to be sent to It receives other than object, usually also needs based on remote proving technology, on the basis of not revealing protected code, to long-range reception pair As proving that the implementing result of these protected codes is trust data.
For example, under a scene, it is assumed that the intelligent contract being deployed on block chain needs will be in trusted application The implementing result of protected code carries out trust computing as input data on block chain;In this case, due to credible Application program is not node on chain, is a side of non-credit for intelligent contract;Therefore, trusted application is will be by When the implementing result of protection code is sent to the intelligent contract being deployed on block chain, then need to rely on remote proving technology, On the basis of not revealing protected code, Xiang Zhineng contract proves the implementing result of these protected codes for trust data (i.e. It is proved on chain).
And based on current remote proving technology, trusted application is initiated to the long-range object that receives for specific data When remote proving, it usually needs rely on third party's remote proving server-side to complete;
For example, being based on SGX technology still by taking the remote proving mechanism in the SGX technology of Intel as an example, Intel can be provided Third-party IAS (intel attestation service, because of special authentication service) server for remote proving.Isolation The implementing result for loading protected code in Enclave, if necessary to participate in trust computing, then trusted application can be with It is interacted with IAS server, the implementing result for being directed to the protected code is initiated to the long-range object that receives by IAS server Remote authentication, prove that the implementing result of the protected code is trust data to the long-range object that receives.
Remote proving is completed due to relying on third party's remote proving server-side, is needed and third party's remote proving server-side It is frequently interacted, it is therefore desirable to a kind of more convenient and fast remote proving mechanism.
Based on this, this specification proposes a kind of public private key pair independently generated based on the container as credible performing environment, Carry out the convenient remote proving scheme initiated to long-range reception object to the implementing result of protected code.
Realize when, the software developer of trusted application, can based on specific TEE build technology (for example, using The SGX technology of Intel), to develop the target container (for example, Enclave program in SGX technology) as TEE, and will be credible Protected code isolation load in application program is in the target container.
Wherein, in the present solution, protected code of the isolation load in above-mentioned target container, may include implementing result Need to carry out the pending code of remote proving, and objective function (this for generating private key and public key to remote recipient It is some special codes for generating private-public key in matter).
Further, trusted application can call isolation load in the protected code in above-mentioned target container Objective function generates a pair of of public key and private key in target container;
On the one hand, it for the private key of generation, can also be encrypted in target container;Wherein, in target container In when being encrypted to the private key of generation, the decryption plan that be only decrypted by the target container can be set for encrypted private key Slightly (i.e. only the target container has decrypted rights);Then, encrypted private key is subjected to persistent storage by processor.
On the other hand, for the public key of generation, third party's remote proving server-side, Xiang Yuancheng accepting object hair can be passed through The remote proving for the public key is played, and when the public key passes through remote proving, the public key of generation is sent to long-range reception Object carries out persistent storage by remotely receiving object.
Subsequent, when above-mentioned pending code is finished, above-mentioned target container can be solved the private key of above-mentioned encryption It is close, signature processing is carried out based on implementing result of the private key to the pending code.And trusted application is available by upper State target container signature treated implementing result, and by the implementing result be sent to it is long-range receive object, to initiate for should The remote proving of implementing result.
The long-range object that receives, can be based on stored public affairs after the implementing result for receiving trusted application transmission Key verifies the signature of the implementing result, to determine whether the implementing result is trust data.
In above technical scheme, on the one hand, since the public private key pair for remote proving is as credible performing environment Target container in be autonomously generated, no longer generated by software supplier;Also, the encrypted private key of persistent storage, quilt Provided with the decryption policy being only decrypted by the target container;Therefore, even software developer can not also get generation Private key, so as to be obviously improved the security level of private key;
On the other hand, since trusted application is only needed through third party's remote proving server-side, to long-range reception pair It is subsequent as initiating once for the remote proving for the public key being autonomously generated, and after the public key is by remote proving It is directly signed using the private key generated to the implementing result of the pending code in protected code, and by holding after signature Row result is sent to the long-range object that receives and completes the remote proving for being directed to the implementing result, and no longer needs long-range by third party Prove that server-side is initiated the remote proving for being directed to the implementing result to the long-range object that receives;Therefore, it can no longer need and the Tripartite's remote proving server-side is frequently interacted, so that it may can be easily to remote based on the public private key pair being autonomously generated Journey, which receives object, proves that the implementing result is trust data.
This specification is described below by specific embodiment and in conjunction with specific application scenarios.
Referring to FIG. 1, Fig. 1 is a kind of remote certification method for trusted application that one embodiment of this specification provides, Applied to trusted application;Protected code in the trusted application is isolated load as credible performing environment Target container in;Wherein, the protected code includes pending code, and the target letter for generating private key and public key Number;The method executes following steps:
Step 102, the objective function is called to generate private key and public key, and the private to generation in the target container Key is encrypted, and carries out persistent storage to encrypted private key;Wherein, the private key of encryption is provided with only by institute State the decryption policy that target container is decrypted;
Step 104, it is initiated to the long-range object that receives for the long-range of the public key by third party's remote proving server-side It proves, and when the public key passes through remote proving, the public key is sent to the long-range reception object progress persistence and is deposited Storage;
Step 106, the implementing result of the pending code is obtained;Wherein, the implementing result is by the target container Signature processing has been carried out based on the private key decrypted;
Step 108, the implementing result is sent to the long-range reception object, to be based on by the long-range reception object The public key of storage verifies the signature of the implementing result, to confirm whether the implementing result is trust data.
Above-mentioned trusted application can provide the application of trusted service to third party including what is developed from software developer Program;Wherein, the program code in trusted application generally includes protected portion and unprotected.
Above-mentioned target container refers in this specification and builds technology based on specific TEE, and one built can be can Believe that the protected code in application program provides the secure operating environment of the isolation of safeguard protection;
Wherein, in practical applications, above-mentioned target container can be one and be supported using processor as bottom hardware, and only It can be by the software environment for the isolation that processor accesses;For example, by taking the SGX technology using Intel builds TEE as an example, it is above-mentioned Target container specifically can be the Enclave program in SGX technology, and usually the protected code in trusted application is isolated It is loaded into Enclave program, security protection is carried out to above-mentioned protected code.
Certainly, in practical applications, also it is not excluded for above-mentioned target container and is specifically also possible to one being physically segregated Hardware environment;For example, above-mentioned target container specifically can be the phy chip being physically segregated, it can be by trusted application Protected code isolation load in program carries out security protection in the phy chip, to above-mentioned protected code.
Wherein, it is emphasized that, it builds TEE used by TEE and builds technology, in the present specification without especially limiting Fixed, those skilled in the art can flexibly be selected based on actual exploitation demand.It is understandable to be, above-mentioned target container Specific form, be also generally dependent on TEE used by those skilled in the art and build technology;That is, above-mentioned target container is most It is the software environment an of isolation or the hardware environment of an isolation eventually, depends on TEE used by those skilled in the art Build technology;For example, above-mentioned target container is if those skilled in the art build TEE using the SGX technology of Intel One is supported using CPU as bottom hardware, and is only capable of the software environment (i.e. Enclave program) of the isolation to be accessed by CPU.
The long-range number of the implementing result of above-mentioned long-range reception object, in particular to the protected code in trusted application According to user;For example, in practical applications, above-mentioned long-range reception object can be independent trusted host, a trusted system; Alternatively, being also possible to the intelligent contract disposed on block chain.
In the examples below, it will be illustrated for building TEE based on the SGX technology of Intel;Wherein, it needs , it is emphasized that for building TEE based on the SGX technology of Intel, only schematically;It will be apparent that in practical application In, it is clear that technology can also be built using others TEE, to build TEE;For example, can also be using such as ARM's TrustZone technology is not being enumerated in the present specification.
In the present specification, the software developer of trusted application can be made based on the SGX technology of Intel to create For the Enclave program of TEE, and by the protected code isolation load in trusted application in the target container.
It should be noted that creating Enclave program based on SGX technology, and by protected code isolation load at this Specific implementation process in target container, is no longer described in detail in the present specification, and art technology shield personnel incite somebody to action this It, can be with reference to record in the related technology when the technical solution of specification is put into effect.
For protected code of the isolation load in the Enclave program, the normally referred to as trusted application Confidence region (Trusted Part);And other be not isolated loads codes in Enclave program, then is referred to as this and credible answers With the untrusted areas (Untrusted Part) of program.
Wherein, the protected code for isolation load in above-mentioned Enclave program at least may include pending generation Code and objective function two parts;
Above-mentioned pending code, as implementing result need to be sent to the long-range object that receives and carry out the protected of trust computing Code;That is, trusted application is needed through credible proof technology, above-mentioned pending code is proved to the long-range object that receives Implementing result is trust data.And above-mentioned objective function, it is specifically used for generating public key and private key for above-mentioned target container.
In SGX technology, trusted application is initiated to the long-range object that receives to the remote of the implementing result of protected code Journey proves, usually interacts to completion by the IAS server with deployment.
And in this specification, existing remote proving mechanism in SGX technology can not be recycled, by with IAS server It interacts, receives object initiation to the remote proving of the implementing result of protected code to long-range, but merely with SGX skill Existing remote proving mechanism in art is initiated to the long-range object that receives once to the public affairs generated in Enclave program internal independence The remote proving of private key pair then can be based on above-mentioned public private key pair, come just after the remote proving of above-mentioned public private key pair passes through Victory receives object initiation to the remote proving of the implementing result of protected code to long-range, and no longer needs to interact with IAS.
In the initial state, the untrusted areas of trusted application can call isolation load by way of ECALL Objective function in the protected code in the Enclave program generates a pair of of public key and private inside Enclave program Key.
Wherein, it should be noted that untrusted areas is by way of ECALL, for isolation load in the Enclave program In protected code in objective function calling, can execute protected code in pending code when adjust in real time With, can also based on certain calling period, come periodically call.
For example, in one implementation, untrusted areas is being received for the pending code in protected code It when executing instruction, this can be executed instruction with real-time response, immediately by way of ECALL, call isolation load in the Enclave The objective function in protected code in program generates a pair of of public key and private key inside Enclave.
In another implementation, or untrusted areas presets a calling period, so that untrusted areas It can be based on the calling period, carry out target of the periodically invoked isolation load in the protected code in the Enclave program Function generates a pair of of public key and private key inside Enclave program.In this way, can timing to Enclave program Public key and private key be updated.
On the one hand, for the private key of generation, (key can be encrypted inside Enclave program by processor Held by processor), and be that decryption policy is arranged in encrypted private key by processor, then encrypted private key is held Change storage;
Wherein, keypolicy- is generally included for the decryption policy of encrypted information based on SGX technology MRENCLAVE (hereinafter referred to as MRENCLAVE strategy) and two kinds of plans of keypolicy-MRSIGNER (hereinafter referred to as MRSIGNER) Slightly.
So-called MRENCLAVE strategy, referring to can only be decrypted by current ENCLAVE;And so-called MRSIGNER strategy, it is Refer to that all ENCLAVE that can be developed and be signed by same developer are decrypted.
Due to needing to trust developer using MRSIGNER strategy;Therefore, for getting the malice of the private key of developer For person, by developing the ENCLAVE of malice, and the private key of the developer based on grasp signs the ENCLAVE of the malice Administration, so that it may encrypted private key is decrypted by the ENCLAVE of the malice, so as to cause the plaintext of encrypted private key Leaking data.
Based on this, in the present specification, processor can will decrypt plan when decryption policy is arranged for encrypted private key Slightly it is set as MRENCLAVE strategy;That is, only current ENCLAVE have the encrypted private key of persistent storage is solved Close permission.
In this way, it can be ensured that even software developer can not also get the private that ENCLAVE is independently generated Key, so as to be obviously improved the security level of private key.
On the other hand, for the public key of generation, IAS server, Xiang Yuan can be passed through by the credible confidence region for executing program Journey accepting object initiates the remote proving for being directed to the public key, and when the public key passes through remote proving, the public key of generation is sent out It send to long-range and receives object, carry out persistent storage by remotely receiving object.
Based on SGX technology, the credible confidence region for executing program, Xiang Yuancheng accepting object initiates the long-range card for being directed to the public key When bright, first can public key or public key based on generation hash value, create a Quote as remote proving voucher;
For example, be based on SGX technology, above-mentioned Quote be usually by Enclave and special Quote Enclave into The internal interaction of row, creates completion by Quote Enclave.It wherein, is that Enclave creation is used for by Quote Enclave The specific implementation process of the Quote of remote proving be not described in detail in the present specification, and those skilled in the art say by this It, can be with reference to technology in the related technology when the technical solution non-cutting time of bright book.
In the present specification, the Quote that final creation is completed, by may include EPID signature, the public key generated or The information such as the hash value (userdata for needing remote proving) of public key, MRENCLAVE are identified, the EPID of processor is identified.
That is, the Quote that final creation is completed, (is needed long-range for the public key of generation or the hash value of public key The userdata of proof), MRENCLAVE mark, the information such as the EPID mark of processor integrally carry out obtaining after EPID signature Information.
Wherein, MRENCLAVE is identified, usually the hash value of Enclave code, is used for one Enclave of unique identification. EPID mark, also referred to as basename are used for one processor of anonymous identification.And EPID signs, and is the SGX technology of Intel One kind of use can keep anonymous group ranking technology, the signature treatment process signed in the present specification for EPID, with And the signature-verification process of EPID signature, it is no longer described in detail, those skilled in the art can be with reference to record in the related technology.
In the present specification, credible to execute the credible of program after generating the Quote as remote proving voucher The Quote can be sent to IAS server and carry out remote validation by area.And after IAS server receives the Quote, it can be right The EPID signature of the Quote is verified, and the private key that IAS server is held is then based on, and to the Quote and is directed to the Quote Verification result integrally carry out signature processing, generate corresponding AVR (Attestation Verification Report, it was demonstrated that Verifying report).
That is, in the present specification, above-mentioned AVR usually may include above-mentioned Quote, Quote verification result and IAS signature Etc. information.
In the present specification, the AVR of generation can be returned to the credible confidence region for executing program by IAS server, credible The confidence region of program is executed after the AVR for receiving the return of IAS server, it can be by the AVR and by calling above-mentioned target letter The public key that number generates is further transmitted to long-range reception object.
Alternatively, the credible confidence region for executing program can also be by the AVR and by calling above-mentioned objective function to generate Public key, be further transmitted to it is credible execute program untrusted areas, by above-mentioned untrusted areas by the AVR and by call it is above-mentioned The public key that objective function generates is further transmitted to long-range reception object.
And object is remotely received after receiving the AVR that the credible confidence region for executing program is sent, it first can be to AVR's State is verified;For example whether the value of the mode field in verifying AVR is to indicate the normal particular value of AVR state;When After the state verification of AVR passes through, the corresponding public key of private key that can be held based on IAS server signs to the IAS of the AVR It is verified;It, at this time can be further directed to the public key or public affairs in the Quote carried in the AVR if signature verification passes through The information such as the hash value of key, MRENCLAVE are identified, the EPID of processor is identified are verified.
Wherein, the public key in Quote is as verified in the verifying carried out to the hash value of public key or public key in Quote Or the hash value of public key, the whether matched process of public key sent with the credible confidence region for executing program;For example, if What is carried in Quote is the hash value of public key, then can further calculate the public key that the credible confidence region for executing program is sent Hash value is matched then by calculated hash value with the hash value of the public key carried in Quote;If the two matches, It then can be confirmed and be verified.
Wherein, the verifying carried out to the information such as EPID of MRENCLAVE mark and processor in Quote, is as verified Enclave corresponding with MRENCLAVE mark, and the verifying whether believable process of processor corresponding with the EPID of processor.
When realizing, the developer of Enclave can be proved in Enclave code not by open source Enclave code Comprising malicious code, and remotely receive the administrator of object, can Enclave code to open source carry out security audit, be remote Journey receives object and MRENCLAVE white list is arranged.Equally, EPID can also be set for the long-range object that receives according to actual demand Identify white list.So that the long-range object that receives is believed to the EPID mark of MRENCLAVE mark and processor etc. in Quote It when breath is verified, can be matched by identifying the MRENCLAVE in Quote with MRENCLAVE white list, and will The EPID mark of processor in Quote is matched with EPID mark white list, corresponding with MRENCLAVE mark to confirm Whether Enclave, and processor corresponding with the EPID of processor are credible.
Continuing with referring to fig. 2, when the IAS of AVR signs;And public key in the Quote carried in the AVR or public key Hash value, MRENCLAVE mark, EPID mark of processor etc. be after information are verified, and the long-range object that receives can will The credible confidence region for executing program send by the above-mentioned public key that calls above-mentioned objective function to generate and corresponding MRENCLAVE and EPID is locally carrying out persistent storage.
That is, using MRENCLAVE corresponding with the above-mentioned public key for calling above-mentioned objective function to generate as trusted program mark Know, EPID corresponding with above-mentioned public key is identified as reliable hardware, persistent storage is carried out together with above-mentioned public key.
In this specification, when above-mentioned long-range reception object will be by calling the above-mentioned public key of above-mentioned objective function generation at it After local progress persistent storage, subsequent above-mentioned trusted application can no longer need to interact with IAS server, come The remote proving of the implementing result for above-mentioned pending code is initiated, but directly by calling above-mentioned objective function creation Above-mentioned public private key pair carrys out the convenient remote proving initiated to long-range reception object to the implementing result of protected code.
Specifically, the pending code when isolation load in above-mentioned Enclave is finished, and above-mentioned Enclave can be with (the only Enclave has decrypted rights) is decrypted to the encrypted private key of persistent storage, and based on decryption Private key out carries out signature processing to the implementing result waited for.
Wherein, it should be noted that in practical application, above-mentioned implementing result is in addition to may include that above-mentioned pending code exists Other than output result after being finished, other information can also be introduced;Can be according to actual business demand, it will be above-mentioned Other information other than the output result of pending code is also used as a part of implementing result to carry out signature processing, then initiates Remote authentication;It, can be (such as pending by the input data of above-mentioned pending code when being executed for example, in one example The execution parameter that code inputs when being executed), also a part as above-mentioned implementing result, carries out signature processing.
And the untrusted areas of trusted application, it is available by above-mentioned Enclave signature treated implementing result, it will The implementing result is transmitted directly to remotely receive object, initiates the remote proving for being directed to the implementing result.
Certainly, in practical applications, can also be by the confidence region of trusted application, directly signing, it is above-mentioned that treated Implementing result is sent to the long-range remote proving for receiving object, initiating to be directed to the implementing result.
And object is remotely received after receiving the implementing result, it can be based on the above-mentioned public key in local persistent storage (public key for calling above-mentioned objective function to generate), is verified based on signature of the public key to the implementing result;If the label Name is verified, then can directly assert that the implementing result is that the believable Enclave created on believable processor is given birth to At trust data;It is completed at this time for the remote proving of the implementing result of above-mentioned pending code.
In this way, remote proving is being carried out to implementing result of the long-range reception object to above-mentioned pending code When, it can no longer need to interact with IAS server, so as to more easily complete remote proving.
In above technical scheme, on the one hand, since the public private key pair for remote proving is as credible performing environment Target container in be autonomously generated, no longer generated by software supplier;Also, the encrypted private key of persistent storage, quilt Provided with the decryption policy being only decrypted by the target container;Therefore, even software developer can not also get generation Private key, so as to be obviously improved the security level of private key;
On the other hand, since trusted application is only needed through third party's remote proving server-side, to long-range reception pair It is subsequent as initiating once for the remote proving for the public key being autonomously generated, and after the public key is by remote proving It is directly signed using the private key generated to the implementing result of the pending code in protected code, and by holding after signature Row result is sent to the long-range object that receives and completes the remote proving for being directed to the implementing result, and no longer needs long-range by third party Prove that server-side is initiated the remote proving for being directed to the implementing result to the long-range object that receives;Therefore, it can no longer need and the Tripartite's remote proving server-side is frequently interacted, so that it may can be easily to remote based on the public private key pair being autonomously generated Journey, which receives object, proves that the implementing result is trust data.
Corresponding with above method embodiment, this specification additionally provides a kind of remote proving device of trusted application Embodiment.The embodiment of the remote proving device of the trusted application of this specification can be using on an electronic device.Dress Setting embodiment can also be realized by software realization by way of hardware or software and hardware combining.It is implemented in software to be Example, as the device on a logical meaning, being will be right in nonvolatile memory by the processor of electronic equipment where it The computer program instructions answered are read into memory what operation was formed.For hardware view, as shown in Fig. 2, being this specification Trusted application remote proving device where electronic equipment a kind of hardware structure diagram, in addition to processor shown in Fig. 2, Except memory, network interface and nonvolatile memory, the electronic equipment in embodiment where device is generally according to the electronics The actual functional capability of equipment can also include other hardware, repeat no more to this.
Fig. 3 is a kind of frame of the remote proving device of trusted application shown in one exemplary embodiment of this specification Figure.
Referring to FIG. 3, the remote proving device 30 of the trusted application can be applied in aforementioned electronics shown in Fig. 2 In equipment;Wherein, the protected code in the trusted application is isolated load in the target as credible performing environment In container;The protected code includes pending code, and the objective function for generating private key and public key;
Described device 30 includes:
Generation module 301 calls the objective function to generate private key and public key in the target container, and to generation Private key encrypted, and to encrypted private key carry out persistent storage;Wherein, the private key of encryption is provided with only The decryption policy being decrypted by the target container;
It proves module 302, is initiated to the long-range object that receives for the public key by third party's remote proving server-side Remote proving, and when the public key passes through remote proving, the public key is sent to the long-range reception object and is carried out persistently Change storage;
Module 303 is obtained, the implementing result of the pending code is obtained;Wherein, the implementing result is by the target Container has carried out signature processing based on the private key decrypted;
The implementing result is sent to the long-range reception object, by the long-range reception object by authentication module 304 The public key based on storage verifies the signature of the implementing result, to confirm whether the implementing result is credible number According to.
In the present embodiment, the generation module 301:
In response to executing instruction for the pending code, the objective function is called to generate private in the target container Key and public key;Alternatively,
Based on the preset calling period, the periodically invoked objective function generated in the target container private key and Public key.
In the present embodiment, the proof module 302:
The public key based on generation creates remote proving voucher;
The remote proving voucher is sent to third party's remote proving server-side, to be serviced by the remote proving End is verified by the remote proving voucher;
Obtain the verification result that the remote proving server-side returns;Wherein, the verification result is by the remote proving Server-side has carried out signature processing based on the private key held;
The public key of the verification result and generation is sent to the long-range reception object, remotely to be connect by described Public key of the object at least based on third party's remote proving server-side is received to verify the signature of the verification result, and After the signature verification passes through, the public key of generation is locally subjected to persistent storage in the long-range reception object.
In the present embodiment, the credible performing environment is the credible performing environment built based on SGX technology;The mesh Marking container is the Enclave program in SGX technology;Wherein, the decryption policy of the encrypted private key is arranged to Keypolicy-MRENCLAVE strategy.
In the present embodiment, the long-range reception object is the intelligent contract for being distributed to block chain.
The function of modules and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The module of explanation may or may not be physically separated, and the component shown as module can be or can also be with It is not physical module, it can it is in one place, or may be distributed on multiple network modules.It can be according to actual The purpose for needing to select some or all of the modules therein to realize this specification scheme.Those of ordinary skill in the art are not In the case where making the creative labor, it can understand and implement.
System, device, module or the module that above-described embodiment illustrates can specifically realize by computer chip or entity, Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment The combination of any several equipment.
Corresponding with above method embodiment, this specification additionally provides the embodiment of a kind of electronic equipment.The electronics is set Standby includes: processor and the memory for storing machine-executable instruction;Wherein, in processor and memory usually pass through Portion's bus is connected with each other.In other possible implementations, the equipment is also possible that external interface, with can be with other Equipment or component are communicated.
In the present embodiment, the protected code in the trusted application is isolated load as credible execution ring In the target container in border;Wherein, the protected code includes pending code, and the target for generating private key and public key Function;
By reading and executing the corresponding with the control logic of the remote proving of trusted application of the memory storage Machine-executable instruction, the processor is prompted to:
It calls the objective function to generate private key and public key in the target container, and the private key of generation is added It is close, and persistent storage is carried out to encrypted private key;Wherein, the private key of encryption, which is provided with, is only held by the target The decryption policy that device is decrypted;
By third party's remote proving server-side to the long-range remote proving for receiving object initiation and being directed to the public key, and When the public key passes through remote proving, the public key is sent to the long-range reception object and carries out persistent storage;
Obtain the implementing result of the pending code;Wherein, the implementing result is based on decryption by the target container The private key out has carried out signature processing;
The implementing result is sent to the long-range reception object, by the institute of the long-range reception object based on storage It states public key to verify the signature of the implementing result, to confirm whether the implementing result is trust data.
In the present embodiment, by reading and executing memory storage and the remote proving of trusted application The corresponding machine-executable instruction of control logic, the processor are prompted to:
In response to executing instruction for the pending code, the objective function is called to generate private in the target container Key and public key;Alternatively,
Based on the preset calling period, the periodically invoked objective function generated in the target container private key and Public key.
In the present embodiment, by reading and executing memory storage and the remote proving of trusted application The corresponding machine-executable instruction of control logic, the processor are prompted to:
The public key based on generation creates remote proving voucher;
The remote proving voucher is sent to third party's remote proving server-side, to be serviced by the remote proving End is verified by the remote proving voucher;
Obtain the verification result that the remote proving server-side returns;Wherein, the verification result is by the remote proving Server-side has carried out signature processing based on the private key held;
The public key of the verification result and generation is sent to the long-range reception object, remotely to be connect by described Public key of the object at least based on third party's remote proving server-side is received to verify the signature of the verification result, and After the signature verification passes through, the public key of generation is locally subjected to persistent storage in the long-range reception object.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to this specification Other embodiments.This specification is intended to cover any variations, uses, or adaptations of this specification, these modifications, Purposes or adaptive change follow the general principle of this specification and undocumented in the art including this specification Common knowledge or conventional techniques.The description and examples are only to be considered as illustrative, the true scope of this specification and Spirit is indicated by the following claims.
It should be understood that this specification is not limited to the precise structure that has been described above and shown in the drawings, And various modifications and changes may be made without departing from the scope thereof.The range of this specification is only limited by the attached claims System.
The foregoing is merely the preferred embodiments of this specification, all in this explanation not to limit this specification Within the spirit and principle of book, any modification, equivalent substitution, improvement and etc. done should be included in the model of this specification protection Within enclosing.

Claims (11)

1. a kind of remote certification method of trusted application, the protected code in the trusted application is isolated load In the target container as credible performing environment;Wherein, the protected code includes pending code, and for generating private The objective function of key and public key;The described method includes:
It calls the objective function to generate private key and public key in the target container, and the private key of generation is encrypted, And persistent storage is carried out to encrypted private key;Wherein, the private key of encryption is provided with only by the target container The decryption policy being decrypted;
The remote proving for being directed to the public key is initiated to the long-range object that receives by third party's remote proving server-side, and described When public key passes through remote proving, the public key is sent to the long-range reception object and carries out persistent storage;
Obtain the implementing result of the pending code;Wherein, the implementing result is by the target container based on decrypting The private key has carried out signature processing;
The implementing result is sent to the long-range reception object, by the public affairs of the long-range reception object based on storage Key verifies the signature of the implementing result, to confirm whether the implementing result is trust data.
2. according to the method described in claim 1, the objective function is called to generate private key and public affairs in the target container Key, comprising:
In response to executing instruction for the pending code, call the objective function generated in the target container private key with And public key;Alternatively,
Based on the preset calling period, the periodically invoked objective function generates private key and public affairs in the target container Key.
3. according to the method described in claim 1, initiating to be directed to the long-range object that receives by third party's remote proving server-side The remote proving of the public key, and when the public key passes through remote proving, the public key is sent to the long-range reception pair As carrying out persistent storage, comprising:
The public key based on generation creates remote proving voucher;
The remote proving voucher is sent to third party's remote proving server-side, by the remote proving server-side pair The remote proving voucher is verified;
Obtain the verification result that the remote proving server-side returns;Wherein, the verification result is serviced by the remote proving End group has carried out signature processing in the private key held;
The public key of the verification result and generation is sent to the long-range reception object, by the long-range reception pair As the public key at least based on third party's remote proving server-side verifies the signature of the verification result, and described After signature verification passes through, the public key of generation is locally subjected to persistent storage in the long-range reception object.
4. according to the method described in claim 1, the credible performing environment is the credible execution ring built based on SGX technology Border;The target container is the Enclave program in SGX technology;Wherein, the decryption policy of the encrypted private key is set For keypolicy-MRENCLAVE strategy.
5. according to the method described in claim 1, the long-range reception object is the intelligent contract for being distributed to block chain.
6. a kind of remote proving device of trusted application, the protected code in the trusted application is isolated load In the target container as credible performing environment;Wherein, the protected code includes pending code, and for generating private The objective function of key and public key;Described device includes:
Generation module calls the objective function to generate private key and public key in the target container, and to the private key of generation It is encrypted, and persistent storage is carried out to encrypted private key;Wherein, the private key of encryption is provided with only by described The decryption policy that target container is decrypted;
It proves module, the long-range card for being directed to the public key is initiated to the long-range object that receives by third party's remote proving server-side It is bright, and when the public key passes through remote proving, the public key is sent to the long-range reception object and carries out persistent storage;
Module is obtained, the implementing result of the pending code is obtained;Wherein, the implementing result is based on by the target container The private key decrypted has carried out signature processing;
The implementing result is sent to the long-range reception object by authentication module, to be based on depositing by the long-range reception object The public key of storage verifies the signature of the implementing result, to confirm whether the implementing result is trust data.
7. device according to claim 6, the generation module:
In response to executing instruction for the pending code, call the objective function generated in the target container private key with And public key;Alternatively,
Based on the preset calling period, the periodically invoked objective function generates private key and public affairs in the target container Key.
8. device according to claim 6, the proof module:
The public key based on generation creates remote proving voucher;
The remote proving voucher is sent to third party's remote proving server-side, by the remote proving server-side pair The remote proving voucher is verified;
Obtain the verification result that the remote proving server-side returns;Wherein, the verification result is serviced by the remote proving End group has carried out signature processing in the private key held;
The public key of the verification result and generation is sent to the long-range reception object, by the long-range reception pair As the public key at least based on third party's remote proving server-side verifies the signature of the verification result, and described After signature verification passes through, the public key of generation is locally subjected to persistent storage in the long-range reception object.
9. device according to claim 6, the credible performing environment is the credible execution ring built based on SGX technology Border;The target container is the Enclave program in SGX technology;Wherein, the decryption policy of the encrypted private key is set For keypolicy-MRENCLAVE strategy.
10. device according to claim 6, the long-range reception object is the intelligent contract for being distributed to block chain.
11. a kind of electronic equipment, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, by reading and executing memory storage and the remote proving of the trusted application based on block chain The corresponding machine-executable instruction of control logic, the protected code in the trusted application are isolated load as can In the target container for believing performing environment;Wherein, the protected code includes pending code, and for generating private key and public affairs The objective function of key;The processor is prompted to:
It calls the objective function to generate private key and public key in the target container, and the private key of generation is encrypted, And persistent storage is carried out to encrypted private key;Wherein, the private key of encryption is provided with only by the target container The decryption policy being decrypted;
The remote proving for being directed to the public key is initiated to the long-range object that receives by third party's remote proving server-side, and described When public key passes through remote proving, the public key is sent to the long-range reception object and carries out persistent storage;
Obtain the implementing result of the pending code;Wherein, the implementing result is by the target container based on decrypting The private key has carried out signature processing;
The implementing result is sent to the long-range reception object, by the public affairs of the long-range reception object based on storage Key verifies the signature of the implementing result, to confirm whether the implementing result is trust data.
CN201811364461.1A 2018-11-16 2018-11-16 Remote certification method and device for trusted application program and electronic equipment Active CN110011801B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201811364461.1A CN110011801B (en) 2018-11-16 2018-11-16 Remote certification method and device for trusted application program and electronic equipment
CN202011295708.6A CN112468473B (en) 2018-11-16 2018-11-16 Remote proving method and device for trusted application program and electronic equipment
TW108129629A TWI716078B (en) 2018-11-16 2019-08-20 Remote certification method and device for trusted application program and electronic equipment
PCT/CN2019/106607 WO2020098377A1 (en) 2018-11-16 2019-09-19 Remote attestation method and apparatus for trusted application program, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811364461.1A CN110011801B (en) 2018-11-16 2018-11-16 Remote certification method and device for trusted application program and electronic equipment

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202011295708.6A Division CN112468473B (en) 2018-11-16 2018-11-16 Remote proving method and device for trusted application program and electronic equipment

Publications (2)

Publication Number Publication Date
CN110011801A true CN110011801A (en) 2019-07-12
CN110011801B CN110011801B (en) 2020-10-20

Family

ID=67164919

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201811364461.1A Active CN110011801B (en) 2018-11-16 2018-11-16 Remote certification method and device for trusted application program and electronic equipment
CN202011295708.6A Active CN112468473B (en) 2018-11-16 2018-11-16 Remote proving method and device for trusted application program and electronic equipment

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202011295708.6A Active CN112468473B (en) 2018-11-16 2018-11-16 Remote proving method and device for trusted application program and electronic equipment

Country Status (3)

Country Link
CN (2) CN110011801B (en)
TW (1) TWI716078B (en)
WO (1) WO2020098377A1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430051A (en) * 2019-08-01 2019-11-08 北京永新视博数字电视技术有限公司 A kind of method for storing cipher key, device and server
CN110519260A (en) * 2019-08-23 2019-11-29 联想(北京)有限公司 A kind of information processing method and information processing unit
CN110838919A (en) * 2019-11-01 2020-02-25 广州小鹏汽车科技有限公司 Communication method, storage method, operation method and device
CN110890962A (en) * 2019-12-20 2020-03-17 支付宝(杭州)信息技术有限公司 Authentication key negotiation method, device, storage medium and equipment
CN111049825A (en) * 2019-12-12 2020-04-21 支付宝(杭州)信息技术有限公司 Secure multi-party computing method and system based on trusted execution environment
CN111090888A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Contract verification method and device
CN111092726A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Method and device for generating shared contract key
CN111382445A (en) * 2020-03-03 2020-07-07 首都师范大学 Method for providing trusted service by using trusted execution environment system
CN111541725A (en) * 2020-07-08 2020-08-14 支付宝(杭州)信息技术有限公司 Block chain all-in-one machine, password acceleration card thereof, and key management method and device
CN111988141A (en) * 2020-03-18 2020-11-24 支付宝(杭州)信息技术有限公司 Method and device for sharing cluster key
CN112507034A (en) * 2021-02-07 2021-03-16 支付宝(杭州)信息技术有限公司 Data storage method and system
CN113343234A (en) * 2021-06-10 2021-09-03 支付宝(杭州)信息技术有限公司 Method and device for carrying out credible check on code security
CN113672973A (en) * 2021-07-20 2021-11-19 深圳大学 Database system of embedded equipment based on RISC-V architecture of trusted execution environment
CN114553590A (en) * 2022-03-17 2022-05-27 北京字节跳动网络技术有限公司 Data transmission method and related equipment
CN114884647A (en) * 2021-01-22 2022-08-09 腾讯科技(深圳)有限公司 Network access management method and related equipment
CN114884714A (en) * 2022-04-26 2022-08-09 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN116112187A (en) * 2023-04-10 2023-05-12 山东海量信息技术研究院 Remote proving method, device, equipment and readable storage medium
CN116846682A (en) * 2023-08-29 2023-10-03 山东海量信息技术研究院 Communication channel establishment method, device, equipment and medium
CN117454437A (en) * 2023-12-22 2024-01-26 北京天润基业科技发展股份有限公司 Transaction processing method, storage medium and electronic device

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113395159B (en) * 2021-01-08 2024-03-12 腾讯科技(深圳)有限公司 Data processing method based on trusted execution environment and related device
CN114090981B (en) * 2021-11-29 2023-04-07 深圳前海微众银行股份有限公司 Access method and device for remote host
CN113987554B (en) * 2021-12-23 2022-04-08 支付宝(杭州)信息技术有限公司 Method, device and system for obtaining data authorization
CN114422215A (en) * 2021-12-31 2022-04-29 国网安徽省电力有限公司合肥供电公司 Cross-platform and trusted energy data sharing system and method based on block chain
CN115001744B (en) * 2022-04-27 2023-08-29 中国科学院信息工程研究所 Cloud platform data integrity verification method and system
CN114900320B (en) * 2022-06-21 2024-04-26 杭州安恒信息安全技术有限公司 TEE node authentication method, device, equipment and medium
CN115276982B (en) * 2022-07-29 2024-04-16 武汉科技大学 SGX-based Ethernet key management method and system
CN115484031B (en) * 2022-09-13 2024-03-08 山东大学 SGX-based trusted-free third-party cloud storage ciphertext deduplication method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150264021A1 (en) * 2014-03-13 2015-09-17 Intel Corporation Pseudonymous remote attestation utilizing a chain-of-trust
CN105812332A (en) * 2014-12-31 2016-07-27 北京握奇智能科技有限公司 Data protection method
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107896150A (en) * 2017-12-21 2018-04-10 善林(上海)金融信息服务有限公司 Link block chain network and the system of Internet of Things
CN107919954A (en) * 2017-10-20 2018-04-17 浙江大学 A kind of block chain user key guard method and device based on SGX
CN108055133A (en) * 2017-12-12 2018-05-18 江苏安凰领御科技有限公司 A kind of key secure signing method based on block chain technology
CN108462689A (en) * 2017-02-22 2018-08-28 英特尔公司 Technology for the certification of the long-range enclaves SGX
US20180332011A1 (en) * 2017-05-11 2018-11-15 Microsoft Technology Licensing, Llc Secure cryptlet tunnel

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100583768C (en) * 2007-04-27 2010-01-20 中国科学院软件研究所 Safety requirement based remote proving method and system thereof
CN101908115B (en) * 2010-07-30 2013-09-11 中国船舶重工集团公司第七0九研究所 Method for realizing software trusted execution based on trusted platform module
CN101951388B (en) * 2010-10-14 2013-03-20 中国电子科技集团公司第三十研究所 Remote attestation method in credible computing environment
CA2902285A1 (en) * 2013-03-15 2014-09-18 Ologn Technologies Ag Systems, methods and apparatuses for remote attestation
CN104077533B (en) * 2014-07-17 2017-09-15 北京握奇智能科技有限公司 A kind of method and apparatus for operating sensitive data
US9363087B2 (en) * 2014-10-02 2016-06-07 Microsoft Technology Licensing, Inc. End-to-end security for hardware running verified software
US20160098555A1 (en) * 2014-10-02 2016-04-07 Arm Limited Program code attestation circuitry, a data processing apparatus including such program code attestation circuitry and a program attestation method
US9536093B2 (en) * 2014-10-02 2017-01-03 Microsoft Technology Licensing, Llc Automated verification of a software system
CN104408371B (en) * 2014-10-14 2017-12-19 中国科学院信息工程研究所 A kind of implementation method based on credible performing environment high safety application system
CN104333451A (en) * 2014-10-21 2015-02-04 广东金赋信息科技有限公司 Trusted self-help service system
CN104333541A (en) * 2014-10-21 2015-02-04 广东金赋信息科技有限公司 Trusted self-help service system
US11829998B2 (en) * 2016-06-07 2023-11-28 Cornell University Authenticated data feed for blockchains
US10445698B2 (en) * 2016-06-30 2019-10-15 Clause, Inc. System and method for forming, storing, managing, and executing contracts
US10341116B2 (en) * 2016-12-28 2019-07-02 Intel Corporation Remote attestation with hash-based signatures
US20180241572A1 (en) * 2017-02-22 2018-08-23 Intel Corporation Techniques for remote sgx enclave authentication
US10397005B2 (en) * 2017-03-31 2019-08-27 Intel Corporation Using a trusted execution environment as a trusted third party providing privacy for attestation
CN107395366A (en) * 2017-08-08 2017-11-24 沈阳东青科技有限公司 A kind of Efficient Remote method of proof towards industry control credible calculating platform
CN107463838B (en) * 2017-08-14 2019-10-18 广州大学 Method for safety monitoring, device, system and storage medium based on SGX
CN108390866B (en) * 2018-02-06 2020-10-02 南京航空航天大学 Trusted remote certification method and system based on double-agent bidirectional anonymous authentication

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150264021A1 (en) * 2014-03-13 2015-09-17 Intel Corporation Pseudonymous remote attestation utilizing a chain-of-trust
CN105812332A (en) * 2014-12-31 2016-07-27 北京握奇智能科技有限公司 Data protection method
CN108462689A (en) * 2017-02-22 2018-08-28 英特尔公司 Technology for the certification of the long-range enclaves SGX
US20180332011A1 (en) * 2017-05-11 2018-11-15 Microsoft Technology Licensing, Llc Secure cryptlet tunnel
CN107342858A (en) * 2017-07-05 2017-11-10 武汉凤链科技有限公司 A kind of intelligent contract guard method and system based on trusted context
CN107919954A (en) * 2017-10-20 2018-04-17 浙江大学 A kind of block chain user key guard method and device based on SGX
CN108055133A (en) * 2017-12-12 2018-05-18 江苏安凰领御科技有限公司 A kind of key secure signing method based on block chain technology
CN107896150A (en) * 2017-12-21 2018-04-10 善林(上海)金融信息服务有限公司 Link block chain network and the system of Internet of Things

Cited By (37)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110430051A (en) * 2019-08-01 2019-11-08 北京永新视博数字电视技术有限公司 A kind of method for storing cipher key, device and server
CN110430051B (en) * 2019-08-01 2022-08-05 北京永新视博数字电视技术有限公司 Key storage method, device and server
CN110519260A (en) * 2019-08-23 2019-11-29 联想(北京)有限公司 A kind of information processing method and information processing unit
CN110519260B (en) * 2019-08-23 2020-09-25 联想(北京)有限公司 Information processing method and information processing device
CN110838919B (en) * 2019-11-01 2021-04-13 广州小鹏汽车科技有限公司 Communication method, storage method, operation method and device
CN110838919A (en) * 2019-11-01 2020-02-25 广州小鹏汽车科技有限公司 Communication method, storage method, operation method and device
CN111049825A (en) * 2019-12-12 2020-04-21 支付宝(杭州)信息技术有限公司 Secure multi-party computing method and system based on trusted execution environment
CN111049825B (en) * 2019-12-12 2021-11-30 支付宝(杭州)信息技术有限公司 Secure multi-party computing method and system based on trusted execution environment
CN110890962A (en) * 2019-12-20 2020-03-17 支付宝(杭州)信息技术有限公司 Authentication key negotiation method, device, storage medium and equipment
WO2021120871A1 (en) * 2019-12-20 2021-06-24 支付宝(杭州)信息技术有限公司 Authentication key negotiation method and apparatus, storage medium and device
CN111382445A (en) * 2020-03-03 2020-07-07 首都师范大学 Method for providing trusted service by using trusted execution environment system
CN111382445B (en) * 2020-03-03 2023-04-07 首都师范大学 Method for providing trusted service by using trusted execution environment system
CN111090888A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Contract verification method and device
CN111092726A (en) * 2020-03-18 2020-05-01 支付宝(杭州)信息技术有限公司 Method and device for generating shared contract key
CN111988141A (en) * 2020-03-18 2020-11-24 支付宝(杭州)信息技术有限公司 Method and device for sharing cluster key
CN111988141B (en) * 2020-03-18 2022-08-02 支付宝(杭州)信息技术有限公司 Method and device for sharing cluster key
WO2021184882A1 (en) * 2020-03-18 2021-09-23 支付宝(杭州)信息技术有限公司 Method and apparatus for verifying contract
US11626984B2 (en) 2020-07-08 2023-04-11 Alipay (Hangzhou) Information Technology Co., Ltd. Blockchain integrated station and cryptographic acceleration card, key management methods and apparatuses
CN111541725B (en) * 2020-07-08 2021-04-27 支付宝(杭州)信息技术有限公司 Block chain all-in-one machine, password acceleration card thereof, and key management method and device
CN111541725A (en) * 2020-07-08 2020-08-14 支付宝(杭州)信息技术有限公司 Block chain all-in-one machine, password acceleration card thereof, and key management method and device
CN114884647B (en) * 2021-01-22 2024-02-20 腾讯科技(深圳)有限公司 Network access management method and related equipment
CN114884647A (en) * 2021-01-22 2022-08-09 腾讯科技(深圳)有限公司 Network access management method and related equipment
CN112507034A (en) * 2021-02-07 2021-03-16 支付宝(杭州)信息技术有限公司 Data storage method and system
CN113468270A (en) * 2021-02-07 2021-10-01 支付宝(杭州)信息技术有限公司 Data storage method and system
CN113343234A (en) * 2021-06-10 2021-09-03 支付宝(杭州)信息技术有限公司 Method and device for carrying out credible check on code security
WO2022257722A1 (en) * 2021-06-10 2022-12-15 支付宝(杭州)信息技术有限公司 Method and apparatus for performing trust check on code security
CN113672973B (en) * 2021-07-20 2024-04-16 深圳大学 Database system of embedded device based on RISC-V architecture of trusted execution environment
CN113672973A (en) * 2021-07-20 2021-11-19 深圳大学 Database system of embedded equipment based on RISC-V architecture of trusted execution environment
CN114553590B (en) * 2022-03-17 2023-08-22 抖音视界有限公司 Data transmission method and related equipment
CN114553590A (en) * 2022-03-17 2022-05-27 北京字节跳动网络技术有限公司 Data transmission method and related equipment
CN114884714B (en) * 2022-04-26 2024-03-26 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN114884714A (en) * 2022-04-26 2022-08-09 北京百度网讯科技有限公司 Task processing method, device, equipment and storage medium
CN116112187A (en) * 2023-04-10 2023-05-12 山东海量信息技术研究院 Remote proving method, device, equipment and readable storage medium
CN116846682A (en) * 2023-08-29 2023-10-03 山东海量信息技术研究院 Communication channel establishment method, device, equipment and medium
CN116846682B (en) * 2023-08-29 2024-01-23 山东海量信息技术研究院 Communication channel establishment method, device, equipment and medium
CN117454437A (en) * 2023-12-22 2024-01-26 北京天润基业科技发展股份有限公司 Transaction processing method, storage medium and electronic device
CN117454437B (en) * 2023-12-22 2024-03-22 北京天润基业科技发展股份有限公司 Transaction processing method, storage medium and electronic device

Also Published As

Publication number Publication date
TW202021306A (en) 2020-06-01
TWI716078B (en) 2021-01-11
CN112468473B (en) 2023-10-24
CN112468473A (en) 2021-03-09
CN110011801B (en) 2020-10-20
WO2020098377A1 (en) 2020-05-22

Similar Documents

Publication Publication Date Title
CN110011801A (en) Remote certification method and device, the electronic equipment of trusted application
CN110580418B (en) Private data query method and device based on block chain account
CN110580413B (en) Private data query method and device based on down-link authorization
US11115205B2 (en) Method and apparatus for trusted computing
US9867043B2 (en) Secure device service enrollment
TWI274500B (en) User authentication system
CN110580412B (en) Permission query configuration method and device based on chain codes
CN109074449A (en) Neatly supply proves key in Secure Enclave
WO2019084908A1 (en) Method and apparatus for trusted computing
CN110249332A (en) Credible performing environment is addressed using encryption key
CN108898389A (en) Based on the content verification method and device of block chain, electronic equipment
CN110580245B (en) Private data sharing method and device
CN111475829A (en) Private data query method and device based on block chain account
CN107743133A (en) Mobile terminal and its access control method and system based on trustable security environment
WO2022073264A1 (en) Systems and methods for secure and fast machine learning inference in trusted execution environment
CN111143890A (en) Calculation processing method, device, equipment and medium based on block chain
CN109525400A (en) Security processing, system and electronic equipment
CN108781210A (en) Mobile device with credible performing environment
US11770366B2 (en) Blockchain autonomous agents
CN110580411B (en) Permission query configuration method and device based on intelligent contract
CN109067528A (en) Crypto-operation, method, cryptographic service platform and the equipment for creating working key
CN110235134A (en) Credible performing environment is addressed using toilet's supply
Plappert et al. Secure role and rights management for automotive access and feature activation
CN110268693A (en) VNF packet signature system and VNF packet signature method
Long et al. Using amazon managed blockchain for ePHI an analysis of hyperledger fabric and ethereum

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200925

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Innovative advanced technology Co.,Ltd.

Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant before: Advanced innovation technology Co.,Ltd.

Effective date of registration: 20200925

Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands

Applicant after: Advanced innovation technology Co.,Ltd.

Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands

Applicant before: Alibaba Group Holding Ltd.