CN112800436B

CN112800436B - Data authorization method and device and electronic equipment

Info

Publication number: CN112800436B
Application number: CN202110371529.4A
Authority: CN
Inventors: 余逸荣; 邱鸿霖; 陈辰; 吴行行
Original assignee: Alipay Hangzhou Information Technology Co Ltd; Ant Blockchain Technology Shanghai Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd; Ant Blockchain Technology Shanghai Co Ltd
Priority date: 2021-04-07
Filing date: 2021-04-07
Publication date: 2021-06-29
Anticipated expiration: 2041-04-07
Also published as: CN112800436A; CN113268742A; WO2022213964A1; CN113268742B

Abstract

One or more embodiments of the present specification provide a data authorization method, an apparatus, and an electronic device, which are applied to an electronic device equipped with a trusted execution environment; at least one application is deployed in the trusted execution environment; private data participating in trusted computing are stored in the trusted execution environment; the method comprises the following steps: receiving data authorization information aiming at the private data sent by the data authorizer; the data authorization information comprises an authorization identifier corresponding to the application program; determining whether an authorization identifier corresponding to the application program in the data authorization information is the same as an authorization identifier corresponding to the application program stored in the trusted execution environment; wherein the authorization identifier corresponding to the application program stored in the trusted execution environment is updated each time the application program is restarted; and if so, authorizing the application program to perform trusted computing based on the private data.

Description

Data authorization method and device and electronic equipment

Technical Field

One or more embodiments of the present disclosure relate to the field of information security technologies, and in particular, to a data authorization method, an apparatus, and an electronic device.

Background

In recent years, interconnection devices are increasingly popularized, so that device manufacturers are forced to treat security problems occurring in the operation process of the devices more seriously and seriously, and a Trusted Execution Environment (TEE) mounted in the devices provides solutions for the security problems.

The trusted execution environment is a secure area within the host processor, runs in a separate environment, and runs in parallel with the conventional operating system, so that the confidentiality and integrity of code and data loaded in the trusted execution environment can be protected.

Disclosure of Invention

The specification proposes a data authorization method, which is applied to an electronic device loaded with a trusted execution environment; at least one application is deployed in the trusted execution environment; and the trusted execution environment stores private data participating in trusted computing; the method comprises the following steps:

receiving data authorization information aiming at the private data sent by the data authorizer; the data authorization information comprises an authorization identifier corresponding to the application program;

determining whether an authorization identifier corresponding to the application program in the data authorization information is the same as an authorization identifier corresponding to the application program stored in the trusted execution environment; wherein the authorization identifier corresponding to the application program stored in the trusted execution environment is updated each time the application program is restarted;

and if so, authorizing the application program to perform trusted computing based on the private data.

Optionally, the method further comprises:

determining whether an authorization identifier corresponding to the application program stored in the trusted execution environment is updated;

and if so, releasing the authority of the application program for performing trusted computing based on the private data.

Optionally, the data authorization information further includes authorization information corresponding to the private data;

the authority authorizing the application to perform trusted computing based on the private data includes:

storing authorization information corresponding to the private data in the data authorization information to the trusted execution environment; or storing authorization information corresponding to the private data in the data authorization information to the trusted execution environment, and setting the authorization information to be in a valid state;

the releasing the authority of the application program for performing trusted computing based on the private data comprises:

deleting the authorization information stored in the trusted execution environment; or, the authorization information stored in the trusted execution environment is set to an invalid state.

Optionally, the data authorization information is digitally signed based on a private key of the data authorizer;

before the determining whether the authorization identifier corresponding to the application in the data authorization information is the same as the authorization identifier corresponding to the application stored in the trusted execution environment, the method further includes:

verifying a digital signature corresponding to the data authorization information based on a public key of the data authorizer stored in the trusted execution environment;

and if the verification is passed, determining whether the authorization identifier corresponding to the application program in the data authorization information is the same as the authorization identifier corresponding to the application program stored in the trusted execution environment.

Optionally, the storing the authorization information in the data authorization information to the trusted execution environment includes:

determining whether authorization information corresponding to the private data is stored in the trusted execution environment;

if not, storing authorization information corresponding to the private data in the data authorization information to the trusted execution environment;

if so, updating the authorization information corresponding to the private data stored in the trusted execution environment based on the authorization information corresponding to the private data in the data authorization information.

Optionally, the authorization information corresponding to the private data includes an identity credential corresponding to the data authorizer;

before the updating, based on the authorization information corresponding to the private data in the data authorization information, the authorization information corresponding to the private data stored in the trusted execution environment, the method further includes:

determining whether the identity certificate corresponding to the data authorizer in the data authorization information is the same as the identity certificate corresponding to the data authorizer stored in the trusted execution environment;

Optionally, the identity credential comprises a public key of the data authority.

Optionally, the authorization information corresponding to the private data includes a data identifier corresponding to the private data;

determining whether a data identifier corresponding to the private data in the data authorization information is the same as a data identifier corresponding to the private data stored in the trusted execution environment;

Optionally, the data identifier includes a data summary corresponding to the private data.

Optionally, the authorization information corresponding to the private data includes a data version corresponding to the private data;

determining whether a data version corresponding to the private data in the data authorization information is higher than a data version corresponding to the private data stored in the trusted execution environment;

Optionally, the method further comprises:

receiving a data calling request aiming at the private data and sent by a data calling party;

determining whether authorization information corresponding to the private data is stored in the trusted execution environment; or, determining whether authorization information of a valid state corresponding to the private data is stored in the trusted execution environment;

if so, triggering the application program to perform trusted computing based on the private data.

Optionally, the authorization information includes: an authorization status;

the triggering the application program to perform trusted computing based on the private data includes:

determining whether the authorization state in the authorization information is an authorized state;

Optionally, the authorization information includes: the number of remaining authorizations;

determining whether the remaining authorization times in the authorization information are greater than 0;

if yes, the application program is triggered to conduct trusted calculation based on the privacy data, and the number of remaining authorization times in the authorization information is reduced by 1.

The present specification also proposes a data authorization apparatus, which is applied to an electronic device carrying a trusted execution environment; at least one application is deployed in the trusted execution environment; and the trusted execution environment stores private data participating in trusted computing; the device comprises:

the first receiving module is used for receiving data authorization information aiming at the private data, which is sent by the data authorizer; the data authorization information comprises an authorization identifier corresponding to the application program;

the first determining module is used for determining whether the authorization identifier corresponding to the application program in the data authorization information is the same as the authorization identifier corresponding to the application program stored in the trusted execution environment; wherein the authorization identifier corresponding to the application program stored in the trusted execution environment is updated each time the application program is restarted;

and if so, authorizing the authority of the application program for performing trusted computing based on the private data.

Optionally, the apparatus further comprises:

the determining module is used for determining whether the authorization identifier corresponding to the application program stored in the trusted execution environment is updated;

the authorization module:

the release module:

the first determination module:

before determining whether the authorization identifier corresponding to the application program in the data authorization information is the same as the authorization identifier corresponding to the application program stored in the trusted execution environment, verifying a digital signature corresponding to the data authorization information based on a public key of the data authorizer stored in the trusted execution environment;

Optionally, the authorization module:

the authorization module:

before updating the authorization information corresponding to the private data stored in the trusted execution environment based on the authorization information corresponding to the private data in the data authorization information, determining whether an identity credential corresponding to the data authorizer in the data authorization information is the same as an identity credential corresponding to the data authorizer stored in the trusted execution environment;

the authorization module:

before updating the authorization information corresponding to the private data stored in the trusted execution environment based on the authorization information corresponding to the private data in the data authorization information, determining whether a data identifier corresponding to the private data in the data authorization information is the same as a data identifier corresponding to the private data stored in the trusted execution environment;

the authorization module:

before updating the authorization information corresponding to the private data stored in the trusted execution environment based on the authorization information corresponding to the private data in the data authorization information, determining whether a data version corresponding to the private data in the data authorization information is higher than a data version corresponding to the private data stored in the trusted execution environment;

Optionally, the apparatus further comprises:

the second receiving module is used for receiving a data calling request aiming at the private data and sent by a data calling party;

a second determination module that determines whether authorization information corresponding to the private data is stored in the trusted execution environment; or, determining whether authorization information of a valid state corresponding to the private data is stored in the trusted execution environment;

and if so, triggering the application program to perform trusted computing based on the private data.

Optionally, the authorization information includes: an authorization status;

the calculation module:

This specification also proposes an electronic device including:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the steps of the above method by executing the executable instructions.

The present specification also contemplates a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the above-described method.

In the above technical solution, the authorization identifier corresponding to the application program and the authorization information corresponding to the private data, which have timeliness, may be stored in the trusted execution environment, and when it is determined that the authorization identifier in the data authorization information for the private data sent by the data authorizer is the same as the authorization identifier stored in the trusted execution environment, the authorization information corresponding to the private data in the data authorization information is stored in the trusted execution environment, so that the data authorizer can manage the use of the private data conveniently, and the data security of the private data can also be improved.

Drawings

FIG. 1 is a schematic diagram of a data authorization system shown in an exemplary embodiment of the present description;

FIG. 2 is a flow chart of a data authorization method shown in an exemplary embodiment of the present description;

FIG. 3 is a flow diagram illustrating a method for data invocation in an exemplary embodiment of the present description;

fig. 4 is a hardware structure diagram of an electronic device where a data authorization apparatus is located according to an exemplary embodiment of the present specification;

fig. 5 is a block diagram of a data authorization apparatus according to an exemplary embodiment of the present disclosure.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.

It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.

In practical applications, a trusted execution environment may be hosted in the electronic device, and at least one application program may be deployed in the trusted execution environment. In this case, each deployed application may run in the trusted execution environment; that is, code and data corresponding to each application program may be loaded into the trusted execution environment for execution to protect the confidentiality and integrity of the code and data corresponding to each application program.

The electronic device with the trusted execution environment may be a server, a computer, a mobile phone, a tablet device, a notebook computer, a Personal Digital Assistants (PDAs), and the like, which is not limited in this specification.

Generally, for an application deployed in a trusted execution environment, data corresponding to the application (e.g., functions specified by program code corresponding to the application; parameters required for the program code corresponding to the application to be executed; etc.) may be stored in the trusted execution environment in advance. Subsequently, when the user calls the application program, the user may specify data corresponding to the application program in the call (i.e., data that the application program needs to use when running in the call), so that the application program may perform trusted computing in the trusted execution environment based on the data specified by the user, and output a corresponding computing result.

Specifically, data corresponding to the application program may be encrypted in advance, and the encrypted data may be stored in the trusted execution environment as private data corresponding to the application program. Subsequently, the application program may decrypt the private data specified by the user in the trusted execution environment, perform trusted computation based on the decrypted data, and output a corresponding computation result.

For private data corresponding to an application deployed in a trusted execution environment, the private data is typically held and maintained by a data owner and provided to the application so that the application can perform trusted computing in the trusted execution environment based on the private data.

In the related art, for an application deployed in a trusted execution environment, private data corresponding to the application may be encrypted based on a public key of a data owner, and the encrypted private data is provided to the application; accordingly, the application program can decrypt the encrypted private data based on the private key of the data owner in the trusted execution environment to obtain the private data, and perform trusted computation based on the private data.

However, since the application program can use the private data without any restriction (i.e., perform trusted calculation based on the private data) after the data owner provides the private data encrypted using the public key to the application program holding the private key, the data owner has less management on the use of the private data, and the security of the private data is difficult to be ensured.

In order to facilitate management of use of private data (for example, only a specific application program is allowed to use the private data, only the private data is allowed to be used for a certain number of times, and the like), and improve data security of the private data, the specification provides a technical scheme that an authorization identifier corresponding to the application program and authorization information corresponding to the private data with timeliness are stored in a trusted execution environment, and when the authorization identifier in the received data authorization information aiming at the private data is determined to be the same as the authorization identifier stored in the trusted execution environment, the authorization information corresponding to the private data in the data authorization information is stored in the trusted execution environment.

In a specific implementation, for a certain application deployed in the trusted execution environment, in order to authorize the private data corresponding to the application, the data authorizer may initiate data authorization information for the private data, and send the data authorization information to the electronic device hosting the trusted execution environment through the electronic device corresponding to the data authorizer.

In practical applications, the data authorization information may include: and the authorization identifier corresponding to the application program.

When the data authorization information is received, on one hand, an authorization identifier corresponding to the application program in the data authorization information can be acquired; on the other hand, the authorization identifier corresponding to the application program stored in the trusted execution environment can be acquired. Further, it may be determined, in the trusted execution environment, whether an authorization identifier corresponding to the application in the data authorization information is the same as an authorization identifier corresponding to the application stored in the trusted execution environment.

If the authorization identifier corresponding to the application program in the data authorization information is the same as the authorization identifier corresponding to the application program stored in the trusted execution environment, the data authorizer may be considered to perform a private data authorization operation during the current running process of the application program, and therefore, the authorization information corresponding to the private data in the data authorization information may be stored in the trusted execution environment.

The authorization identifier corresponding to the application program may be an identifier for authorizing private data, which is generated by the trusted execution environment for the application program when the application program is started; the authorization identifier is stored in the trusted execution environment and is updated each time the application is restarted, i.e. the authorization identifier is time-efficient.

And when the authorization identifier corresponding to the application program stored in the trusted execution environment is updated, the authorization information corresponding to the private data stored in the trusted execution environment is invalidated. Since the authorization identifier corresponding to the application program stored in the trusted execution environment is updated every time the application program is restarted, the authorization information corresponding to the private data stored in the trusted execution environment is also time-efficient.

Referring to fig. 1, fig. 1 is a schematic diagram of a data authorization system according to an exemplary embodiment of the present disclosure.

As shown in fig. 1, a trusted execution environment may be installed in an electronic device, and at least one application program may be deployed in the trusted execution environment, where each deployed application program may run in the trusted execution environment. In addition, private data participating in trusted computing may also be stored in the trusted execution environment. In this case, for an application deployed in the trusted execution environment, the application may use private data corresponding to the application; that is, the application may perform trusted computations in the trusted execution environment based on private data corresponding to the application.

The Application program may be a software Application (Application) that executes a user-oriented business logic, or may be a program that includes a calculation model such as a machine learning model, and the present specification does not limit this.

It should be noted that the private data may be authorized by a data authorizer to the application program, for example: the application may be authorized by the data owner for the private data and provided with the private data for trusted computing by the application, if authorized, in the trusted execution environment based on the private data.

Referring to fig. 2, fig. 2 is a flowchart illustrating a data authorization method according to an exemplary embodiment of the present disclosure.

In conjunction with the data authorization system shown in fig. 1, the data authorization method can be applied to an electronic device in the data authorization system, which is loaded with a trusted execution environment; at least one application is deployed in the trusted execution environment. The data authorization method can comprise the following steps:

step 202, receiving data authorization information aiming at the private data sent by the data authorizer; the data authorization information comprises an authorization identifier corresponding to the application program;

step 204, determining whether the authorization identifier corresponding to the application program in the data authorization information is the same as the authorization identifier corresponding to the application program stored in the trusted execution environment; wherein the authorization identifier corresponding to the application program stored in the trusted execution environment is updated each time the application program is restarted;

and step 206, if yes, authorizing the application program to perform the authority of trusted computing based on the private data.

In this embodiment, for an application deployed in the trusted execution environment, in order to authorize the private data corresponding to the application to be used by the application, a data authorizer (e.g., a data owner of the private data) may initiate data authorization information for the private data, and send the data authorization information to the electronic device hosting the trusted execution environment through an electronic device corresponding to the data authorizer.

Specifically, each time the application is restarted, an authorization identifier may be generated for the application by the trusted execution environment, and the generated authorization identifier may be stored in the trusted execution environment, where the authorization identifiers generated each time are different from each other.

In this case, the authorization identifier corresponding to the application program stored in the trusted execution environment may be used to represent the running process of the application program. For example: if the authorization identifiers corresponding to the application programs detected at two different moments are the same, the application program can be considered to be in the same operation process at the two moments, namely the application program is not restarted in the time period between the two moments; if the authorization identifiers corresponding to the application detected at two different times are different, the application may be considered to be in two different operational processes at the two different times, i.e., the application has been restarted in the time period between the two times.

For example, at each time of restarting the application program, a random number may be generated for the application program by the trusted execution environment, and the random number is determined as the authorization identifier corresponding to the application program, so that it is ensured that the authorization identifiers generated by the trusted execution environment for the application program each time are completely random, that is, the authorization identifiers generated each time are different from each other; or, when the application program is restarted each time, the trusted execution environment may generate a random number for the application program, and determine a hash value obtained by hash calculation of the random number and an ID of the application program (for example, a program name of the application program) as an authorization identifier corresponding to the application program; this is not limited by the present description.

In addition, the authorization identifier generated by the trusted execution environment for the application program every time can be provided to the data authorizer, so that the data authorizer can execute the privacy data authorization operation by using the authorization identifier.

In this embodiment, when the data authorization information is received, on one hand, an authorization identifier corresponding to the application program in the data authorization information may be obtained; on the other hand, the authorization identifier corresponding to the application program stored in the trusted execution environment can be acquired. Further, it may be determined, in the trusted execution environment, whether an authorization identifier corresponding to the application in the data authorization information is the same as an authorization identifier corresponding to the application stored in the trusted execution environment.

In this embodiment, if the authorization identifier corresponding to the application program in the data authorization information is the same as the authorization identifier corresponding to the application program stored in the trusted execution environment, it may be considered that the data authorizer performs a private data authorization operation during the current running process of the application program, and therefore, the application program may be authorized to perform the authority of trusted computing based on the private data in the trusted execution environment.

Accordingly, when it is determined that the authorization identifier corresponding to the application program stored in the trusted execution environment is updated, the authority of the application program for performing trusted computing based on the private data can be released. Since the authorization identifier corresponding to the application program stored in the trusted execution environment is updated every time the application program is restarted, the authority of the application program to perform trusted computing based on the private data is also time-efficient.

Specifically, when the application is restarted each time, since the authorization identifier corresponding to the application is updated, the authority of the application for performing trusted computing based on the private data is released, and at this time, the data authorizer needs to perform a private data authorization operation on the private data again in the current running process of the application.

In an embodiment shown, the data authorization information may further include: and authorization information corresponding to the privacy data.

When the application program is authorized to perform trusted computing based on the private data, authorization information corresponding to the private data in the data authorization information can be directly stored in the trusted execution environment; when the authority is removed, the authorization information corresponding to the private data stored in the trusted execution environment can be deleted.

Or, when the application program is authorized to perform trusted computing based on the private data, authorization information corresponding to the private data in the data authorization information may be stored in the trusted execution environment, and the authorization information is set to a valid state; when the authority is removed, the authorization information corresponding to the private data stored in the trusted execution environment can be set to be in an invalid state.

In this case, when using the private data, it may be determined whether the application program has a right to perform trusted computing based on the private data; if so, it is stated that the application may use the private data, i.e. the application may perform trusted computations based on the private data.

In one embodiment, the data authorizer may use its private key to digitally sign the data authorization information, and send the digitally signed data authorization information to the electronic device hosting the trusted execution environment.

When the electronic device receives the data authorization information, the electronic device may first acquire the public key of the data authorizer stored in the trusted execution environment, and verify the digital signature corresponding to the data authorization information based on the acquired public key of the data authorizer; if the verification of the digital signature is passed, the data authorization information may be executed, that is, authorization information corresponding to the private data in the data authorization information may be stored in the trusted execution environment.

In one embodiment, when storing authorization information corresponding to the private data in the data authorization information to the trusted execution environment, it may be determined whether authorization information corresponding to the private data is stored in the trusted execution environment.

If the authorization information corresponding to the private data is not stored in the trusted execution environment, it indicates that the privacy data authorization operation has not been executed on the private data in the current running process of the application program, so that the authorization information corresponding to the private data in the data authorization information can be directly stored in the trusted execution environment to complete the privacy data authorization operation.

If the authorization information corresponding to the private data is stored in the trusted execution environment, it indicates that a private data authorization operation has been performed on the private data in the current running process of the application program, so that the authorization information corresponding to the private data stored in the trusted execution environment at this time may be updated based on the authorization information corresponding to the private data in the data authorization information.

In order to ensure the security of the update of the authorization information, in an illustrated embodiment, the authorization information corresponding to the privacy data in the data authorization information may include: and the identity certificate corresponds to the data authority. That is, the authorization information corresponding to the private data stored in the trusted execution environment includes: an identity credential corresponding to the data authority.

In this case, it may be determined in the trusted execution environment whether the identity credential corresponding to the data authorizer in the data authorization information is the same as the identity credential corresponding to the data authorizer stored in the trusted execution environment. If so, the verification for the update of the authorization information can be considered to be passed, so that the authorization information corresponding to the private data stored in the trusted execution environment at the time can be updated based on the authorization information corresponding to the private data in the data authorization information.

In practical applications, the identity credential corresponding to the data authorizer may include: the public key of the data authority.

In another illustrated embodiment, the authorization information corresponding to the private data in the data authorization information may include: and data identification corresponding to the privacy data. That is, the authorization information corresponding to the private data stored in the trusted execution environment includes: and data identification corresponding to the privacy data.

In practical applications, the data identifier corresponding to the private data may include: a data summary corresponding to the private data. For example, the private data may be calculated based on a hash algorithm, so as to obtain a hash value of the private data, and the hash value is determined as a data identifier corresponding to the private data.

In this case, it may be determined in the trusted execution environment whether the data digest corresponding to the private data in the data authorization information is the same as the data digest corresponding to the private data stored in the trusted execution environment. If so, the verification for the update of the authorization information can be considered to be passed, so that the authorization information corresponding to the private data stored in the trusted execution environment at the time can be updated based on the authorization information corresponding to the private data in the data authorization information.

In still another illustrated embodiment, the authorization information corresponding to the private data in the data authorization information may include: and a data version corresponding to the private data. That is, the authorization information corresponding to the private data stored in the trusted execution environment includes: a data version corresponding to the private data.

In this case, it may be determined in the trusted execution environment whether a data version corresponding to the private data in the data authorization information is higher than a data version corresponding to the private data stored in the trusted execution environment. If so, the authorization information in the data authorization information can be considered to be updated compared with the authorization information stored in the trusted execution environment, so that the verification on the update of the authorization information can be considered to be passed, and the authorization information corresponding to the privacy data stored in the trusted execution environment at the moment can be updated based on the authorization information corresponding to the privacy data in the data authorization information.

For example, it is assumed that the data version of the private data is a version number in a digital form, and a larger number of the version number indicates a higher version; further assume that a data version corresponding to the private data in the data authorization information is version1.3, and a data version corresponding to the private data stored in the trusted execution environment is version 2.0; then since 2.0 is greater than 1.3, it may be determined that the version of the data in the data-authorization information corresponding to the private data is higher than the version of the data stored in the trusted execution environment corresponding to the private data.

It should be noted that, the authorization information corresponding to the private data in the data authorization information may include one or more of the following information for authorization information update verification: identity credentials corresponding to the data authorizer; a data identifier corresponding to the private data; and a data version corresponding to the private data. If the authorization information includes a plurality of kinds of information for authorization information update verification, it may be determined that the verification for the authorization information update is passed when each of the information is verified.

For example, assume that authorization information corresponding to the private data in the data authorization information includes: an identity credential corresponding to the data authority; a data identifier corresponding to the private data; a data version corresponding to the private data; further assume that the following three conditions are all satisfied: (1) the identity certificate corresponding to the data authorizer in the data authorization information is the same as the identity certificate corresponding to the data authorizer and stored in the trusted execution environment; (2) the data identifier corresponding to the private data in the data authorization information is the same as the data identifier corresponding to the private data stored in the trusted execution environment; (3) the data version corresponding to the private data in the data authorization information is higher than the data version corresponding to the private data stored in the trusted execution environment; it may be determined that the verification for the authorization information update passed.

In practical applications, the authorization information corresponding to the private data in the data authorization information may further include: an authorization status; the number of remaining authorizations; and the like; the method can be set according to actual requirements, and the specification does not limit the method.

Referring to fig. 3 on the basis of the data authorization flow shown in fig. 2, fig. 3 is a flow chart of a data calling method shown in an exemplary embodiment of the present specification.

Also, the data call method may be applied to the above-described electronic device in the data authorization system as shown in fig. 1. The data calling method may include the steps of:

step 302, receiving a data calling request aiming at the private data sent by a data calling party;

step 304, determining whether authorization information corresponding to the private data is stored in the trusted execution environment; or, determining whether authorization information of a valid state corresponding to the private data is stored in the trusted execution environment;

and step 306, if yes, triggering the application program to perform trusted calculation based on the private data.

For the application program, in order to trigger the application program to perform trusted computing based on the private data, the data caller may initiate a data call request for the private data, and send the data call request to the electronic device equipped with the trusted execution environment through the electronic device corresponding to the data caller.

As described above, the authority of the application program deployed in the trusted execution environment to perform trusted computing based on the private data is time-efficient.

In this case, when the electronic device receives the data call request, it may first determine whether the application program has the authority to perform trusted computing based on the private data.

Specifically, it may be determined, in the trusted execution environment, whether authorization information corresponding to the data identifier is stored in the trusted execution environment; alternatively, it may be determined in the trusted execution environment whether valid authorization information corresponding to the data identification is stored in the trusted execution environment.

If so, the application program can use the private data, so that the application program can be triggered to perform trusted calculation based on the private data.

In practical applications, the data call request may include: and data identification of the privacy data. In this case, it may be determined, in the trusted execution environment, whether authorization information corresponding to the data identifier is stored in the trusted execution environment based on the data identifier in the data call request; if so, the trusted execution environment may be deemed to have stored therein authorization information corresponding to the private data.

Alternatively, since the private data may be stored in the trusted execution environment in advance, the private data specified by the data call request may be determined first, and the data identifier corresponding to the stored private data may be searched for in the trusted execution environment. After the data identifier is found, whether valid authorization information corresponding to the data identifier is stored in the trusted execution environment can be determined based on the data identifier; if so, the trusted execution environment may be deemed to have stored therein authorization information corresponding to the private data.

For example, the authorization information corresponding to the private data stored to the trusted execution environment during the last run of the application may be deleted each time the application is restarted. Subsequently, if it is determined that the authorization information corresponding to the data identifier is stored in the trusted execution environment based on the data identifier corresponding to the private data, it may be directly determined that the authorization information is valid, so that the application program may be triggered to perform trusted computing based on the private data.

In another example, the authorization information corresponding to the private data, which is stored to the trusted execution environment during the last running of the application, may be set to a valid state when the authorization information corresponding to the private data in the data authorization information is stored to the trusted execution environment, and may be switched from the valid state to an invalid state each time the application is restarted. Subsequently, if it is determined that authorization information of a valid state corresponding to the data identifier is stored in the trusted execution environment based on the data identifier corresponding to the private data, the application program may be triggered to perform trusted computing based on the private data.

In one embodiment, the authorization information corresponding to the private data may include: an authorization status.

In this case, after determining that the authorization information of the valid state is stored in the trusted execution environment, it may be further determined whether the authorization state in the authorization information is an authorized state. If so, the application program can be triggered to perform trusted computing based on the private data.

Accordingly, for the authorization information stored in the trusted execution environment in a valid state, if the authorization state in the authorization information is an unauthorized state, it may be considered that the application program cannot perform trusted computing based on the private data.

In practical applications, the data authorizer may revoke the authorization for the private data by updating the authorization information of the valid state stored in the trusted execution environment, that is, the application program is no longer allowed to use the private data.

In conjunction with the

above step

202 and 206, the data authorizer may send data authorization information for the private data; wherein, the authorization information in the data authorization information may include authorization status information indicating an unauthorized status. In this case, the authorization information corresponding to the private data stored in the trusted execution environment may be updated based on the authorization information corresponding to the private data in the data authorization information after the verification for the authorization information update passes. Subsequently, after the data call request is received and the authorization information in a valid state stored in the trusted execution environment is determined, since the authorization state in the authorization information is an unauthorized state, the application program is not triggered to perform trusted computation based on the privacy data, so that the authorization for the privacy data is revoked.

In one embodiment, the authorization information corresponding to the private data may include: the number of authorizations remaining.

In this case, after determining that the authorization information in the valid state is stored in the trusted execution environment, it may be further determined whether the remaining number of authorizations in the authorization information is greater than 0. If yes, the application program can be triggered to perform trusted computing based on the private data; in addition, after the trusted computing is completed, the number of remaining authorizations in the authorization information may also be reduced by 1.

It should be noted that the authorization information corresponding to the above-mentioned private data may include one or more of the following information for authentication: an authorization status; the number of authorizations remaining. If the authorization information includes a plurality of types of information for authentication, the application may be triggered to perform trusted computations based on the private data if each type of information is authenticated.

For example, assume that the authorization information corresponding to the private data includes: an authorization status; the number of remaining authorizations; further assume that the following two conditions are both satisfied: (1) the authorization state in the authorization information is an authorized state; (2) the residual authorization times in the authorization information are more than 0; the application may be triggered to perform trusted computations based on the private data and, after the trusted computations are completed, to decrement the remaining number of authorizations in the authorization information by 1.

Corresponding to the embodiments of the data authorization method, the present specification also provides embodiments of a data authorization apparatus.

The embodiment of the data authorization device can be applied to electronic equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation. From a hardware aspect, as shown in fig. 4, the hardware structure diagram of the electronic device in which the data authorization apparatus of this specification is located is shown, except for the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 4, the electronic device in which the apparatus is located in the embodiment may also include other hardware according to the actual function authorized by the data, which is not described again.

Referring to fig. 5, fig. 5 is a block diagram of a data authorization apparatus according to an exemplary embodiment of the present disclosure. The data authorization apparatus 50 may be applied to an electronic device as shown in fig. 4, and the electronic device may be equipped with an electronic device of a trusted execution environment; at least one application is deployed in the trusted execution environment; and the trusted execution environment stores private data participating in trusted computing; when valid authorization information corresponding to the private data is stored in the trusted execution environment, the application program performs trusted calculation based on the private data; the data authorization apparatus 50 may include:

a first receiving module 501, configured to receive data authorization information for the private data sent by the data authorizer; the data authorization information comprises an authorization identifier corresponding to the application program and authorization information corresponding to the privacy data;

a first determining module 502, configured to determine, in the trusted execution environment, whether an authorization identifier corresponding to the application in the data authorization information is the same as an authorization identifier corresponding to the application stored in the trusted execution environment;

if so, the authorization module 503 stores authorization information corresponding to the private data in the data authorization information to the trusted execution environment;

wherein the authorization identifier corresponding to the application program stored in the trusted execution environment is updated each time the application program is restarted; and when the authorization identifier corresponding to the application program stored in the trusted execution environment is updated, the authorization information corresponding to the private data and stored in the trusted execution environment is invalidated, so that the application program performs trusted computing based on the private data when determining that valid authorization information corresponding to the private data and stored in the trusted execution environment is stored.

In this embodiment, the authorization module 503:

In this embodiment, the authorization information corresponding to the private data in the data authorization information includes: an identity credential corresponding to the data authority;

the authorization module 503:

In this embodiment, the identity credential corresponding to the data authorizer includes: a public key of the data authorizer; the data authorization information further includes: the digital signature is obtained by signing the authorization information based on a private key corresponding to the data authorizer;

the authorization module 503:

verifying the digital signature in the data authorization information based on the public key of the data authorizer in the data authorization information;

and if the verification is passed, determining whether the public key of the data authorizer in the data authorization information is the same as the public key of the data authorizer stored in the trusted execution environment.

In this embodiment, the authorization information corresponding to the private data in the data authorization information includes: a data identifier corresponding to the private data;

the authorization module 503:

In this embodiment, the data identifier corresponding to the private data includes: a data summary corresponding to the private data.

In this embodiment, the authorization information corresponding to the private data in the data authorization information includes: a data version corresponding to the private data;

the authorization module 503:

In this embodiment, the apparatus 50 further comprises:

a second receiving module 504, configured to receive a data invocation request for the private data sent by a data invoker;

a second determining module 505, configured to determine, in the trusted execution environment, whether valid authorization information corresponding to the data identifier is stored in the trusted execution environment based on the data identifier corresponding to the private data;

and the calculation module 506, if so, triggers the application program to perform trusted calculation based on the private data.

In this embodiment, the second determining module 505:

determining a data identifier corresponding to the private data stored in the trusted execution environment, and determining whether valid authorization information corresponding to the data identifier is stored in the trusted execution environment.

In this embodiment, the authorization information includes: an authorization status;

the calculation module 506:

In this embodiment, the authorization information includes: the number of remaining authorizations;

the calculation module 506:

The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.

For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.

In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.

Claims

1. A data authorization method is applied to an electronic device loaded with a trusted execution environment; at least one application is deployed in the trusted execution environment; and the trusted execution environment stores private data participating in trusted computing; the method comprises the following steps:

receiving data authorization information aiming at the private data sent by a data authorizer; the data authorization information comprises an authorization identifier corresponding to the application program;

2. The method of claim 1, further comprising:

3. The method of claim 2, the data authorization information further comprising authorization information corresponding to the private data;

4. The method of claim 3, the data authorization information is digitally signed based on a private key of the data authorizer;

5. The method of claim 4, the storing the authorization information in the data authorization information to the trusted execution environment, comprising:

6. The method of claim 5, the authorization information corresponding to the private data comprising an identity credential corresponding to the data authorizer;

7. The method of claim 6, the identity credential comprising a public key of the data authority.

8. The method of claim 5, the authorization information corresponding to the private data comprising a data identification corresponding to the private data;

9. The method of claim 8, the data identification comprising a data digest corresponding to the private data.

10. The method of claim 5, the authorization information corresponding to the private data comprising a data version corresponding to the private data;

11. The method of claim 3, further comprising:

12. The method of claim 11, the authorization information comprising: an authorization status;

13. The method of claim 11, the authorization information comprising: the number of remaining authorizations;

14. A data authorization device is applied to an electronic device carrying a trusted execution environment; at least one application is deployed in the trusted execution environment; and the trusted execution environment stores private data participating in trusted computing; the device comprises:

the first receiving module is used for receiving data authorization information aiming at the private data, which is sent by a data authorizer; the data authorization information comprises an authorization identifier corresponding to the application program;

15. The apparatus of claim 14, the apparatus further comprising:

16. The apparatus of claim 15, the data authorization information further comprising authorization information corresponding to the private data;

the authorization module:

the release module:

17. The apparatus of claim 16, the data authorization information is digitally signed based on a private key of the data authorizer;

the first determination module:

18. The apparatus of claim 17, the authorization module to:

19. The apparatus of claim 18, the authorization information corresponding to the private data comprising an identity credential corresponding to the data authorizer;

the authorization module:

20. The apparatus of claim 19, the identity credential comprising a public key of the data authority.

21. The apparatus of claim 18, the authorization information corresponding to the private data comprising a data identification corresponding to the private data;

the authorization module:

22. The apparatus of claim 21, the data identification comprising a data digest corresponding to the private data.

23. The apparatus of claim 18, the authorization information corresponding to the private data comprising a data version corresponding to the private data;

the authorization module:

24. The apparatus of claim 14, the apparatus further comprising:

25. The apparatus of claim 24, the authorization information comprising: an authorization status;

the calculation module:

26. The apparatus of claim 24, the authorization information comprising: the number of remaining authorizations;

the calculation module:

27. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of any one of claims 1 to 13 by executing the executable instructions.

28. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method of any one of claims 1 to 13.