CN114338166A

CN114338166A - Edge device risk processing method, device, equipment and cloud server

Info

Publication number: CN114338166A
Application number: CN202111636138.7A
Authority: CN
Inventors: 杜少华; 孔金灿; 邹银超; 秦承刚
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2021-12-29
Filing date: 2021-12-29
Publication date: 2022-04-12
Anticipated expiration: 2041-12-29
Also published as: CN114338166B

Abstract

The embodiment of the specification discloses a method, a device and equipment for processing risk of edge equipment and a cloud server. The scheme can comprise the following steps: after first alarm information which is generated by an anti-disassembly device arranged at an edge device and used for prompting that the edge device is disassembled is obtained, first risk processing operation is executed for the edge device, so that the edge device and a cloud server are forbidden to continue credible data interaction.

Description

Edge device risk processing method, device, equipment and cloud server

Technical Field

The application relates to the technical field of edge computing, in particular to a method, a device, equipment and a cloud server for processing edge equipment risks.

Background

Edge Computing (Edge Computing) may refer to a Computing mode in which an Edge device integrating network, Computing, storage, and application core capabilities provides a service response nearby on a side close to an object or a data source to meet the needs of the industry in real-time services, application intelligence, security, privacy protection, and the like. The edge devices can also interact with the cloud server so as to utilize the cloud computing capability of the cloud server to collect and analyze data at each edge device. At present, because the edge device may be deployed in an untrusted physical environment, part of the edge device may be physically attacked by a lawless person, so that the edge device and the cloud server may have risks of privacy disclosure and service tampering, and security of edge computing is affected.

Therefore, how to guarantee the safety of edge calculation when the edge device faces the risk of physical attack becomes a technical problem to be solved urgently.

Disclosure of Invention

The method, the device, the equipment and the cloud server for processing the edge equipment risk are used for guaranteeing the safety of edge computing when the edge equipment faces physical attack risk.

In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:

an edge device risk processing method provided in an embodiment of the present specification includes:

acquiring first alarm information generated by an anti-dismantling device arranged at an edge device, wherein the first alarm information is used for prompting that the edge device is dismantled;

according to the first alarm information, executing a first risk processing operation aiming at the edge device, wherein the first risk processing operation is used for forbidding the edge device and a cloud server to carry out credible data interaction.

the method comprises the steps that a cloud server obtains alarm information sent by edge equipment, wherein the alarm information is used for prompting that the edge equipment is detached, and the alarm information is generated based on an anti-detachment device arranged at the edge equipment;

and refusing to perform trusted data interaction with the edge equipment according to the alarm information.

An edge device risk processing apparatus provided in an embodiment of the present specification includes:

the system comprises an acquisition module, a judgment module and a display module, wherein the acquisition module is used for acquiring first alarm information generated by an anti-dismantling device arranged at an edge device, and the first alarm information is used for prompting that the edge device is dismantled;

and the first risk processing module is used for executing a first risk processing operation aiming at the edge device according to the first alarm information, wherein the first risk processing operation is used for forbidding the edge device and a cloud server to perform trusted data interaction.

the system comprises an acquisition module, a processing module and a display module, wherein the acquisition module is used for enabling a cloud server to acquire alarm information sent by edge equipment, the alarm information is used for prompting that the edge equipment is detached, and the alarm information is generated based on an anti-detachment device arranged at the edge equipment;

and the risk processing module is used for refusing to perform credible data interaction with the edge equipment according to the alarm information.

An edge device risk processing device provided by an embodiment of the present specification includes:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein,

the memory stores instructions executable by the at least one processor to enable the at least one processor to:

An embodiment of this specification provides a handle cloud server of edge device risk, includes:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein,

acquiring alarm information sent by edge equipment, wherein the alarm information is used for prompting that the edge equipment is disassembled, and the alarm information is generated based on an anti-disassembling device arranged at the edge equipment;

At least one embodiment provided in the present specification can achieve the following advantageous effects:

after first alarm information which is generated by an anti-disassembly device arranged at an edge device and used for prompting that the edge device is disassembled is obtained, first risk processing operation is executed for the edge device to forbid the edge device and a cloud server from continuing trusted data interaction, so that adverse effects on the safety and the credibility of edge computing due to tampering of services at the edge device after the edge device is physically attacked can be avoided, and the safety and the credibility of data at the cloud server can be guaranteed.

Drawings

In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.

Fig. 1 is a schematic flow chart of an overall scheme of an edge device risk processing method in an embodiment of the present specification;

fig. 2 is a schematic flowchart of a risk processing method for an edge device according to an embodiment of the present disclosure;

fig. 3 is a schematic flowchart of another edge device risk processing method provided in an embodiment of the present disclosure;

FIG. 4 is a schematic lane flow diagram corresponding to the edge device risk processing method in FIGS. 2 and 3 according to an embodiment of the present disclosure;

fig. 5 is a schematic structural diagram of an edge device risk processing apparatus corresponding to fig. 2 provided in an embodiment of the present disclosure;

fig. 6 is a schematic structural diagram of an edge device risk processing apparatus corresponding to fig. 3 provided in an embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of an edge device risk processing device corresponding to fig. 2 provided in an embodiment of the present specification;

fig. 8 is a schematic structural diagram of a cloud server for handling the edge device risk according to an embodiment of the present disclosure, which corresponds to fig. 3.

Detailed Description

To make the objects, technical solutions and advantages of one or more embodiments of the present disclosure more apparent, the technical solutions of one or more embodiments of the present disclosure will be described in detail and completely with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present specification, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from the embodiments given herein without making any creative effort fall within the scope of protection of one or more embodiments of the present specification.

The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.

In the prior art, edge devices (edge devices) are used as infrastructure of edge computing, the number of the edge devices is large, deployment positions are scattered, and therefore it is very difficult to provide security protection for the edge devices, and physical illegal disassembly attacks occur occasionally, which may cause disclosure of private data at the edge devices, and even more may cause threats to the secure operation of the cloud server due to tampering of services at the edge devices.

At present, an anti-tamper device may be generally disposed at an edge device to detect a physical attack, and data collected by the edge device is destroyed after the physical attack is detected, so as to ensure security of private data at the edge device, but it is impossible to avoid that an illegal edge device, whose service is tampered, accesses an edge computing network to attack a cloud server, so that security of edge computing cannot be ensured.

In order to solve the defects in the prior art, the scheme provides the following embodiments:

fig. 1 is a schematic flow chart of an overall scheme of an edge device risk processing method in an embodiment of the present specification.

As shown in fig. 1, each of the

edge devices

101, 102, 103, etc. may be in communication connection with the cloud server 104, the edge device 101 may also be in communication connection with the edge device 102, and the edge device 102 may also be in communication connection with the edge device 103, so as to form an edge computing network. The edge device may be deployed with a data processing model to process data collected from each monitored device (not shown in fig. 1), and upload the collected data and/or data processing results to the cloud server, so that the cloud server stores, counts, and processes the data.

Wherein, each edge device can be provided with a tamper evident device. Supposing that a lawbreaker performs a detachment operation on the edge device 101, the anti-detachment apparatus at the edge device 101 is triggered, so that the anti-detachment apparatus generates alarm information for prompting that the edge device 101 is detached, after the edge device 101 acquires the alarm information, the risk processing operation can be performed on the edge device 101, so as to prohibit the edge device 101 from continuing to perform trusted data interaction with the cloud server 104, thereby avoiding adverse effects on the security and credibility of the edge calculation due to tampering of the service at the edge device, and ensuring the security and credibility of the data at the cloud server.

Next, an edge device risk processing method provided in an embodiment of the specification will be specifically described with reference to the accompanying drawings:

fig. 2 is a schematic flowchart of an edge device risk processing method according to an embodiment of the present disclosure. From a procedural point of view, the execution subject of the flow may be the edge device, or an application program hosted at the edge device. As shown in fig. 2, the process may include the following steps:

step 202: the method comprises the steps of obtaining first alarm information generated by an anti-dismantling device arranged at the edge equipment, wherein the first alarm information is used for prompting that the edge equipment is dismantled.

In the embodiments of the present specification, the detachment prevention device may refer to an alarm device for detecting a detachment or opening behavior with respect to the edge device. The anti-dismantling device can comprise an anti-dismantling structure and an anti-dismantling single chip microcomputer detection system; the anti-detaching device can be arranged at a position of the edge equipment with anti-detaching detection requirements, such as the inner side of a shell of the edge equipment, or a control panel of the edge equipment, so that when a user detaches the shell or the control panel of the edge equipment, the anti-detaching structure is triggered; the anti-dismantling single chip microcomputer detection system can identify the trigger operation aiming at the anti-dismantling structure, if the trigger operation is identified, first alarm information used for prompting that the edge equipment is dismantled can be generated, and the first alarm information is sent, so that the edge equipment can acquire the first alarm information.

In practical application, the anti-dismantling device can also be provided with an anti-dismantling switch, so that the anti-dismantling device can be opened for anti-dismantling monitoring and alarming according to actual requirements, or the anti-dismantling device can be closed for stopping the anti-dismantling monitoring and alarming.

Step 204: according to the first alarm information, executing a first risk processing operation aiming at the edge device, wherein the first risk processing operation is used for forbidding the edge device and a cloud server to carry out credible data interaction.

In the embodiment of the present specification, after an illegal person illegally detaches an edge device, the illegal person may tamper with a service that can be provided by an application program at the edge device, which not only affects the security of local data of the edge device, but also may attack a cloud server to steal data, encroach on computing and storage resources at the cloud server, or cause a cloud server to crash.

Therefore, after the edge device acquires the first alarm information, the edge device can perform the first risk processing operation by itself to prohibit the edge device from continuing to perform trusted data interaction with the cloud server, so that the expansion and spread of risks are prevented, and risks and influences brought by attack behaviors of lawbreakers are controlled within a minimum range to ensure the normal operation of the edge computing network. The trusted data interaction may refer to an interaction behavior for transmitting, processing, accessing and storing the trusted data. However, if the transmitted data or request is not trusted, it cannot be trusted data interaction, and it can only be referred to as data interaction.

In the method in fig. 2, after first alarm information generated by an anti-tamper device provided at an edge device and used for prompting that the edge device has been detached is acquired, a first risk processing operation is executed for the edge device to prohibit the edge device and a cloud server from continuing to perform trusted data interaction, so that after the edge device is physically attacked, adverse effects on the security and the credibility of edge computing due to tampering of a service at the edge device can be avoided, and the security and the credibility of data at the cloud server can be ensured.

Based on the method in fig. 2, some specific embodiments of the method are also provided in the examples of this specification, which are described below.

In the embodiments of the present description, there are various implementation manners for prohibiting the edge device from performing trusted data interaction with the cloud server. For example, the first implementation: and enabling the cloud server to refuse to process the data interaction information sent by the edge device. The implementation mode two is as follows: and the edge device cannot send data interaction information to the cloud server.

For convenience of understanding, the foregoing implementation manner for prohibiting the edge device from performing trusted data interaction with the cloud server is explained.

Implementation mode one

Identity security in edge computing is very important, the cloud server can perform identity verification on the edge device or information sent by the edge device, and if the verification is passed, the edge device or the information sent by the edge device can be represented to be trusted, so that the cloud server and the edge device perform trusted data interaction. Since an attacker may perform intrusive detection on the edge device and install malicious software, identity information in the edge device may be tampered and eavesdropped, which affects the credibility and security of edge computing. Based on the method, the cloud server can refuse to process the data interaction information sent by the edge device by destroying the credible identity information of the edge device, so that the safety of edge computing is ensured.

If the identity is verified based on the key information, step 204: according to the first alarm information, a first risk processing operation is performed on the edge device, which may specifically include:

and deleting key information in trusted hardware at the edge device according to the first alarm information, wherein the key information is used for performing trusted verification on data transmitted between the edge device and the cloud server.

In the embodiment of the present specification, the Trusted hardware is one of the important bases of Trusted computing, and a Trusted Execution Environment (TEE) can be built on the hardware device based on the Trusted hardware to protect program codes and data in the Trusted hardware from being disclosed and modified, so as to ensure privacy and security of the data in the Trusted hardware. The trusted hardware can be realized by adopting a trusted chip and is deployed in a control board of the edge device.

In practical applications, the manufacturer of the trusted hardware may assign at least one Master Key (Terminal Master Key) to each trusted hardware, and store the Master Key in the trusted hardware. When the edge device performs trusted data interaction with the cloud server, the trusted hardware may generate a working key (also referred to as a data key) based on the specified master key and store the working key in the trusted hardware. The working key may be a symmetric key or an asymmetric key in the form of a public-private key pair, which is not particularly limited.

The trusted hardware can perform digital signature on the data interaction request and the trusted data of the edge device by using the working secret key, so that the cloud server can perform identity verification based on the digital signature carried by the data interaction request and the trusted data conveniently, and the credibility of the data interaction behavior is ensured. Of course, the working key may also be used to encrypt the data interaction request and the trusted data of the edge device, so as to ensure the security of the data during transmission.

In practical applications, the working key may need to be changed frequently, for example, once a day, to reduce the risk of leakage of the working key, and therefore, the trusted hardware may include a plurality of key information. When the key information in the trusted hardware is deleted, at least the master key in the trusted hardware should be deleted, so that the lawless person cannot continue to generate the working keys.

In this embodiment of the present description, after deleting key information in trusted hardware at the edge device, even though a lawbreaker can send a data interaction request and data to the cloud server by using the edge device, the lawbreaker cannot pass identity verification at the cloud server, so that the cloud server does not respond to the data interaction request of the edge device, and does not process the data sent by the edge device, thereby ensuring security of edge computing.

In this embodiment, the manufacturer of the trusted hardware may also assign different Unique Device Identifier (UDID) to each trusted hardware, where the Unique Device Identifier has security attributes that are not falsifiable, not forged, and globally Unique. The device unique identification information of the trusted hardware can also be stored in the trusted hardware, and the device unique identification information can be used as a trusted certificate of the edge device, so that the edge device can perform identity verification at the cloud server based on the device unique identification information.

Based on this, step 204: according to the first alarm information, a first risk processing operation is executed for the edge device, and the method may further include:

and deleting the equipment unique identification information in the trusted hardware according to the first alarm information.

In this specification, when the edge device performs data interaction with the cloud server, the unique device identification information of the trusted hardware needs to be sent to the cloud server, and the cloud server can indicate that the edge device is trusted after the unique device identification information is verified, so that trusted data interaction can be performed with the edge device. Therefore, after the unique device identification information in the trusted hardware at the edge device is deleted, even if lawbreakers can send data interaction requests and data to the cloud server by using the edge device, identity verification at the cloud server cannot be passed, so that the cloud server cannot respond to the data interaction requests of the edge device, and cannot process the data sent by the edge device, thereby ensuring the security of edge computing.

In this embodiment, in addition to deleting the device unique identifier information in the trusted hardware, the edge device may actively send, to the cloud server, information that prompts that the edge device bound by the device unique identifier information (that is, the edge device loaded with the trusted hardware to which the device unique identifier information belongs) has been detached, so that the cloud server can timely know that the edge device bound by the device unique identifier information is not trusted, and thus the trustworthiness of the edge computing is ensured.

Thus, step 204: performing a first risk processing operation for the edge device, may further include:

and generating second alarm information according to the unique equipment identification information, wherein the second alarm information is used for prompting that the edge equipment bound with the unique equipment identification information is detached.

And sending the second alarm information to the cloud server, wherein the cloud server is used for refusing the equipment bound with the equipment unique identification information to perform trusted data interaction according to the second alarm information.

In the embodiment of the present specification, the core concept of out-of-band management (out-of-band) is to transmit management control information (e.g., second alarm information) and user traffic information (e.g., trusted data) through different information transmission channels, so that the management network and the data network are independent and do not affect each other. Therefore, even if the data network fails or the equipment is down, the manager can still use the special management network to perform centralized monitoring, management and maintenance on the edge equipment based on the out-of-band management system. Therefore, the out-of-band management mode can improve the emergency processing capacity for dealing with sudden failures.

Based on this, the edge device may send the second alarm information to the out-of-band management system at the cloud server by using a preset out-of-band channel.

In this embodiment, an out-of-band management system may be further disposed at the edge device, and the out-of-band management system at the cloud server and the out-of-band management system at the edge device may communicate with each other through a preset out-of-band channel. The out-of-band management system at the edge device may be implemented based on an arm (advanced RISC machines) processor, and of course, may also be implemented based on other micro processors or single chip microcomputer systems, which is not particularly limited.

The out-of-band management system at the edge device can generate second alarm information carrying the unique device identification information of the trusted hardware by using a preset protocol, and does not need to call the unique device identification information in the trusted hardware to generate the second alarm information, so that even if the unique device identification information in the trusted hardware is deleted, the edge device can still generate and report the second alarm information to the cloud server. Therefore, the unique identification information of the equipment in the trusted hardware can be deleted in time, so that the safety of edge computing is ensured.

In practical applications, the core idea of in-band management (in-band) is to transmit management control information and user service information through the same information transmission channel, and therefore, the second alarm information may also be sent to the cloud server based on an in-band management system at the edge device.

In the embodiment of the present specification, in order to improve the safety of the edge device, the first risk processing operation should be performed in time, which needs to ensure the electric energy required by the edge device to perform the first risk processing operation. In order to prevent a lawbreaker from stopping the execution of the first risk processing operation by cutting off the power supply to the edge device, a power supply may be provided for the detachment prevention means.

Based on this, step 204: according to the first alarm information, a first risk processing operation is performed on the edge device, which may specifically include:

and if the edge equipment is in a power-off state, namely the power supply at the edge equipment does not work and cannot supply power to the edge equipment, executing first risk processing operation aiming at the edge equipment according to the first alarm information based on the electric energy provided by the power supply of the anti-dismounting device.

And if the edge device is in a power supply state, that is, the power supply at the edge device works normally and can supply power to the edge device, then a first risk processing operation is executed for the edge device according to the first alarm information based on the electric energy provided by the power supply of the edge device or the electric energy provided by the power supply of the anti-detachment device.

In this embodiment of the present specification, since the trusted hardware at the edge device needs to perform the first risk processing operation for deleting the terminal key information and the unique device identification information of the trusted hardware, the power supply of the tamper resistant device can be connected to the trusted hardware, so that the trusted hardware can perform the first risk processing operation based on the electric energy provided by the power supply of the tamper resistant device; certainly, the anti-tamper singlechip detection system can also generate and send first alarm information by using the electric energy provided by the power supply of the anti-tamper device; therefore, the edge device risk processing method provided in the embodiment of the specification can be executed without depending on the power supply of the edge device. Based on this, even if a lawless person cuts off the power supply of the edge device, the method in the embodiment of the present specification can be implemented to secure the safety of the edge calculation.

Implementation mode two

The application security in the edge computing is the core of security protection, and since lawless persons may tamper with the service of the edge device to steal data or attack the cloud server, the security of the edge computing is affected. Based on this, the application program or the data transmission channel at the edge device can be damaged, so that the edge device cannot send data interaction information to the cloud server, and the security of edge computing is further ensured.

Specifically, step 204: according to the first alarm information, performing a first risk processing operation for the edge device may include:

and closing a data channel used for transmitting trusted data between the edge device and the cloud server according to the first alarm information.

Closing a data channel used for transmitting trusted data between the edge device and the cloud server may specifically include:

deleting a trusted application program in a trusted execution environment of the edge device, wherein the edge device performs trusted data interaction with the cloud server through the trusted application program; or,

and disabling a specified application program interface of the trusted execution environment, and performing trusted data interaction on the edge device and the cloud server through the specified application program interface.

In this specification embodiment, at the edge device, in addition to the trusted execution environment that may be provided in the trusted hardware, another trusted execution environment may be provided in the edge device, and the another trusted execution environment is not necessarily implemented based on the trusted hardware, and thus is a different trusted execution environment than the trusted execution environment in the trusted hardware.

Due to the limited storage space of the Trusted hardware, the application for Trusted data interaction with the cloud server may be deployed in the other Trusted execution environment as a Trusted Application (TA).

Although the trusted execution environment can avoid the trusted application program from being tampered, in order to avoid the risk caused by the exposure of the trusted application program due to the fact that a lawbreaker cracks the trusted execution environment, after the first alarm information is received, the trusted application program in the trusted execution environment of the edge device can be directly deleted, so that the leakage of the trusted application program is avoided, even if the lawbreaker cracks the trusted execution environment of the edge device, the trusted application program cannot be obtained, and further data interaction with the cloud server cannot be carried out, and the security of edge computing is favorably improved.

In this embodiment of the specification, a trusted Software Development Kit (SDK) may also be loaded in the trusted execution environment, and a user may download an installation package, an algorithm model, and the like of the trusted application program from the cloud server based on the trusted Software Development Kit. Therefore, in order to avoid that a lawbreaker reinstalls a trusted application based on the trusted software development kit after deleting the trusted application, the trusted software development kit in the trusted execution environment may also be deleted.

In practical applications, the trusted execution environment may allocate an Application Programming Interface (API) to the trusted Application program, so that the trusted Application program establishes a data channel between the distributed trusted Application program Interface and the cloud server to transmit user service information. In order to prevent lawbreakers from attacking the cloud server by using the trusted application program interface and the data channel after the trusted execution environment is cracked, the trusted application program interface (namely, the designated application program interface) of the trusted execution environment, which is allocated for the trusted application program, can be forbidden after the first alarm information is received, so that the data channel between the edge device and the cloud server is completely cut off, and the security of edge computing is ensured.

In the embodiment of the present specification, since edge computation may be performed at an edge device, some models built based on algorithms may need to be deployed in a trusted execution environment at the edge device. In order to prevent lawbreakers from cracking the trusted execution environment to steal the model data, after the first alarm information is obtained in step 202, the following steps may be performed:

and executing a second risk processing operation aiming at the edge device according to the first alarm information, wherein the second risk processing operation is used for deleting target model data in the trusted execution environment. The target model data may include a model built based on a target algorithm, or may include input data and output data of the model, which is not particularly limited.

In the embodiments of the present disclosure, as the blockchain technology is continuously developed, the edge calculation technology and the blockchain technology are also used together to ensure the credibility of the data.

Based on this, the cloud server may be a blockchain edge node in a blockchain network; and the edge device can communicate with the blockchain edge node for data interaction. The edge device may be a node in the blockchain network (i.e., an uplink node) or a node outside the blockchain network (i.e., an downlink node), which is not specifically limited. At this time, the first risk processing operation may be configured to prohibit the edge device from acquiring trusted data from the blockchain network, or the first risk processing operation may be configured to prohibit the edge device from storing trusted data into the blockchain network, or the first risk processing operation may be further configured to prohibit the edge device from requesting the blockchain network to perform a data processing operation on the trusted data.

The Block chain (Block chain) may be understood as a data chain formed by sequentially storing a plurality of blocks, and a Block header of each Block includes a time stamp of the Block, a hash value of previous Block information, and a hash value of the Block information, so as to implement mutual authentication between the blocks and form a non-falsifiable Block chain. Each block can be understood as a data block (unit of storage data). The block chain as a decentralized database is a series of data blocks generated by correlating with each other by using a cryptographic method, and each data block contains information of one network transaction, which is used for verifying the validity (anti-counterfeiting) of the information and generating the next block. The block chain is formed by connecting the blocks end to end. If the data in the block needs to be modified, the contents of all blocks after the block need to be modified, and the data backed up by all nodes in the block chain network needs to be modified. Therefore, the blockchain has the characteristic of being difficult to tamper and delete, and the blockchain has reliability as a method for keeping the integrity of the content after the data is stored in the blockchain. Therefore, the cloud server is used as a block chain edge node, so that the credibility and traceability of data at the cloud server are ensured.

Based on the same idea as the scheme shown in fig. 2, the embodiment of the present specification further provides another edge device risk processing method. Fig. 3 is a schematic flowchart of another edge device risk processing method provided in an embodiment of the present disclosure. The execution main body of the process can be a cloud server, or an application program carried by the cloud server. As shown in fig. 3, the process may include:

step 302: the method comprises the steps that a cloud server acquires alarm information sent by edge equipment, the alarm information is used for prompting that the edge equipment is detached, and the alarm information is generated based on an anti-detaching device arranged at the edge equipment.

In this embodiment of the present specification, the alarm information acquired by the cloud end server in step 302 may be the second alarm information mentioned in the embodiment of the method in fig. 2. The alarm information may be generated according to the device unique identification information of the trusted hardware at the edge device, and the alarm information may be used to prompt that the edge device bound to the device unique identification information is detached, which is not described herein again.

In practical applications, the cloud server may use the out-of-band management system to perform operation and maintenance management on the edge device, so step 302: the cloud server acquires alarm information sent by the edge device, and specifically may include: and acquiring alarm information sent by the edge equipment from a preset out-of-band channel by using an out-of-band management system at the cloud server.

Step 304: and refusing to perform trusted data interaction with the edge equipment according to the alarm information.

In this embodiment of the present specification, the alarm information may carry device unique identification information of trusted hardware at the edge device, and the device unique identification information may be used as a trusted certificate of the edge device. Thus, step 304: according to the alarm information, refusing to perform trusted data interaction with the edge device, specifically, the method may include:

and deleting the unique identification information of the equipment from the trusted equipment list.

And receiving a data interaction request which is sent by the target edge device and carries the unique identification information of the target device.

And judging whether the trusted device list stores the unique identification information of the target device or not to obtain a second judgment result.

And if the second judgment result shows that the unique identification information of the target equipment is not stored in the trusted equipment list, refusing to perform trusted data interaction with the target edge equipment. For example, processing of a data processing request, a data obtaining request, and a data storing request sent by the target edge device is rejected, or a data transmission channel between the target edge device and the target edge device is closed, where the data transmission channel is different from a preset out-of-band channel.

And if the second judgment result shows that the unique identification information of the target equipment is stored in the trusted equipment list, allowing trusted data interaction with the target edge equipment.

In the method in fig. 3, after the edge device is detached, the detached alarm information of the edge device is fed back to the cloud server, so that the cloud server knows the risk existing at the edge device, and further, the cloud server refuses to perform trusted data interaction with the edge device, so that adverse effects on the security and the credibility of data at the cloud server due to tampering of the service at the edge device are avoided, and the security and the credibility of the edge calculation are favorably ensured.

Based on the method in fig. 3, some specific embodiments of the method are also provided in the examples of this specification, which are described below.

In the embodiment of the present specification, when an operator overhauls an edge device, the operator may also trigger the edge device to send alarm information to the cloud server, but the edge device may still be in a safe operation state at this time, and therefore, in order to respond to a trusted data interaction request of the edge device in time, the operator may also send overhaul information for the edge device to the cloud server through the out-of-band management system in advance, so that even after the alarm information of the edge device is obtained, trusted data interaction is still performed with the edge device, so as to ensure stable operation of edge computing.

Specifically, step 304: before refusing to perform trusted data interaction with the edge device according to the alarm information, the method may further include: and judging whether the maintenance information aiming at the edge equipment is received by the out-of-band management system or not to obtain a first judgment result.

And if the first judgment result shows that the maintenance information aiming at the edge equipment is not received based on the out-of-band management system, refusing to carry out credible data interaction with the edge equipment according to the alarm information.

And if the first judgment result shows that the maintenance information aiming at the edge equipment is received based on the out-of-band management system, continuing to perform trusted data interaction with the edge equipment according to the alarm information.

In an embodiment of the present specification, the cloud server may be a blockchain edge node in a blockchain network.

Correspondingly, the refusing to perform trusted data interaction with the edge device according to the alarm information may specifically include:

according to the alarm information, the edge device is prohibited from acquiring trusted data from the block chain network; or,

and according to the alarm information, prohibiting the edge device from storing trusted data into the block chain network.

FIG. 4 is a schematic lane flow chart corresponding to the edge device risk processing method shown in FIG. 2 and FIG. 3 according to an embodiment of the present disclosure. As shown in fig. 4, the edge risk processing flow may involve execution subjects such as an edge device and a cloud server.

In the risk detection stage, after an anti-dismantling device arranged at the edge equipment is triggered, whether the edge equipment is in a power-off state or not can be judged, if yes, electric energy provided by a power supply of the anti-dismantling device is utilized to generate first alarm information; if not, generating first alarm information by using electric energy provided by the power supply of the edge device. And sending first alarm information to the edge device.

In the risk processing stage, the trusted hardware at the edge device may delete the key information and the device unique identification information in the trusted hardware at the edge device by using the power provided by the power supply of the edge device or the power provided by the power supply of the tamper resistant apparatus.

The edge device can also disable a designated application program interface of the trusted execution environment of the edge device, and delete the trusted application program and the target model data in the trusted execution environment. And generating second alarm information according to the unique equipment identification information of the trusted hardware, and sending the second alarm information to a cloud server by using a preset out-of-band channel.

The cloud server can delete the unique equipment identification information from the trusted equipment list, subsequently, if a data interaction request which is sent by the target edge equipment and carries the unique target equipment identification information is received, whether the unique target equipment identification information is stored in the trusted equipment list or not is judged, and if not, trusted data interaction with the target edge equipment is refused; and if so, carrying out trusted data interaction with the target edge device.

Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method. Fig. 5 is a schematic structural diagram of an edge device risk processing apparatus corresponding to fig. 2 provided in an embodiment of the present disclosure. As shown in fig. 5, the apparatus may include:

an obtaining module 502, configured to obtain first alarm information generated by an anti-tamper device set at an edge device, where the first alarm information is used to prompt that the edge device has been detached.

A first risk processing module 504, configured to execute, according to the first alarm information, a first risk processing operation for the edge device, where the first risk processing operation is used to prohibit the edge device from performing trusted data interaction with a cloud server.

The examples of this specification also provide some specific embodiments of the apparatus based on the apparatus of fig. 5, which is described below.

Optionally, trusted hardware is disposed at the edge device, key information and device unique identification information of the trusted hardware are stored in the trusted hardware, the key information is used for performing trusted verification on data transmitted between the edge device and the cloud server, and the device unique identification information is used as a trusted certificate of the edge device.

Correspondingly, the first risk processing module 504 may be specifically configured to:

And sending the second alarm information to the cloud server, wherein the cloud server is used for refusing the equipment bound with the equipment unique identification information to perform trusted data interaction according to the second alarm information. Specifically, the second alarm information may be sent to an out-of-band management system at the cloud server by using a preset out-of-band channel.

And deleting the key information and the equipment unique identification information stored in the trusted hardware according to the first alarm information.

Optionally, the tamper evident device may include a power source.

The first risk processing module 504 may be specifically configured to:

and if the edge equipment is in a power-off state, executing first risk processing operation aiming at the edge equipment according to the first alarm information based on the electric energy provided by the power supply.

Optionally, the first risk processing module 504 may be specifically configured to:

For example, deleting a trusted application program in a trusted execution environment of the edge device, wherein the edge device performs trusted data interaction with the cloud server through the trusted application program; or,

Optionally, the apparatus shown in fig. 5 may further include:

and the second risk processing module is used for executing second risk processing operation aiming at the edge equipment according to the first alarm information, and the second risk processing operation is used for deleting target model data in the trusted execution environment.

Optionally, the cloud server is a block chain edge node in a block chain network; the first risk processing operation may be configured to prohibit the edge device from obtaining trusted data from the blockchain network, or the first risk processing operation may be configured to prohibit the edge device from storing trusted data into the blockchain network.

Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method. Fig. 6 is a schematic structural diagram of an edge device risk processing apparatus corresponding to fig. 3 provided in an embodiment of the present disclosure. As shown in fig. 6, the apparatus may include:

an obtaining module 602, configured to enable a cloud server to obtain alarm information sent by an edge device, where the alarm information is used to prompt that the edge device has been detached, and the alarm information is generated based on an anti-detaching device set at the edge device.

And the risk processing module 604 is configured to refuse to perform trusted data interaction with the edge device according to the alarm information.

The examples of this specification also provide some specific embodiments of the apparatus based on the apparatus of fig. 6, which is described below.

Optionally, the obtaining module 602 may be specifically configured to:

and acquiring alarm information sent by the edge equipment from a preset out-of-band channel by using an out-of-band management system at the cloud server.

Optionally, the apparatus of fig. 6 may further include:

and the first judgment module is used for judging whether the maintenance information aiming at the edge equipment is received based on the out-of-band management system or not to obtain a first judgment result.

The risk processing module 604 may be specifically configured to:

Optionally, the alarm information may carry device unique identification information of trusted hardware at the edge device; the device unique identification information is used as a trusted certificate of the edge device.

Correspondingly, the risk processing module 604 may be specifically configured to:

And if the second judgment result shows that the unique identification information of the target equipment is not stored in the trusted equipment list, refusing to perform trusted data interaction with the target edge equipment.

Optionally, the cloud server is a blockchain edge node in a blockchain network.

Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method.

Fig. 7 is a schematic structural diagram of an edge device risk processing device corresponding to fig. 2 provided in an embodiment of the present specification. As shown in fig. 7, the apparatus 700 may include:

at least one processor 710; and the number of the first and second groups,

a memory 730 communicatively coupled to the at least one processor; wherein,

the memory 730 stores instructions 720 executable by the at least one processor 710 to enable the at least one processor 710 to:

the method comprises the steps of obtaining first alarm information generated by an anti-dismantling device arranged at the edge equipment, wherein the first alarm information is used for prompting that the edge equipment is dismantled.

Fig. 8 is a schematic structural diagram of a cloud server for handling the edge device risk according to an embodiment of the present disclosure, which corresponds to fig. 3. As shown in fig. 8, the apparatus 800 may include:

at least one processor 810; and the number of the first and second groups,

a memory 830 communicatively coupled to the at least one processor; wherein,

the memory 830 stores instructions 820 executable by the at least one processor 810 to enable the at least one processor 810 to:

the method comprises the steps of obtaining alarm information sent by the edge device, wherein the alarm information is used for prompting that the edge device is detached, and the alarm information is generated based on an anti-detaching device arranged at the edge device.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatuses shown in fig. 7 and 8, since they are substantially similar to the method embodiments, the description is simple, and the relevant points can be referred to the partial description of the method embodiments.

In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital character system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate a dedicated integrated circuit chip. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.

The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims

1. An edge device risk processing method includes:

2. The method of claim 1, wherein trusted hardware is disposed at the edge device, and the trusted hardware stores therein key information for performing trusted verification on data transmitted between the edge device and the cloud server;

the executing, according to the first alarm information, a first risk processing operation for the edge device specifically includes:

and deleting the key information in the trusted hardware according to the first alarm information.

3. The method of claim 2, the trusted hardware further storing therein device unique identification information of the trusted hardware, the device unique identification information being used as a trusted credential of the edge device;

the executing a first risk processing operation for the edge device according to the first alarm information further includes:

4. The method of claim 3, the performing a first risk processing operation for the edge device based on the first alert information, further comprising:

generating second alarm information according to the unique equipment identification information, wherein the second alarm information is used for prompting that the edge equipment bound with the unique equipment identification information is detached;

5. The method according to claim 4, wherein the sending the second alarm information to the cloud server specifically includes:

and sending the second alarm information to an out-of-band management system at the cloud server by using a preset out-of-band channel.

6. The method of claim 3, the tamper evident device comprising a power source;

7. The method according to claim 1, wherein the performing, according to the first alarm information, a first risk processing operation for the edge device specifically includes:

8. The method according to claim 7, wherein the closing a data channel between the edge device and the cloud server for transmitting trusted data includes:

9. The method of claim 8, after acquiring the first alarm information generated by the tamper-evident device disposed at the edge device, further comprising:

and executing a second risk processing operation aiming at the edge device according to the first alarm information, wherein the second risk processing operation is used for deleting target model data in the trusted execution environment.

10. The method of any of claims 1-9, the cloud server being a blockchain edge node in a blockchain network;

the first risk processing operation is configured to prohibit the edge device from acquiring trusted data from the blockchain network, or prohibit the edge device from storing trusted data into the blockchain network.

11. An edge device risk processing method includes:

12. The method according to claim 11, wherein the cloud server obtains the alarm information sent by the edge device, and specifically includes:

13. The method of claim 12, before denying trusted data interaction with the edge device based on the alert information, further comprising:

judging whether the maintenance information aiming at the edge equipment is received by the out-of-band management system or not to obtain a first judgment result;

the refusing to perform trusted data interaction with the edge device according to the alarm information specifically includes:

14. The method of claim 11, wherein the alarm information carries device unique identification information of trusted hardware at the edge device; the device unique identification information is used as a trusted certificate of the edge device;

deleting the device unique identification information from a trusted device list;

receiving a data interaction request which is sent by target edge equipment and carries the unique identification information of the target equipment;

judging whether the trusted device list stores the unique identification information of the target device or not to obtain a second judgment result;

15. The method of any of claims 11-14, the cloud server being a blockchain edge node in a blockchain network;

16. An edge device risk processing apparatus comprising:

17. The apparatus according to claim 16, the edge device having trusted hardware disposed thereon, the trusted hardware having stored therein key information and device unique identification information of the trusted hardware, the key information being used for trusted verification of data transmitted between the edge device and the cloud server, the device unique identification information being used as a trusted credential of the edge device;

the first risk processing module is specifically configured to:

sending the second alarm information to the cloud server, wherein the cloud server is used for refusing the equipment bound with the equipment unique identification information to perform trusted data interaction according to the second alarm information;

18. The apparatus of claim 16, wherein the first risk processing module is specifically configured to:

19. The apparatus of claim 18, further comprising:

20. The apparatus of any of claims 16-19, the cloud server being a blockchain edge node in a blockchain network;

21. An edge device risk processing apparatus comprising:

22. The apparatus according to claim 11, wherein the alarm information carries device unique identification information of trusted hardware at the edge device; the device unique identification information is used as a trusted certificate of the edge device;

the risk processing module is specifically configured to:

23. The apparatus of any of claims 21-22, the cloud server being a blockchain edge node in a blockchain network;

the risk processing module is specifically configured to:

24. An edge device risk management device, comprising:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein,

25. A cloud server that handles edge device risk, comprising:

at least one processor; and the number of the first and second groups,

a memory communicatively coupled to the at least one processor; wherein,