CN116389042A - TEE-based trusted detection method and device, electronic equipment and storage medium - Google Patents
TEE-based trusted detection method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116389042A CN116389042A CN202310076810.4A CN202310076810A CN116389042A CN 116389042 A CN116389042 A CN 116389042A CN 202310076810 A CN202310076810 A CN 202310076810A CN 116389042 A CN116389042 A CN 116389042A
- Authority
- CN
- China
- Prior art keywords
- detection
- hash value
- tool software
- detection tool
- platform management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 205
- 238000012795 verification Methods 0.000 claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 23
- 230000006870 function Effects 0.000 claims description 16
- 238000004364 calculation method Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 9
- 230000006835 compression Effects 0.000 claims description 8
- 238000007906 compression Methods 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 4
- 238000009434 installation Methods 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000012360 testing method Methods 0.000 claims 4
- 238000007689 inspection Methods 0.000 claims 2
- 238000013101 initial test Methods 0.000 claims 1
- 238000000638 solvent extraction Methods 0.000 claims 1
- 230000008569 process Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000013475 authorization Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000013473 artificial intelligence Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004989 laser desorption mass spectroscopy Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information security, and discloses a TEE-based trusted detection method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring a detection tool software package, and installing the detection tool software in detection platform management software to obtain initial detection platform management software; after the initial detection platform management software is installed in a trusted execution environment, extracting a digital certificate in a detection tool software package; performing public key operation on the digital signature according to the signature public key to obtain a first hash value; extracting a file in the detection tool software according to the running state, and calculating a second hash value corresponding to the file; and carrying out numerical verification on the first hash value and the second hash value to obtain a numerical verification result. The invention can ensure that the detection result of the initial detection tool software is more accurate, thereby ensuring the fairness and legality of the detection result.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a TEE-based trusted detection method, apparatus, electronic device, and storage medium.
Background
Along with the continuous improvement of the intelligent and networked degree, industrialization is gradually developed, the quality detection authentication of industrial products is more and more standardized, and in the product detection process of each type, a monitoring mechanism uniformly manages a detection platform of the detection mechanism, but most of the detection platforms are offline local area network detection environments, and the detection platforms lack of substantial and effective supervision, so that software environments in the detection platforms are extremely easy to decompile or tamper. The authority and the credibility of a detection quality system are affected. The detection software tool in the open detection platform is extremely easy to attack by decompilation, tampering and the like, so that the accuracy of a detection result is affected. In summary, in the prior art, the detection platform is inconsistent with the initial authorization in the use process, so that the security of the detection platform in the use process is low, and the detection platform is tampered with.
Disclosure of Invention
The invention provides a TEE-based trusted detection method, a TEE-based trusted detection device, electronic equipment and a storage medium, and mainly aims to solve the problems that detection tool software is inconsistent with initial authorization in the use process of a detection platform, so that the safety of the detection platform is low in the use process, and the detection platform is tampered.
In order to achieve the above object, the present invention provides a TEE-based trusted detection method, including: acquiring a detection tool software package, and installing detection tool software corresponding to the detection tool software package in preset detection platform management software to obtain initial detection platform management software; after the initial detection platform management software is installed in a preset trusted execution environment, extracting a digital certificate in a detection tool software package, wherein the digital certificate comprises a digital signature and a signature public key; performing public key operation on the digital signature according to the signature public key to obtain a first hash value; acquiring the running state of the detection tool software, extracting a target file in the detection tool software according to the running state, and calculating a second hash value corresponding to the target file; and carrying out numerical verification on the first hash value and the second hash value to obtain a numerical verification result.
The invention also provides a TEE-based trusted detection device, which comprises a detection tool software installation module, a detection tool software detection module and a detection module, wherein the detection tool software installation module is used for acquiring a detection tool software package, and installing detection tool software corresponding to the detection tool software package in preset detection platform management software to obtain initial detection platform management software; the digital certificate extraction module is used for extracting a digital certificate in the detection tool software package after the initial detection platform management software is installed in a preset trusted execution environment, wherein the digital certificate comprises a digital signature and a signature public key; the first hash value calculation module is used for carrying out public key operation on the digital signature according to the signature public key to obtain a first hash value; the second hash value calculation module is used for acquiring the running state of the detection tool software, extracting a target file in the detection tool software according to the running state, and calculating a second hash value corresponding to the target file; and the numerical verification module is used for performing numerical verification on the first hash value and the second hash value to obtain a numerical verification result.
The present invention also provides an electronic device including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the TEE-based trusted detection method described above.
The present invention also provides a storage medium having stored therein at least one computer program that is executed by a processor in an electronic device to implement the TEE-based trusted detection method described above.
Compared with the prior art, the invention has the beneficial effects that: by installing the detection tool software in the detection platform management software, the detection platform management software can verify the integrity and the legality of the detection tool software; by installing the initial detection platform management software in a trusted execution environment, the trusted execution environment can ensure the integrity of the detection platform management software; the digital signature is subjected to public key operation by extracting the digital certificate in the detection tool software package and utilizing the signature public key in the digital certificate, so that the obtained first hash value is more accurate; the file in the detection tool software is extracted through the running state of the detection tool software, and the second hash value corresponding to the file is calculated, so that the second hash value can be ensured to be more accurate, and the calculation efficiency is accelerated; by carrying out numerical verification on the first hash value and the second hash value, the detection tool software can be prevented from being tampered in the using process, the detection result of the initial detection platform management software is ensured to be more accurate, and the fairness and the legality of the detection result are ensured.
Drawings
Fig. 1 is a schematic flow chart of a TEE-based trusted detection method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of installing detection tool software corresponding to a detection tool software package in preset detection platform management software to obtain initial detection platform management software according to an embodiment of the present invention;
fig. 3 is a functional block diagram of a TEE-based trusted detection apparatus according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of an electronic device for implementing a TEE-based trusted detection method according to an embodiment of the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In order to solve the problem that the TEE-based trusted detection method provided in the prior art is inconsistent in detection of tool software and initial authorization in the use process of a detection platform, so that the detection platform is low in safety in the use process and is tampered, one embodiment of the invention provides the TEE-based trusted detection method.
Fig. 1 is a flow chart of a TEE-based trusted detection method according to an embodiment of the present invention.
In this embodiment, the TEE-based trusted detection method includes:
s1, acquiring a detection tool software package, and installing detection tool software corresponding to the detection tool software package in preset detection platform management software to obtain initial detection platform management software.
In one embodiment, the detection tool software package includes detection tool software and digital certificates, and the detection tool software may be performance test software, white box test software, black box test software, server-side pressure performance test software, and the like.
Referring to fig. 2, in one embodiment, installing detection tool software corresponding to a detection tool software package in preset detection platform management software to obtain initial detection platform management software, including: s21, acquiring an installation request of the detection tool software, and analyzing the detection tool software according to the installation request to obtain parameter information and a configuration path; s22, inquiring an information area corresponding to the parameter information from the detection platform management software according to the parameter information, and storing the parameter information into the information area; s23, configuring the detection tool software into environment variables corresponding to the detection platform management software according to the configuration path; and S24, updating the detection platform management software by using the information area and the environment variable to obtain initial detection platform management software.
In one embodiment, the detection platform management software may be a management system, such as a LIMS management system; the corresponding parameter labels can be found in the detection platform management software according to the parameter information, the information areas corresponding to the parameter labels are obtained, and the parameter information is orderly stored in the corresponding information areas in the detection platform management software according to the parameter labels; and configuring the detection tool software into the environment variable corresponding to the detection platform management software according to the configuration path to update the detection platform management software so as to obtain the initial detection platform management software.
S2, after the initial detection platform management software is installed in a preset trusted execution environment, extracting a digital certificate in the detection tool software package, wherein the digital certificate comprises a digital signature and a signature public key.
In one embodiment, the trusted execution environment refers to a TEE trusted execution environment.
In one embodiment, the step of installing the initial detection platform management software in the preset trusted execution environment is similar to the step of installing the detection tool software corresponding to the detection tool software package in the preset detection platform management software in the above step S1, and redundant description is omitted herein.
In one embodiment, extracting the digital certificate in the detection tool software package includes: searching the position information of the digital certificate from the detection tool software package by utilizing a preset searching command; and extracting a public key from the digital certificate according to the position information, and decrypting the detection tool software package by using the public key to obtain the digital certificate.
In one embodiment, after extracting the digital certificate, the method further comprises importing the digital certificate into the initial detection platform management software.
In one embodiment, the lookup command may be a certmgr.msc command; selecting path information corresponding to the public key from the position information, and acquiring the corresponding public key according to the path information; and decrypting the tool software package by using the public key to obtain a digital certificate, and storing the digital certificate into the initial detection platform management software.
S3, carrying out public key operation on the digital signature according to the signature public key to obtain a first hash value.
In one embodiment, performing a public key operation on a digital signature based on a signature public key to obtain a first hash value, includes: decrypting the digital signature by using the signature public key to obtain a digital abstract; and carrying out hash calculation on the digital digest by using a preset hash function to obtain a first hash value.
In one embodiment, the hash function is expressed as:
h=H(M)
where H represents the first hash value, H represents the hash function, and M represents the digital digest.
In one embodiment, the hash function, also referred to as a hash function, may transform an input of arbitrary length into an output of fixed length.
S4, acquiring the running state of the detection tool software, extracting the target file in the detection tool software according to the running state, and calculating a second hash value corresponding to the target file.
In one embodiment, the operational status of the detection tool software may be divided into not operational and operational; when the detection tool software is running after being started, file catalogues in the detection tool software are obtained, and files are sequentially extracted according to the file catalogues to obtain target files.
In one embodiment, calculating a second hash value corresponding to the target file includes: binary conversion is carried out on the target file to obtain a message file; filling data into the message file to obtain a message file group; the method comprises the steps of performing block division on a message file group to obtain a message block; acquiring a word register, setting an initial variable of the word register, and performing data expansion on a message block; and carrying out iterative compression calculation on the message block and the initial variable after data expansion by using a preset compression function to obtain a second hash value.
In one embodiment, the compression function is expressed as:
V=CF(A,B i )
wherein V represents the second hash value, A represents the initial variable, B i Representing the ith message block, and CF represents the compression function.
In one embodiment, binary conversion is performed on the target file to obtain a message file with a length of L bits; the message file can be subjected to data filling and iterative compression processing by using a preset SM3 algorithm, and the method is specifically as follows: adding bit 1 to the end of the message file, adding k 0, wherein k is the minimum negative integer satisfying l+1+k=448 mod512, and finally adding 64 bit strings to the end of the message file to obtain a message file packet; the message file group is segmented, for example, each block of the message file group can be divided into 512 bits to obtain n message blocks, and the message blocks are expanded into 132 words, so that the data expansion of the message blocks is realized, and the calculated data is more accurate; the word register may be set to ABCDEFGH, an initial variable of the word register iteration value is set, and the iterative compression calculation is performed on the message block and the initial variable after the data expansion, so as to obtain a second hash value.
S5, carrying out numerical verification on the first hash value and the second hash value to obtain a numerical verification result.
In one embodiment, performing a numerical verification of the first hash value and the second hash value includes: judging whether the first hash value is equal to the second hash value; when the first hash value is equal to the second hash value, the value verification is passed; when the first hash value is not equal to the second hash value, the value verification fails.
In one embodiment, the verification is performed according to the sizes of a first hash value and a second hash value, wherein the first hash value refers to a value of a digital signature at the beginning of the detection tool software, the second hash value refers to an updated value after a period of time passes in the running period of the detection tool software, and when the first hash value and the second hash value are inconsistent, the numerical verification fails, namely the detection tool software is tampered with.
In one embodiment, after the failure of the numerical verification, the method further includes the step that when the detection tool software performs upgrade maintenance, the initial detection platform management software re-extracts the digital certificate in the detection tool software package, wherein the digital certificate includes the digital signature and the signature public key, so that the first hash value is updated.
In one embodiment, the detection tool software is installed in the detection platform management software, so that the detection platform management software can verify the integrity and the legality of the detection tool software; by installing the initial detection platform management software in a trusted execution environment, the trusted execution environment can ensure the integrity of the detection platform management software; the digital signature is subjected to public key operation by extracting the digital certificate in the detection tool software package and utilizing the signature public key in the digital certificate, so that the obtained first hash value is more accurate; the file in the detection tool software is extracted through the running state of the detection tool software, and the second hash value corresponding to the file is calculated, so that the second hash value can be ensured to be more accurate, and the calculation efficiency is accelerated; by carrying out numerical verification on the first hash value and the second hash value, the detection tool software can be prevented from being tampered in the using process, the detection result of the initial detection platform management software is ensured to be more accurate, and the fairness and the legality of the detection result are ensured. Therefore, the TEE-based trusted detection method provided by the invention can keep the consistency of the detection tool software and the initial authorization in the use process of the detection platform, thereby improving the safety of the detection platform in the use process and avoiding the problem of tampering.
Fig. 3 is a functional block diagram of a TEE-based trusted detection apparatus according to an embodiment of the present invention. Depending on the functionality implemented, TEE-based trusted detection apparatus 300 may include a detection tool software installation module 301, a digital certificate extraction module 302, a first hash value calculation module 303, a second hash value calculation module 304, and a numerical verification module 305. The module of the present invention may also be referred to as a unit, and refers to a series of computer program segments capable of being executed by a processor, such as a processor in a door lock system, and performing a fixed function, which may be stored in a memory or may be directly executed by the processor.
In one embodiment, the functionality for each module/unit is as follows: the detection tool software installation module 301 is configured to obtain a detection tool software package, and install detection tool software corresponding to the detection tool software package in preset detection platform management software to obtain initial detection platform management software; the digital certificate extraction module 302 is configured to extract a digital certificate in the detection tool software package after the initial detection platform management software is installed in a preset trusted execution environment, where the digital certificate includes a digital signature and a signature public key; a first hash value calculation module 303, configured to perform public key operation on the digital signature according to the signature public key, to obtain a first hash value; a second hash value calculation module 304, configured to obtain an operation state of the detection tool software, extract a target file in the detection tool software according to the operation state, and calculate a second hash value corresponding to the target file; the value verification module 305 is configured to perform value verification on the first hash value and the second hash value, so as to obtain a value verification result.
In detail, each module in the TEE-based trusted detection apparatus 300 in one embodiment adopts the same technical means as the TEE-based trusted detection method in the drawings when in use, and can produce the same technical effects, which are not described herein.
Fig. 4 is a schematic structural diagram of an electronic device for implementing a TEE-based trusted detection method according to an embodiment of the present invention.
The electronic device 400 may include a processor 401, a memory 402, a communication bus 403, and a communication interface 404, and may also include a computer program stored in the memory 402 and executable on the processor 401, such as a TEE-based trusted detection program.
The processor 401 may be composed of an integrated circuit in some embodiments, for example, may be composed of a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing Unit, CPU), a microprocessor, a digital processing chip, a combination of a graphics processor and various control chips, etc. The processor 401 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, and executes various functions of the electronic device and processes data by running or executing programs or modules stored in the memory 402 (for example, executing a TEE-based trusted detection program, etc.), and calling data stored in the memory 402.
The communication bus 403 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, or the like. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable connected communication between the memory 402 and the at least one processor 401 etc.
The communication interface 404 is used for communication between the electronic device and other devices described above, including network interfaces and user interfaces. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
Fig. 4 illustrates only an electronic device having components, and it will be appreciated by those skilled in the art that the configuration illustrated in fig. 4 is not limiting of electronic device 400 and may include fewer or more components than illustrated, or may combine certain components, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and the power source may be logically connected to the at least one processor 401 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may also include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described in detail herein.
It should be understood that the examples are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The present invention also provides a storage medium storing a computer program which, when executed by a processor, can implement the TEE-based trusted detection method of any of the above embodiments. The storage medium may be volatile or nonvolatile. For example, the medium may include: any entity or device capable of carrying computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of modules is merely a logical function division, and other manners of division may be implemented in practice.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (9)
1. A TEE-based trusted detection method, comprising:
acquiring a detection tool software package, and installing detection tool software corresponding to the detection tool software package in preset detection platform management software to obtain initial detection platform management software;
after the initial detection platform management software is installed in a preset trusted execution environment, extracting a digital certificate in the detection tool software package, wherein the digital certificate comprises a digital signature and a signature public key;
carrying out public key operation on the digital signature according to the signature public key to obtain a first hash value;
acquiring the running state of the detection tool software, extracting a target file in the detection tool software according to the running state, and calculating a second hash value corresponding to the target file;
and carrying out numerical verification on the first hash value and the second hash value to obtain a numerical verification result.
2. The TEE-based trusted testing method of claim 1, wherein installing the testing tool software corresponding to the testing tool software package in a preset testing platform management software to obtain an initial testing platform management software comprises:
acquiring an installation request of the detection tool software, and analyzing the detection tool software according to the installation request to obtain parameter information and a configuration path;
inquiring an information area corresponding to the parameter information from the detection platform management software according to the parameter information, and storing the parameter information into the information area;
configuring the detection tool software into environment variables corresponding to the detection platform management software according to the configuration path;
and updating the detection platform management software by using the information area and the environment variable to obtain initial detection platform management software.
3. The TEE-based trusted inspection method of claim 1, wherein the extracting the digital certificate in the inspection tool software package includes:
searching the position information of the digital certificate from the detection tool software package by using a preset searching command;
and extracting a public key in the digital certificate according to the position information, and decrypting the detection tool software package by using the public key to obtain the digital certificate.
4. The TEE-based trust detection method of claim 1, wherein performing a public key operation on the digital signature according to the signature public key to obtain a first hash value comprises:
decrypting the digital signature by using the signature public key to obtain a digital abstract;
and carrying out hash calculation on the digital digest by using a preset hash function to obtain a first hash value.
5. The TEE-based trusted detection method as set forth in claim 1, wherein said calculating a second hash value corresponding to the target file includes:
binary conversion is carried out on the target file to obtain a message file;
filling data into the message file to obtain a message file group;
partitioning the message file group to obtain a message block;
acquiring a word register, setting an initial variable of the word register, and performing data expansion on the message block;
and carrying out iterative compression calculation on the message block and the initial variable after data expansion by using a preset compression function to obtain a second hash value.
6. The TEE-based trusted detection method as set forth in claim 1, wherein said performing a numerical verification on said first hash value and said second hash value includes:
judging whether the first hash value is equal to the second hash value;
when the first hash value is equal to the second hash value, the value verification is passed;
when the first hash value is not equal to the second hash value, the numerical verification fails.
7. A TEE-based trust detection apparatus, the apparatus comprising:
the detection tool software installation module is used for acquiring a detection tool software package, and installing detection tool software corresponding to the detection tool software package in preset detection platform management software to obtain initial detection platform management software;
the digital certificate extraction module is used for extracting a digital certificate in the detection tool software package after the initial detection platform management software is installed in a preset trusted execution environment, wherein the digital certificate comprises a digital signature and a signature public key;
the first hash value calculation module is used for carrying out public key operation on the digital signature according to the signature public key to obtain a first hash value;
the second hash value calculation module is used for acquiring the running state of the detection tool software, extracting a target file in the detection tool software according to the running state, and calculating a second hash value corresponding to the target file;
and the numerical verification module is used for performing numerical verification on the first hash value and the second hash value to obtain a numerical verification result.
8. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the TEE-based trusted detection method of any one of claims 1 to 6.
9. A storage medium storing a computer program, wherein the computer program when executed by a processor implements the TEE-based trusted detection method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310076810.4A CN116389042A (en) | 2023-01-29 | 2023-01-29 | TEE-based trusted detection method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310076810.4A CN116389042A (en) | 2023-01-29 | 2023-01-29 | TEE-based trusted detection method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116389042A true CN116389042A (en) | 2023-07-04 |
Family
ID=86964532
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310076810.4A Pending CN116389042A (en) | 2023-01-29 | 2023-01-29 | TEE-based trusted detection method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116389042A (en) |
-
2023
- 2023-01-29 CN CN202310076810.4A patent/CN116389042A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2021189899A1 (en) | Link state tracking method and apparatus, and electronic device and computer storage medium | |
| CN111625252B (en) | Cluster upgrading maintenance method and device, electronic equipment and storage medium | |
| CN113704781B (en) | File secure transmission method and device, electronic equipment and computer storage medium | |
| CN111130800A (en) | Trusted prediction machine implementation method and device based on TEE | |
| CN112800429A (en) | Method for protecting driver in UEFI BIOS firmware system based on foundation | |
| CN111160879A (en) | Hardware wallet and security improving method and device thereof | |
| CN115222410A (en) | Block chain based transaction uplink method and device, electronic equipment and storage medium | |
| CN112464619A (en) | Big data processing method, device and equipment and computer readable storage medium | |
| CN113434254B (en) | Client deployment method, client deployment apparatus, computer device, and storage medium | |
| CN114499859A (en) | Password verification method, device, equipment and storage medium | |
| CN116756710B (en) | Open source treatment method and system based on feature tag tracking technology and electronic equipment | |
| CN113946492A (en) | Intelligent operation and maintenance method, device, equipment and storage medium | |
| CN109635522A (en) | A kind of tamper resistant method and device of dynamic base | |
| CN116389042A (en) | TEE-based trusted detection method and device, electronic equipment and storage medium | |
| CN112866285A (en) | Gateway interception method and device, electronic equipment and storage medium | |
| CN115021995B (en) | Multi-channel login method, device, equipment and storage medium | |
| CN116028045A (en) | Third party application code rapid distribution method, device, equipment and storage medium | |
| CN113822379B (en) | Process process anomaly analysis method and device, electronic equipment and storage medium | |
| CN114942855A (en) | Interface calling method and device, electronic equipment and storage medium | |
| CN116107991A (en) | Container label database construction method and device, storage medium and electronic equipment | |
| CN112035155A (en) | Version update management method and device, computer equipment and readable storage medium | |
| CN117972757B (en) | Method and system for realizing safety analysis of mine data based on cloud platform | |
| CN111651509A (en) | Data importing method and device based on Hbase database, electronic device and medium | |
| CN117939421B (en) | Garden plant growth monitoring and management method and system based on Internet of things | |
| CN113919526B (en) | Analysis method, device, equipment and medium for online model maintenance time point |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |