CN117879839A - Verification method of remote proof result and related device - Google Patents

Abstract

A verification method of a remote proof result is applied to the field of trusted technology. According to the method, the storage device is arranged to record the revoked remote proving result, so that when each electronic device obtains the remote proving result of other electronic devices, the storage device can be requested to confirm whether the remote proving result is revoked or not, further reliability of proving whether the device is credible or not based on the remote proving result is ensured, and potential safety hazards are avoided.

Description

Verification method of remote proof result and related device

Technical Field

The application relates to the technical field of credibility, in particular to a verification method of a remote proof result.

Background

Remote attestation is one of the key technologies in trusted computing global solutions, which is commonly used to authenticate whether a device is in a trusted state. The remote attestation process includes: the device collects the measurement evidence (for example, the measurement value generated by the remote device through the measurement starting function) of the device, and sends the obtained measurement evidence to the remote proving server, and the remote proving server judges whether the device is trusted or not according to the measurement evidence and generates a corresponding remote proving result indicating whether the device is trusted or not.

In the remote attestation process, after the remote attestation server generates and returns a remote attestation result to the device, the device can use the remote attestation result to attest its own trustworthiness, thereby interacting with other devices. For example, when the first device receives the remote proof result sent by the second device, the first device confirms that the second device is a trusted device, so as to allow the second device to access the network through the first device.

However, in some cases, after proving the trustworthiness of a certain device based on the remote proving result, the device may still perform some unsafe actions. Also, since the device is considered trusted, some unsafe actions performed by the device can seriously affect the security of the network environment, thereby creating a security risk. Thus, there is a need for a solution to avoid the potential safety hazard that may occur when proving the trustworthiness of a device by remote proving results.

Disclosure of Invention

The application provides a verification method of a remote proving result, which can ensure the reliability of proving whether equipment is credible or not based on the remote proving result and avoid potential safety hazards.

The first aspect of the present application provides a method for verifying a remote attestation result, including: the first electronic device obtains a target remote attestation result, which is used to instruct the second electronic device to execute the remote attestation process. The method for the first electronic device to acquire the target remote proof result comprises the following steps: the first electronic device receives a target remote proving result sent by the second electronic device; or the first electronic device receives the target remote proving result forwarded by the second electronic device through other electronic devices.

The first electronic device then sends a first request message to a third electronic device, the first request message requesting a determination of whether the target remote attestation result is revoked, the third electronic device being a device for recording the revoked remote attestation result. For example, the third electronic device may be enabled to record each revoked remote attestation result by storing a revocation message for each remote attestation result.

And secondly, the first electronic device receives a first response message sent by the third electronic device and determines whether the target remote proving result is revoked according to the first response message, wherein the first response message is used for indicating whether the target remote proving result is revoked.

According to the scheme, the revoked remote proving result is recorded by setting the storage device, so that each electronic device can request to confirm whether the remote proving result is revoked or not when obtaining the remote proving results of other electronic devices, further the reliability of proving whether the device is credible or not based on the remote proving result is ensured, and potential safety hazards are avoided.

In one possible implementation, the method further includes: the first electronic device obtains first indication information related to the target remote attestation result, wherein the first indication information is used for indicating information of a device recording the revoked remote attestation result, namely, the first indication information is used for indicating information of a third electronic device. Illustratively, the first indication information indicates, for example, an internet protocol (Internet Protocol, IP) address of the third electronic device; alternatively, the first indication information indicates a uniform resource location system (uniform resource locator, URL) or domain name associated with the third electronic device. In this way, the first electronic device can determine, based on the first indication information, that the device for recording the revoked remote attestation result is the third electronic device, and further send the first request message to the third electronic device based on the first indication information.

In one possible implementation, the first indication information is located in the target remote attestation result. In this way, after the first electronic device obtains the target remote proof result, the first instruction information included in the target remote proof result can be obtained.

In the scheme, the information of the third electronic equipment for indicating and recording the withdrawal condition of the remote proving result is carried in the remote proving result, so that the reliability of whether the equipment is trusted or not can be ensured based on the remote proving result under the condition of reducing the change of the prior art as much as possible.

In one possible implementation, the first response message includes a remote attestation result revocation list indicating revoked remote attestation results. The first electronic device determining whether the remote attestation result is revoked according to the first response message, including: if the target remote attestation result is in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is revoked; or if the target remote attestation result is not in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is not revoked.

According to the scheme, the remote proof result revocation list of the query target is returned to the first electronic device to achieve the revocation of the remote proof result, so that the load of the third electronic device can be reduced as much as possible, and the feasibility of the scheme is improved.

In one possible implementation, the method further includes: the method comprises the steps that first electronic equipment obtains a first identifier, wherein the first identifier is used for uniquely identifying a target remote proving result; the first request message is used for requesting the third electronic equipment to confirm whether the target remote proof result is revoked, and the first request message comprises a first identifier; the first response message is used to indicate that the target remote attestation result is revoked, or the first response message is used to indicate that the target remote attestation result is not revoked.

In one possible implementation, the method further includes: the first electronic device receives a notification message sent by the third electronic device, wherein the notification message is used for indicating that the target remote proving result is revoked; the first electronic device determines that the target remote attestation result is revoked according to the notification message.

In one possible implementation, before the first electronic device receives the notification message, the method further includes: the first electronic device sends a subscription request to the third electronic device, the subscription request being used to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked.

In one possible implementation, the subscription request is a first request message.

In one possible implementation, the first electronic device is a trusted Party device (RP), the second electronic device is an attestation device (attest), the third electronic device is a remote attestation device (Verifier), and the third electronic device is further configured to participate in a remote attestation process of the second electronic device and generate a target remote attestation result.

In one possible implementation, the third electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result is revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result; the first electronic device is RP, the second electronic device is Attester, the third electronic device is revocation server (Revocation Server, RS) and the fourth electronic device is Verifier.

In one possible implementation, the method further includes: if the target remote attestation result is revoked, the first electronic device performs the following operations on the second electronic device: terminating interaction with the second electronic device or limiting access rights of the second electronic device.

A second aspect of the present application provides a method for verifying a remote attestation result, including: the first electronic device receives a first request message sent by the third electronic device, wherein the first request message is used for requesting to determine whether a target remote proof result is revoked, and the first electronic device is used for recording the revoked remote proof result; the first electronic device sends a first response message to the third electronic device, wherein the first response message is used for indicating whether the target remote proving result is revoked.

In one possible implementation, the first electronic device obtaining and recording whether the target remote attestation result is revoked includes: the first electronic device obtains one or more revocation messages, and the one or more revocation messages are used for indicating a revocation remote attestation result; the first electronic device generates a remote attestation result revocation list from the one or more revocation messages, the remote attestation result revocation list being used to indicate revoked remote attestation results.

In one possible implementation, the first response message includes a remote attestation result revocation list.

In one possible implementation, the first request message includes a first identifier, the first identifier being configured to uniquely identify the target remote attestation result, the first request message being configured to request the first electronic device to determine whether the target remote attestation result is revoked; the method further comprises the steps of: the first electronic device queries the recorded revoked remote attestation results to determine whether the target remote attestation results were revoked; the first response message is used to indicate that the target remote attestation result is revoked, or the first response message is used to indicate that the target remote attestation result is not revoked.

In one possible implementation, the method further includes: if the target remote attestation result changes from not revoked to revoked, the first electronic device sends a notification message to the third electronic device, the notification message indicating that the target remote attestation result is revoked.

In one possible implementation, before the first electronic device sends the notification message to the third electronic device, the method further includes: the first electronic device receives a subscription request sent by the third electronic device, wherein the subscription request is used for requesting the first electronic device to notify the third electronic device when the target remote proving result is revoked.

In one possible implementation, the subscription request is a first request message.

In one possible implementation, the first electronic device is a Verifier, the second electronic device is an attest, the third electronic device is an RP, and the first electronic device is further configured to participate in a remote attestation process of the second electronic device and generate a target remote attestation result.

In one possible implementation, the first electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result is revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result; the first electronic device is a revocation server RS, the second electronic device is an Attester, the third electronic device is an RP, and the fourth electronic device is a Verifier.

A third aspect of the present application provides a method for verifying a remote attestation result, including: the first electronic device obtains a target remote proving result, wherein the target remote proving result is used for indicating a second electronic device to execute a remote proving process; the first electronic device sends a subscription request to the third electronic device, the subscription request is used for requesting the third electronic device to inform the first electronic device when the target remote certification result is revoked, and the third electronic device is used for recording the revoked remote certification result; the first electronic device receives a notification message sent by the third electronic device, wherein the notification message is used for indicating that the target remote proving result is revoked.

In one possible implementation, the method further includes: the method comprises the steps that first electronic equipment obtains a first identifier and first indication information related to a target remote proof result, wherein the first indication information is used for indicating information of equipment for recording the revoked remote proof result; the first electronic device sending a subscription request to a third electronic device, comprising: the first electronic device sends a subscription request to the third electronic device based on the first indication information, wherein the subscription request comprises a first identification.

In one possible implementation, the first identification and/or the first indication information is located in the target remote attestation result.

A fourth aspect of the present application provides a method for verifying a remote attestation result, including: the first electronic device receives a subscription request sent by the second electronic device, wherein the subscription request is used for requesting the first electronic device to inform the second electronic device when a target remote certification result is revoked, the target remote certification result is used for indicating a third electronic device to execute a remote certification process result, and the first electronic device is used for recording the revoked remote certification result; when the target remote attestation result is revoked, the first electronic device sends a first notification message to the third electronic device, the first notification message indicating that the target remote attestation result is revoked.

In one possible implementation, before the first electronic device sends the first notification message to the third electronic device, the method further includes: the first electronic device receives a second notification message sent by the fourth electronic device, the second notification message is used for indicating that the target remote certification result is revoked, and the fourth electronic device is used for participating in the remote certification process of the third electronic device and generating the target remote certification result.

A fifth aspect of the present application provides a device for verifying a remote attestation result, the device being disposed in a first electronic device, and the device comprising: the acquisition module is used for acquiring a target remote proving result, wherein the target remote proving result is used for indicating the second electronic equipment to execute the result of the remote proving process; a transceiver module configured to send a first request message to a third electronic device, where the first request message is used to request to determine whether the target remote attestation result is revoked, and the third electronic device is a device for recording the revoked remote attestation result; the receiving and transmitting module is also used for receiving a first response message sent by the third electronic equipment; and the processing module is used for determining whether the target remote proving result is revoked according to a first response message, wherein the first response message is used for indicating whether the target remote proving result is revoked.

In one possible implementation manner, the obtaining module is further configured to obtain first indication information related to the target remote attestation result, where the first indication information is used to indicate information of a device that records the revoked remote attestation result; and the transceiver module is also used for sending a first request message to the third electronic equipment based on the first indication information.

In one possible implementation, the first indication information is located in the target remote attestation result.

In one possible implementation, the first response message includes a remote attestation result revocation list indicating revoked remote attestation results; the processing module is specifically used for: if the target remote attestation result is in the remote attestation result revocation list, determining that the target remote attestation result is revoked; or if the target remote attestation result is not in the remote attestation result revocation list, determining that the target remote attestation result is not revoked.

In one possible implementation, the obtaining module is further configured to obtain a first identifier, where the first identifier is used to uniquely identify the target remote attestation result; the first request message is used for requesting the third electronic equipment to confirm whether the target remote proof result is revoked, and the first request message comprises a first identifier; the first response message is used to indicate that the target remote attestation result is revoked, or the first response message is used to indicate that the target remote attestation result is not revoked.

In one possible implementation, the transceiver module is further configured to receive a notification message sent by the third electronic device, where the notification message is used to indicate that the target remote attestation result is revoked; and the processing module is also used for determining that the target remote proving result is revoked according to the notification message.

In one possible implementation, before the transceiver module receives the notification message, the transceiver module is further configured to send a subscription request to the third electronic device, where the subscription request is configured to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked.

In one possible implementation, the subscription request is a first request message.

In one possible implementation, the first electronic device is a trusted device RP, the second electronic device is a prover device attest, the third electronic device is a remote attestation device Verifier, and the third electronic device is further configured to participate in a remote attestation process of the second electronic device and generate a target remote attestation result.

In one possible implementation, the third electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result is revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result; the first electronic device is RP, the second electronic device is Attester, the third electronic device is revocation server RS and the fourth electronic device is Verifier.

In one possible implementation, if the target remote attestation result is revoked, the first electronic device performs the following operations on the second electronic device: terminating interaction with the second electronic device or limiting access rights of the second electronic device.

A sixth aspect of the present application provides a device for verifying a remote attestation result, the device being disposed in a first electronic device, and the device comprising: the receiving and transmitting module is used for receiving a first request message sent by the third electronic device, wherein the first request message is used for requesting to determine whether the target remote proof result is revoked, and the first electronic device is a device for recording the revoked remote proof result; and the transceiver module is also used for sending a first response message to the third electronic device, wherein the first response message is used for indicating whether the target remote proving result is revoked.

In one possible implementation, the apparatus further includes: an acquisition module for acquiring one or more revocation messages, the one or more revocation messages being used to indicate a revocation remote attestation result; and a processing module for generating a remote attestation result revocation list according to the one or more revocation messages, the remote attestation result revocation list being used for indicating revoked remote attestation results.

In one possible implementation, the first response message includes a remote attestation result revocation list.

In one possible implementation, the first request message includes a first identifier, the first identifier being configured to uniquely identify the target remote attestation result, the first request message being configured to request the first electronic device to determine whether the target remote attestation result is revoked; the apparatus further comprises: the processing module is used for inquiring the recorded revoked remote proof result so as to determine whether the target remote proof result is revoked; the first response message is used to indicate that the target remote attestation result is revoked, or the first response message is used to indicate that the target remote attestation result is not revoked.

In one possible implementation, if the target remote attestation result changes from not revoked to revoked, the transceiver module is further configured to send a notification message to the third electronic device, the notification message indicating that the target remote attestation result is revoked.

In one possible implementation, before the transceiver module sends the notification message to the third electronic device, the transceiver module is further configured to receive a subscription request sent by the third electronic device, where the subscription request is used to request the first electronic device to notify the third electronic device when the target remote attestation result is revoked.

In one possible implementation, the subscription request is a first request message.

In one possible implementation, the first electronic device is a Verifier, the second electronic device is an attest, the third electronic device is an RP, and the first electronic device is further configured to participate in a remote attestation process of the second electronic device and generate a target remote attestation result.

In one possible implementation, the first electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result is revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result; the first electronic device is a revocation server RS, the second electronic device is an Attester, the third electronic device is an RP, and the fourth electronic device is a Verifier.

A seventh aspect of the present application provides a device for verifying a remote attestation result, the device being disposed in a first electronic device, the device comprising: the acquisition module is used for acquiring a target remote proving result, wherein the target remote proving result is used for indicating the second electronic equipment to execute the result of the remote proving process; the receiving and transmitting module is used for sending a subscription request to the third electronic device, the subscription request is used for requesting the third electronic device to inform the first electronic device when the target remote certification result is revoked, and the third electronic device is used for recording the revoked remote certification result; and the receiving and transmitting module is also used for receiving a notification message sent by the third electronic equipment, wherein the notification message is used for indicating that the target remote proving result is revoked.

In one possible implementation manner, the obtaining module is further configured to obtain a first identifier and first indication information related to the target remote attestation result, where the first indication information is used to indicate information of a device that records the revoked remote attestation result; the transceiver module is further configured to send a subscription request to the third electronic device based on the first indication information, where the subscription request includes the first identifier.

In one possible implementation, the first identification and/or the first indication information is located in the target remote attestation result.

An eighth aspect of the present application provides a device for verifying a remote attestation result, the device being disposed in a first electronic device, and the device comprising: the receiving and transmitting module is used for receiving a subscription request sent by the second electronic device, the subscription request is used for requesting the first electronic device to inform the second electronic device when a target remote certification result is revoked, the target remote certification result is used for indicating a third electronic device to execute a remote certification process result, and the first electronic device is used for recording the revoked remote certification result; the transceiver module is further configured to send a first notification message to the third electronic device when the target remote attestation result is revoked, the first notification message being configured to indicate that the target remote attestation result is revoked.

In one possible implementation, before the transceiver module sends the first notification message to the third electronic device, the transceiver module is further configured to receive a second notification message sent by the fourth electronic device, where the second notification message is used to indicate that the target remote attestation result is revoked, and the fourth electronic device is used to participate in a remote attestation process of the third electronic device and generate the target remote attestation result.

A ninth aspect of the present application provides an electronic device comprising a processor and a memory; wherein the memory is for storing program code, and the processor is for invoking the program code in the memory to cause the network device to perform the method as any one of the embodiments of the first to fourth aspects.

A tenth aspect of the present application provides a verification system of a remote attestation result, comprising a first electronic device deployed with an apparatus according to any implementation manner of the fifth aspect, and a second electronic device deployed with an apparatus according to any implementation manner of the sixth aspect.

An eleventh aspect of the present application provides a verification system of a remote attestation result, including a first electronic device and a second electronic device, where the first electronic device is deployed with an apparatus according to any implementation manner of the seventh aspect, and the second electronic device is deployed with an apparatus according to any implementation manner of the eighth aspect.

A twelfth aspect of the present application provides a computer readable storage medium storing instructions that when run on a computer cause the computer to perform a method as any one of the embodiments of the first to fourth aspects.

A thirteenth aspect of the present application provides a computer program product which, when run on a computer, causes the computer to perform the method as any one of the embodiments of the first to fourth aspects.

A fourteenth aspect of the present application provides a chip comprising one or more processors. Some or all of the processor is configured to read and execute computer instructions stored in the memory to perform the method of any of the possible implementations of any of the aspects described above. Optionally, the chip further comprises a memory. Optionally, the chip further comprises a communication interface, and the processor is connected with the communication interface. The communication interface is used for receiving data and/or information to be processed, and the processor acquires the data and/or information from the communication interface, processes the data and/or information and outputs a processing result through the communication interface. Optionally, the communication interface is an input-output interface or a bus interface. The method provided by the application is realized by one chip or a plurality of chips in a cooperative manner.

The solutions provided in the fifth aspect to the fourteenth aspect are used to implement or cooperatively implement the methods provided in the first aspect to the fourth aspect, so that the same or corresponding benefits as those in the first aspect to the fourth aspect can be achieved, and no further description is given here.

Drawings

FIG. 1 is a schematic flow chart of a metric start provided in an embodiment of the present application;

FIG. 2 is a schematic diagram of a remote attestation model provided in an embodiment of the present application;

fig. 3 is an application scenario schematic diagram of a verification method of a remote proof result provided in an embodiment of the present application;

FIG. 4 is a flowchart of a method for verifying a remote proof result according to an embodiment of the present application;

fig. 5 is a schematic flow chart of a first electronic device determining whether a target remote proof result is revoked according to an embodiment of the present application;

fig. 6 is a schematic flowchart of another first electronic device determining whether a target remote proof result is revoked according to an embodiment of the present application;

fig. 7A is a schematic flowchart of another first electronic device determining whether a target remote attestation result is revoked according to an embodiment of the present application;

fig. 7B is a schematic flowchart of a process for notifying revocation of a target remote attestation result of a subscription target of a first electronic device according to an embodiment of the present application;

Fig. 8 is a schematic flow chart of a revocation notification of a subscription target remote certification result of another first electronic device according to an embodiment of the present application;

FIG. 9 is a flowchart of another method for verifying a remote attestation result according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a verification device for remote proof results according to an embodiment of the present application;

FIG. 11 is a schematic structural diagram of another verification device for remote verification according to an embodiment of the present application;

FIG. 12 is a schematic structural diagram of another verification device for remote verification according to an embodiment of the present application;

fig. 13 is a schematic structural diagram of a verification device for remote proof results according to an embodiment of the present application;

fig. 14 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

Embodiments of the present application will now be described with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some, but not all embodiments of the present application. As a person of ordinary skill in the art can know, with the development of technology and the appearance of new scenes, the technical solutions provided in the embodiments of the present application are applicable to similar technical problems.

The terms first, second and the like in the description and in the claims of the present application and in the above-described figures, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.

The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.

Some term concepts related to the embodiments of the present application are explained below.

(1) Trusted platform module (Trusted Platform Module, TPM)

A TPM is a small-sized chip system that contains cryptographic operations and storage components that can securely store information, such as passwords, certificates, or encryption keys, used to verify the security of a platform (e.g., a network device such as a personal computer).

(2) Metric initiation

The measurement starting refers to recording the key state of the system into the TPM in the system starting process, and sending a report to a remote server for remote proving and authentication after the system starting is completed, and a user decides to judge whether the state of the whole system environment is credible or not.

Referring to fig. 1, fig. 1 is a schematic flow chart of a metric start method according to an embodiment of the present application. As shown in fig. 1, the flow of metric initiation includes the steps of: first, providing a trust basis for a basic input output system (Basic Input Output System, BIOS) through a trusted root in the TPM; secondly, initializing a hardware system when the BIOS is started, measuring a boot code (BootLoader), and recording a measured value obtained by measurement into the TPM; then, the BootLoader runs and acquires an image file of an operating system (Kernel), measures the Kernel, and records a measured value obtained by the measurement into the TPM; finally, kernel measures an Application (APP), records the measured measurement value into the TPM, and then runs the APP. It follows that the feature of the metrology boot is that during the process of metrology boot files, only the metrology values are recorded without interfering with the boot process. In addition, metric launch typically requires the use of an overlay with other mechanisms, such as remote attestation, to verify the metric record of the launch process.

(3) Remote attestation

The electronic equipment (such as a server, a gateway or terminal equipment and other equipment) sends the security attribute (such as a software and hardware measurement value, configuration information and node state) of the electronic equipment to a remote proving server through a certain format and an interaction flow, and the remote proving server verifies according to a certain strategy to finally prove whether the electronic equipment is credible or not. In addition, in order to ensure the security of devices and communications throughout the remote attestation protocol interaction process, a certificate mechanism (e.g., a certificate application) must be pre-deployed to support the necessary operations such as checksum viewing of the certificates during the protocol interaction process.

Referring to fig. 2, fig. 2 is a schematic diagram of a remote attestation model according to an embodiment of the present application. As shown in fig. 2, for a server, a gateway, a terminal device, or other devices that need remote attestation, an attestation Platform (Attest Platform) may be abstracted. During the Attest Platform startup, computation and recording of metric values is performed from the TPM to BOIS, kernel, app. In addition, the Attest Platform interacts with an external certificate authority (Certification Authority, CA) to perform certificate application and the like. The challenge-response mode is used for remote attestation between the Attest Platform and the remote attestation Server (Attest Server). That is, the Attest Server actively initiates a challenge request for the security attributes of Attest Platform; in response to the challenge request, the Attest Platform encrypts and signs the integrity value recorded by the Attest Platform by using the certificate applied by the CA, and returns the encrypted and signed metric value to the Attest Server. Thus, the Attest Server decrypts the information received from Attest Platform and interacts with the CA to verify whether the Attest Platform certificate is legitimate. In addition, the user can also check the certificate issued by the CA and check the remote proving result of the Attest Server on the Attest Platform.

(4) Uniform resource locator (uniform resource locator, URL)

The URL is a representation method for specifying the location of information on a web service program of the internet. Briefly, a URL locates a resource on the internet by providing an abstract identifier of the location of the resource. Based on the URL, the electronic device can locate a specified resource on the internet.

Currently, in the remote attestation process, after the remote attestation server generates and returns a remote attestation result to the device, the device can use the remote attestation result to attest its own trustworthiness, so as to interact with other devices.

It has been found that in most cases there is no security problem when the device uses remote attestation results to interact with other devices. However, in some cases, security issues may arise when the device interacts with other devices using remote attestation results, such as when the state of the device changes, the remote attestation results previously obtained by the device from a remote attestation server may not be consistent with the current trusted state of the device. However, since the device is able to permanently save the previously acquired remote attestation results, the device is able to continue to interact with other devices using the saved remote attestation results even if the device's current trusted status does not correspond to the remote attestation results. For example, after the device is broken by an attacker, the device is in an untrusted state, but the device can still interact with other devices by virtue of the remote attestation results stored previously, thereby creating a greater security risk.

In view of this, the embodiment of the application provides a method for verifying a remote proof result, which records the revoked remote proof result by setting a storage device, so that each device can request to confirm whether the remote proof result is revoked from the storage device when obtaining the remote proof results of other devices, thereby ensuring that each device can confirm whether the obtained remote proof result is revoked, further ensuring the reliability of proving whether the device is trusted based on the remote proof result, and avoiding the generation of potential safety hazards.

Referring to fig. 3, fig. 3 is an application scenario schematic diagram of a verification method of a remote proof result according to an embodiment of the present application. As shown in fig. 3, in an application scenario of the verification method of the remote attestation result, an attestation device (attest), a remote attestation device (Verifier), a revocation server (Revocation Server, RS), and a trusted Party device (RP) are included.

Attest is a device that verifies whether it is trusted by performing remote attestation, such as a network device like a router, switch or gateway, a terminal device or server, etc.

Verifiers are devices in remote attestation that evaluate whether attest is trusted, such as a remote attestation server.

RP is a device that uses remote attestation results to determine whether to trust Attest to perform certain actions. For example, RP is a network management system, and when judging that the Attester is trusted, the Attester is allowed to access the network through the RP; for another example, RP is an application server that allows attest access to certain application resources only if it is determined that attest is trusted.

The RS is a revocation server which is newly added in the scheme and is responsible for managing remote proof result revocation information, is responsible for storing information whether the remote proof result is revoked, and provides a query function for the RP to query the remote proof result revocation condition.

Specifically, in this application scenario, the attest sends remote proof evidence to the Verifier (e.g., the attest's metric value stored by the TPM during startup). The Verifier evaluates whether the attest is trusted based on remote proof evidence sent by the attest, and returns a remote proof result to the attest. In the process of interaction between the Attester and the RP, the Attester sends a remote proving result acquired from the Verifier to the RP. After receiving the remote proving result sent by the Attester, the RP inquires the RS whether the remote proving result is revoked, and acquires a message returned by the RS indicating whether the remote proving result is revoked. In the case where the state of the attest changes (for example, the attest is restarted or a new board is inserted), or the evaluation policy of the Verifier changes, the Verifier may revoke the remote attestation result of the attest, and send a notification to the RS to revoke the remote attestation result of the attest. In this way, the RS can determine whether each remote attestation result is revoked based on the notification of the Verifier.

The application scenario of the remote proof result verification method provided by the embodiment of the present application is described above, and a specific implementation procedure of the remote proof result verification method will be described below.

Referring to fig. 4, fig. 4 is a flowchart of a method for verifying a remote proof result according to an embodiment of the present application. As shown in fig. 4, the method for verifying the remote attestation result provided in the embodiment of the present application includes the following steps 401-403.

In step 401, the first electronic device obtains a target remote attestation result, where the target remote attestation result is used to instruct the second electronic device to execute a result of the remote attestation process.

In this embodiment, the first electronic device is, for example, RP as described above, and the second electronic device is, for example, attest as described above. That is, the first electronic device interacts with the second electronic device, and the first electronic device uses the remote attestation results of the second electronic device to determine whether to trust the second electronic device to enable the second electronic device to perform certain actions. The first electronic device and the second electronic device are physical devices such as a switch, a gateway, a router, a hub, a server, a personal computer, or a smart phone; alternatively, the first electronic device and the second electronic device are virtual devices having a processing function, such as a virtual machine or a container.

Optionally, the method for obtaining the target remote proof result by the first electronic device includes: the first electronic device receives a target remote proving result sent by the second electronic device; or the first electronic device receives the target remote proving result forwarded by the second electronic device through other electronic devices. The embodiment is not limited to a specific manner in which the first electronic device obtains the target remote proof result.

In step 402, the first electronic device sends a first request message to a third electronic device, where the first request message is used to request a determination of whether the target remote attestation result is revoked, and the third electronic device is a device used to record the revoked remote attestation result.

In this embodiment, the third electronic device is, for example, the RS described above, that is, the third electronic device is responsible for managing revocation information of the remote attestation result. The third electronic device enables recording of each revoked remote attestation result by storing revocation information for each remote attestation result. And, the third electronic device can provide a query service of whether the remote proof result is revoked, so the first electronic device sends a first request message to the third electronic device to request to determine whether the target remote proof result acquired by the first electronic device is revoked.

In one possible implementation, the third electronic device is further configured to participate in a remote attestation process of the second electronic device and generate a target remote attestation result. That is, the third electronic device can be used as the above-described Verifier, and can be used as the above-described RS, that is, the Verifier and the RS are the same device. In this way, the third electronic device can evaluate whether the second electronic device is trusted or not and generate a target remote proof result corresponding to the second electronic device; the third electronic device on the other hand is also capable of providing a query service of whether the remote attestation result is revoked for each RP to determine whether the remote attestation result is revoked.

In another possible implementation, the third electronic device is further configured to obtain, from a fourth electronic device, whether the target remote attestation result is revoked, wherein the fourth electronic device is configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result. That is, the third electronic device is, for example, the RS described above, and the fourth electronic device is, for example, the Verifier described above, that is, the Verifier and the RS are different devices.

Under the condition that the fourth electronic equipment triggers the revocation of the target remote proving result, the fourth electronic equipment sends a message that the target remote proving result is revoked to the third electronic equipment, and the third electronic equipment confirms that the target remote proving result is revoked; in the case where the target remote attestation result is not revoked, the fourth electronic device does not send a revocation message associated with the target remote attestation result to the third electronic device, and the third electronic device confirms that the target remote attestation result is not revoked. In this way, based on the interaction mechanism between the third electronic device and the fourth electronic device, the third electronic device can obtain whether the target remote proof result is revoked.

Optionally, before the first electronic device sends the first request message to the third electronic device, the first electronic device obtains first indication information related to the target remote attestation result. The first indication information is used for indicating information of the device recording the revoked remote proof result, namely, the first indication information is used for indicating information of the third electronic device. Illustratively, the first indication indicates, for example, an internet protocol (Internet Protocol, IP) address of the third electronic device; alternatively, the first indication information indicates a URL or domain name associated with the first electronic device. In this way, the first electronic device can determine, based on the first instruction information, that the device for recording the revoked remote attestation result is the third electronic device, and the first electronic device in turn sends the first request message to the third electronic device based on the first instruction information.

Optionally, the first indication information is carried in a target remote proof result obtained by the first electronic device. After the first electronic device obtains the target remote proof result, the first electronic device can obtain first indication information included in the target remote proof result. Or the first indication information is pre-arranged in the first electronic equipment, and after the first electronic equipment obtains the target remote proving result, the first request message which needs to be sent to the third electronic equipment can be determined based on the pre-arranged first indication information. Or the first indication information is information which is sent to the first electronic device by other electronic devices so as to inform the third electronic device to the first electronic device. In general, the embodiment is not limited to a specific manner in which the first electronic device obtains the first indication information.

In step 403, the first electronic device receives the first response message sent by the third electronic device, and determines whether the target remote attestation result is revoked according to the first response message, where the first response message is used to indicate whether the target remote attestation result is revoked.

After the first electronic device sends the first request message to the third electronic device, the third electronic device returns a first response message to the first electronic device, so that the first electronic device can determine whether the target remote proof result is revoked according to the first response message.

Optionally, after the first electronic device determines whether the target remote attestation result is revoked, the first electronic device decides a subsequent operation to be performed on the second electronic device according to whether the target remote attestation result is revoked.

Illustratively, if the target remote attestation result is revoked, the first electronic device performs the following operations on the second electronic device: terminating interaction with the second electronic device or limiting access rights of the second electronic device. In short, in the case that the target remote attestation result is revoked, the first electronic device considers the second electronic device to be not trusted, so that the first electronic device selects to terminate the interaction with the second electronic device, so as to avoid the second electronic device from attacking the first electronic device or attacking other devices in the network through the first electronic device; or the first electronic equipment limits the access authority of the second electronic equipment, so that the second electronic equipment cannot access the protected resources in the network through the first electronic equipment. In addition, in some cases, the first electronic device may report the behavior of the second electronic device in sending the invalid target remote proof result to the first electronic device, so as to analyze the security of the second electronic device later.

If the target remote proving result is not revoked, allowing the first electronic device to continue to interact with the second electronic device so that the second electronic device can be accessed into the network through the first electronic device; or the first electronic device gives the second electronic device access rights to the resources so that the second electronic device can access the resources required by the second electronic device.

In this embodiment, the first response message received by the first electronic device from the third electronic device may have multiple forms, and it will be described how the first electronic device determines whether the target remote attestation result is revoked based on the first response message in different forms.

In implementation 1, the first response message includes a remote attestation result revocation list indicating revoked remote attestation results.

Briefly, after the first electronic device sends a first request message to the third electronic device, the third electronic device returns a remote attestation result revocation list to the first electronic device to indicate remote attestation results that have currently been revoked. In this way, the first electronic device can determine whether the target remote attestation result is revoked by querying the remote attestation result revocation list.

For example, if the target remote attestation result is in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is revoked. Alternatively, if the target remote attestation result is not in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is not revoked.

Alternatively, in order to simply and effectively represent the revoked remote attestation results, the remote attestation result revocation list may be an identifier that records each revoked remote attestation result, and each identifier recorded in the remote attestation result revocation list may uniquely identify one remote attestation result. After the first electronic device obtains the target remote proof result, the first electronic device can obtain the related first identification of the target remote proof result. Wherein the first identifier is used to uniquely identify the target remote attestation result, and the first identifier is carried in the target remote attestation result, for example. In this way, the first electronic device may determine whether the target remote attestation result is revoked by querying whether the first identifier is in the remote attestation result revocation list.

It should be noted that the third electronic device is configured to receive one or more revocation messages sent by the fourth electronic device, where the one or more revocation messages are used to indicate revoked remote attestation results. Upon receiving the one or more revocation messages, the third electronic device then generates a remote attestation result revocation list based on the one or more revocation messages to record revoked individual remote attestation results.

Implementation 2, the first response message is used to indicate that the target remote attestation result is revoked, or the first response message is used to indicate that the target remote attestation result is not revoked.

In implementation 2, the first response message can indicate whether the target remote attestation result is revoked. When the first response message indicates that the target remote attestation result is revoked, the first electronic device confirms that the target remote attestation result is revoked; when the first response message indicates that the target remote attestation result is not revoked, the first electronic device confirms that the target remote attestation result is not revoked.

That is, the process of confirming whether the target remote certification result is revoked is performed by the third electronic device, which notifies the first electronic device through the first response message after determining whether the target remote certification result is revoked.

Optionally, in order to facilitate the third electronic device to quickly confirm whether the target remote attestation result is revoked, the first electronic device obtains a first identifier associated with the target remote attestation result, before sending the first request message to the third electronic device, where the first identifier is used to uniquely identify the target remote attestation result. And the first request message sent by the first electronic device to the third electronic device is used for requesting the third electronic device to confirm whether the target remote proof result is revoked, and the first request message comprises a first identifier.

In this way, the third electronic device can quickly determine whether the target remote attestation result is revoked based on the first identification in the first request message. For example, a remote certification result revocation list in which the identification of each revoked remote certification result is recorded is stored in the third electronic device. The third electronic device may determine whether the target remote attestation result is revoked by querying whether the remote attestation result revocation list includes the first identifier. For example, if the target remote attestation result is in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is revoked. Alternatively, if the target remote attestation result is not in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is not revoked.

For ease of understanding, the specific implementation procedures of the above implementation 1 and implementation 2 will be described in detail below in conjunction with specific examples.

Referring to fig. 5, fig. 5 is a flowchart of a first electronic device determining whether a target remote proof result is revoked according to an embodiment of the present application. The embodiment shown in fig. 5 corresponds to implementation 1, and RS and Verifier are different devices. Specifically, in the embodiment shown in fig. 5, the first electronic device is RP, the second electronic device is attest, the third electronic device is RS, and the fourth electronic device is Verifier. The embodiment shown in fig. 5 includes the following steps 501-508.

In step 501, the second electronic device sends remote proof evidence to the fourth electronic device.

In the process of the second electronic device executing the remote certification, the second electronic device sends the remote certification evidence to the fourth electronic device. The remote proof evidence is, for example, a metric value recorded by the second electronic device during the metric initiation process.

Step 502, the fourth electronic device returns a target remote attestation result to the second electronic device.

And after the fourth electronic equipment verifies the remote proof sent by the second electronic equipment, obtaining a target remote proof result corresponding to the second electronic equipment, and returning the target remote proof result to the second electronic equipment. Wherein the target remote attestation result is, for example, indicative of the second electronic device being authenticated by the remote attestation.

Optionally, when the fourth electronic device generates the target remote certification result, a unique identifier, that is, the first identifier, is allocated to the target remote certification result. And the fourth electronic device adds the first identifier and the first indication information to the target remote proving result. Wherein the first identifier is used for uniquely identifying the target remote attestation result, and the first indication information is used for indicating information (namely, related information of the third electronic device) of whether the target remote attestation result can be queried.

Illustratively, the target remote attestation results generated by the fourth electronic device are shown below.

It should be noted that, in this embodiment, the third electronic device returns the remote proof result revocation list to the first electronic device, and the remote proof result revocation list is usually stored in the form of a resource file, so that how to query the remote proof result revocation list in the target remote proof result may be indicated by indicating the URL, so that the first electronic device can quickly obtain the remote proof result revocation list.

In step 503, the fourth electronic device triggers the revocation target remote attestation result.

After the second electronic device passes the remote attestation, in some cases, the fourth electronic device may trigger the revocation of the target remote attestation result. For example, in the case that the second electronic device is restarted or a new piece of hardware such as a board is inserted, the trusted state of the second electronic device may change, so when the second electronic device re-executes remote attestation, the fourth electronic device triggers to revoke the target remote attestation result based on the second electronic device being currently in an untrusted state. For another example, in the case that the verification policy used by the fourth electronic device in the remote proof verification process changes, or the fourth electronic device is found to be incorrect in the previous remote proof verification process, the fourth electronic device may trigger to cancel the target remote proof result.

In step 504, the fourth electronic device sends a revocation message to the third electronic device, the revocation message being used to indicate a revocation target remote attestation result.

After the fourth electronic device triggers the revocation target remote attestation result, the fourth electronic device sends a revocation message to the third electronic device to indicate the revocation target remote attestation result. In this way, the third electronic device may generate a remote attestation revocation list in which it is recorded that the target remote attestation result has been revoked.

In step 505, the second electronic device sends the target remote attestation result to the first electronic device.

In the process that the second electronic device interacts with the first electronic device, the second electronic device needs to send a target remote proof result to the first electronic device, so that the first electronic device can judge whether to trust the second electronic device based on the target remote proof result.

The first electronic device sends a first request message to the third electronic device requesting a determination of whether the target remote attestation result was revoked, step 506.

After the first electronic device receives the target remote proof result from the second electronic device, the first electronic device may send a first request message to the third electronic device based on the first indication information in the target remote proof result to request to determine whether the target remote proof result is revoked.

In step 507, the third electronic device returns a first response message to the first electronic device including the remote attestation result revocation list.

Optionally, in the case that the first indication information indicates the URL, the first electronic device requests to acquire the remote attestation result revocation list by accessing the URL, that is, sends a first request message to the third electronic device. In this way, the third electronic device returns the remote proof result revocation list to the first electronic device after receiving the first request message sent by the first electronic device.

Illustratively, one possible example of a remote attestation result revocation list is as follows.

At step 508, the first electronic device determines whether the target remote attestation result is revoked based on the remote attestation result revocation list.

After the first electronic device obtains the remote attestation result revocation list, the first electronic device is able to determine whether the target remote attestation result is revoked by querying whether the target remote attestation result is located in the remote attestation result revocation list.

Referring to fig. 6, fig. 6 is a flowchart illustrating a process of determining whether a target remote attestation result is revoked by another first electronic device according to an embodiment of the present application. The embodiment shown in fig. 6 corresponds to implementation 1, and RS and Verifier are the same device. Specifically, in the embodiment shown in fig. 6, the first electronic device is RP, the second electronic device is attest, and the third electronic device is both RS and Verifier. The embodiment shown in fig. 6 includes the following steps 601-607.

In step 601, the second electronic device sends remote proof evidence to the third electronic device.

In step 602, the third electronic device returns a target remote attestation result to the second electronic device.

In step 603, the third electronic device triggers the revocation target remote attestation result.

In this embodiment, steps 601-603 are similar to steps 501-503 described above, except that the third electronic device acts as both an RS and a Verifier, so that the object interacting with the second electronic device is converted from the fourth electronic device in steps 501-503 to the third electronic device.

In addition, since the third electronic device acts as both RS and Verifier, the third electronic device is able to generate a remote attestation result revocation list on the third electronic device after triggering the revocation target remote attestation result, without having to send a revocation message to other electronic devices.

In step 604, the second electronic device sends the target remote attestation result to the first electronic device.

In step 605, the first electronic device sends a first request message to the third electronic device, the first request message requesting a determination of whether the target remote attestation result is revoked.

The third electronic device returns a first response message to the first electronic device including the remote attestation result revocation list, step 606.

In step 607, the first electronic device determines whether the target remote attestation result is revoked based on the remote attestation result revocation list.

In this embodiment, steps 604-607 are similar to steps 505-508 described above, and refer to steps 505-508 described above specifically, and are not repeated here.

Referring to fig. 7A, fig. 7A is a schematic flow chart of another first electronic device according to an embodiment of the present application for determining whether a target remote attestation result is revoked. The embodiment shown in fig. 7A corresponds to implementation 2 described above, and RS and Verifier are different devices. For ease of description, the following embodiments will be described with respect to RS and Verifier as different devices. Specifically, the embodiment shown in FIG. 7A includes the following steps 701-706.

In step 701, the second electronic device sends remote proof evidence to the fourth electronic device.

In step 702, the fourth electronic device returns the target remote attestation result to the second electronic device.

In step 703, the second electronic device sends the target remote attestation result to the first electronic device.

In this embodiment, steps 701-703 are similar to steps 501, 502 and 503 described above, and refer to steps 501, 502 and 503 described above, and are not repeated here.

It should be noted that, in this embodiment, since the third electronic device is a message that returns to the first electronic device whether the remote proof result is revoked, that is, the first electronic device needs to perform communication interaction with the third electronic device, how to query the remote proof result revocation list may be indicated in the target remote proof result by indicating the IP address of the third electronic device.

The first electronic device sends a first request message to the third electronic device requesting a determination of whether the target remote attestation result was revoked, step 704.

In this embodiment, the first request message carries a first identifier corresponding to the target remote proof result, so as to request the third electronic device to assist in determining whether the target remote proof result is revoked.

Step 705, the third electronic device returns a first response message to the first electronic device indicating whether the target remote attestation result was revoked.

After receiving the first request message, the third electronic device queries a remote attestation revocation list in the third electronic device based on the first identification in the first request message to determine whether the target remote attestation result is revoked. Specifically, in this embodiment, the first identifier corresponding to the target remote attestation result is not located in the remote attestation revocation list, so the first response message returned by the third electronic device to the first electronic device is used to indicate that the target remote attestation result is not revoked.

In step 706, the first electronic device determines that the target remote attestation result is not revoked based on the first response message.

Optionally, on the basis of the foregoing implementation 1 and implementation 2, the first electronic device may further trigger the third electronic device to notify the first electronic device when the target remote proof result is revoked, so that the first electronic device may acquire, in real time, a revocation situation of the target remote proof result that is up to date.

For example, after the first electronic device receives the first response message sent by the third electronic device, the first electronic device receives a notification message sent by the third electronic device, where the notification message is used to indicate that the target remote attestation result is revoked. The first electronic device then determines from the notification message that the latest state of the target remote attestation result is that it has been revoked.

Optionally, the first electronic device triggers the third electronic device to actively notify the first electronic device in multiple manners.

In one possible implementation, before the first electronic device receives the notification message, the first electronic device sends a subscription message to the third electronic device, the subscription message being used to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked. That is, when the first electronic device obtains the target remote attestation result and determines that the target remote attestation result is not revoked, the first electronic device sends a subscription message to the third electronic device to instruct the third electronic device to actively notify the first electronic device when the target remote attestation result is revoked.

For example, referring to fig. 7B, fig. 7B is a schematic flowchart of a first electronic device subscription target remote attestation result revocation notification provided in an embodiment of the present application. Wherein the flow shown in fig. 7B occurs after the embodiment shown in fig. 7A. Specifically, the flow shown in FIG. 7B includes the following steps 707-712.

In step 707, the first electronic device sends a subscription message to the third electronic device.

The first electronic device sends a subscription message to the third electronic device after determining that the target remote attestation result is not revoked based on the first response message, the subscription message being for requesting the third electronic device to notify the first electronic device when the target remote attestation result is revoked.

In step 708, the third electronic device returns a subscription success message to the first electronic device.

And under the condition that the third electronic equipment successfully receives the subscription message sent by the first electronic equipment and the third electronic equipment supports the content indicated by the subscription message, the third electronic equipment returns a subscription success message to the first electronic equipment.

In step 709, the fourth electronic device triggers the revocation target remote attestation result.

In step 710, the fourth electronic device sends a revocation message to the third electronic device, the revocation message indicating a revocation target remote attestation result.

In this embodiment, steps 709-710 are similar to steps 503-504 described above, and refer to steps 503-504 described above specifically, and are not repeated here.

In step 711, the third electronic device sends a notification message to the first electronic device, the notification message indicating that the target remote attestation result is revoked.

Because the first electronic device sends the subscription request to the third electronic device, when the third electronic device knows that the target remote certification result is revoked, the third electronic device sends a notification message to the first electronic device, and timely notifies the first electronic device that the target remote certification result is revoked.

At step 712, the first electronic device determines that the target remote attestation result is revoked based on the notification message.

In another possible implementation, for the first request message sent by the first electronic device to the third electronic device, the first request message is further used to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked. That is, the first request message sent by the first electronic device to the third electronic device is used both to request a determination of whether the target remote attestation result is revoked, and to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked. That is, the first request message functions as both a query result and a subscription notification. In this way, even when the first electronic device sends the first request message to the third electronic device, the target remote proof result is not revoked yet, but after the subsequent target remote proof result is revoked, the first electronic device can also receive the notification of the third electronic device in time.

Referring to fig. 8, fig. 8 is a schematic flow chart of a revocation notification of a subscription target remote attestation result of another first electronic device according to an embodiment of the present application. Specifically, the flow shown in FIG. 8 includes the following steps 801-808.

In step 801, the second electronic device sends remote proof evidence to the fourth electronic device.

Step 802, the fourth electronic device sends a target remote attestation result to the second electronic device.

In step 803, the second electronic device sends the target remote attestation result to the first electronic device.

In step 804, the first electronic device sends a first request message to the third electronic device, the first request message requesting a determination of whether the target remote attestation result is revoked and notifying the first electronic device when the target remote attestation result is revoked.

In this embodiment, steps 801-804 are similar to steps 701-704 described above, and refer to steps 701-704 described above specifically, and are not repeated here.

In step 805, the third electronic device sends a first response message to the first electronic device.

The first response message illustratively includes a remote attestation result revocation list, for example, and the target remote attestation result is not included in the remote attestation result revocation list. Alternatively, the first response message indicates that the target remote attestation result is not revoked.

At step 806, the fourth electronic device triggers the revocation target remote attestation result.

The fourth electronic device sends a revocation message to the third electronic device, the revocation message indicating a revocation target remote attestation result, step 807.

At step 808, the third electronic device sends a notification message to the first electronic device, the notification message indicating that the target remote attestation result was revoked.

Since the first electronic device triggers the third electronic device to notify the first electronic device when the target remote attestation result is revoked by sending the first request message to the third electronic device. Therefore, when the third electronic device knows that the target remote attestation result is revoked, the third electronic device sends a notification message to the first electronic device to timely notify the first electronic device that the target remote attestation has been revoked.

Referring to fig. 9, fig. 9 is a flowchart of another verification method of remote proof results according to an embodiment of the present application. Specifically, the flow shown in FIG. 9 includes the following steps 901-904.

In step 901, the first electronic device obtains a target remote attestation result, where the target remote attestation result is used to instruct the second electronic device to execute a result of the remote attestation process.

In this embodiment, step 901 is similar to step 401 described above, and please refer to step 401 described above, which is not repeated here. The first electronic device is for example the RP described above and the second electronic device is for example the attest described above.

In step 902, the first electronic device sends a subscription request to a third electronic device, where the subscription request is used to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked, and the third electronic device is a device for recording the revoked remote attestation result.

In this embodiment, after the first electronic device obtains the target remote proof result, the first electronic device triggers sending of the subscription request to the third electronic device, so that the third electronic device can timely notify the first electronic device when the target remote proof result is revoked. The third electronic device is, for example, the RS described above.

Optionally, before sending the subscription request to the third electronic device, the first electronic device obtains a first identifier and first indication information related to the target remote attestation result. Wherein the first identifier is used for uniquely identifying the target remote attestation result, and the first indication information is used for indicating information of the device recording the revoked remote attestation result, namely information of the third electronic device. In this way, the first electronic device sends a subscription request to the third electronic device based on the first indication information, the subscription request including the first identification.

Optionally, the first identifier and/or the first indication information is located in the target remote attestation result.

In step 903, the third electronic device receives a first notification message sent by the fourth electronic device, where the first notification message is used to indicate that the target remote attestation result is revoked, and the fourth electronic device is used to participate in the remote attestation process of the third electronic device and generate the target remote attestation result.

After the fourth electronic device triggers to revoke the target remote attestation result, the fourth electronic device sends a first notification message to the third electronic device to notify the third electronic device that the target remote attestation result is revoked. The fourth electronic device is, for example, the Verifier described above.

In step 904, the third electronic device sends a second notification message to the first electronic device, where the second notification message is used to indicate that the target remote attestation result is revoked.

Because the first electronic device sends the subscription request to the third electronic device, when the third electronic device knows that the target remote attestation result is revoked, the third electronic device sends a second notification message to the first electronic device to notify the first electronic device that the target remote attestation result is revoked.

Having described the verification method of the remote certification result provided by the embodiment of the present application, an apparatus for performing the verification method of the remote certification result will be described below.

Referring to fig. 10, fig. 10 is a schematic structural diagram of a verification device for remote verification according to an embodiment of the present application. Specifically, the verification device of the remote proof result is deployed in the first electronic device, and the device includes: an obtaining module 1001, configured to obtain a target remote attestation result, where the target remote attestation result is used to instruct the second electronic device to execute a result of a remote attestation process; a transceiver module 1002, configured to send a first request message to a third electronic device, where the first request message is used to request to determine whether the target remote attestation result is revoked, and the third electronic device is a device for recording the revoked remote attestation result; the transceiver module 1002 is further configured to receive a first response message sent by the third electronic device; a processing module 1003 is configured to determine whether the target remote attestation result is revoked according to a first response message, where the first response message is used to indicate whether the target remote attestation result is revoked.

In one possible implementation, the obtaining module 1001 is further configured to obtain first indication information related to the target remote attestation result, where the first indication information is used to indicate information of a device that records the revoked remote attestation result; the transceiver module 1002 is further configured to send a first request message to the third electronic device based on the first indication information.

In one possible implementation, the first indication information is located in the target remote attestation result.

In one possible implementation, the first response message includes a remote attestation result revocation list indicating revoked remote attestation results; the processing module 1003 is specifically configured to: if the target remote attestation result is in the remote attestation result revocation list, determining that the target remote attestation result is revoked; or if the target remote attestation result is not in the remote attestation result revocation list, determining that the target remote attestation result is not revoked.

In one possible implementation, the obtaining module 1001 is further configured to obtain a first identifier, where the first identifier is used to uniquely identify the target remote attestation result; the first request message is used for requesting the third electronic equipment to confirm whether the target remote proof result is revoked, and the first request message comprises a first identifier; the first response message is used to indicate that the target remote attestation result is revoked, or the first response message is used to indicate that the target remote attestation result is not revoked.

In a possible implementation manner, the transceiver module 1002 is further configured to receive a notification message sent by the third electronic device, where the notification message is used to indicate that the target remote attestation result is revoked; the processing module 1003 is further configured to determine that the target remote attestation result is revoked according to the notification message.

In one possible implementation, before the transceiver module 1002 receives the notification message, the transceiver module 1002 is further configured to send a subscription request to the third electronic device, where the subscription request is used to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked.

In one possible implementation, the subscription request is a first request message.

In one possible implementation, the first electronic device is a trusted device RP, the second electronic device is a prover device attest, the third electronic device is a remote attestation device Verifier, and the third electronic device is further configured to participate in a remote attestation process of the second electronic device and generate a target remote attestation result.

In one possible implementation, the third electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result is revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result; the first electronic device is RP, the second electronic device is Attester, the third electronic device is revocation server RS and the fourth electronic device is Verifier.

In one possible implementation, if the target remote attestation result is revoked, the first electronic device performs the following operations on the second electronic device: terminating interaction with the second electronic device or limiting access rights of the second electronic device.

Referring to fig. 11, fig. 11 is a schematic structural diagram of another verification apparatus for remote verification according to an embodiment of the present application. Specifically, the verification device of the remote proof result is deployed in the first electronic device, and the device includes: a transceiver module 1101, configured to receive a first request message sent by a third electronic device, where the first request message is used to request to determine whether a target remote attestation result is revoked, and the first electronic device is a device for recording the revoked remote attestation result; the transceiver module 1101 is further configured to send a first response message to the third electronic device, where the first response message is used to indicate whether the target remote attestation result is revoked.

In one possible implementation, the apparatus further includes: an obtaining module 1102, configured to obtain one or more revocation messages, where the one or more revocation messages are used to indicate a revocation remote attestation result; a processing module 1103 is configured to generate a remote attestation result revocation list according to the one or more revocation messages, the remote attestation result revocation list being used to indicate revoked remote attestation results.

In one possible implementation, the first response message includes a remote attestation result revocation list.

In one possible implementation, the first request message includes a first identifier, the first identifier being configured to uniquely identify the target remote attestation result, the first request message being configured to request the first electronic device to determine whether the target remote attestation result is revoked; the apparatus further comprises: a processing module 1103 for querying the recorded revoked remote attestation result to determine whether the target remote attestation result is revoked; the first response message is used to indicate that the target remote attestation result is revoked, or the first response message is used to indicate that the target remote attestation result is not revoked.

In one possible implementation, if the target remote attestation result changes from not revoked to revoked, the transceiver module 1101 is further configured to send a notification message to the third electronic device, the notification message indicating that the target remote attestation result is revoked.

In one possible implementation, before the transceiver module 1101 sends the notification message to the third electronic device, the transceiver module 1101 is further configured to receive a subscription request sent by the third electronic device, where the subscription request is used to request the first electronic device to notify the third electronic device when the target remote attestation result is revoked.

In one possible implementation, the subscription request is a first request message.

In one possible implementation, the first electronic device is a Verifier, the second electronic device is an attest, the third electronic device is an RP, and the first electronic device is further configured to participate in a remote attestation process of the second electronic device and generate a target remote attestation result.

In one possible implementation, the first electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result is revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result; the first electronic device is a revocation server RS, the second electronic device is an Attester, the third electronic device is an RP, and the fourth electronic device is a Verifier.

Referring to fig. 12, fig. 12 is a schematic structural diagram of another verification apparatus for remote verification according to an embodiment of the present application. Specifically, the verification device of the remote proof result is deployed in the first electronic device, and the device includes: an obtaining module 1201, configured to obtain a target remote attestation result, where the target remote attestation result is used to instruct the second electronic device to execute a result of a remote attestation process; a transceiver module 1202, configured to send a subscription request to a third electronic device, where the subscription request is used to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked, and the third electronic device is a device for recording the revoked remote attestation result; the transceiver module 1202 is further configured to receive a notification message sent by the third electronic device, where the notification message is used to indicate that the target remote attestation result is revoked.

In one possible implementation, the obtaining module 1201 is further configured to obtain a first identifier related to the target remote attestation result and first indication information, where the first indication information is used to indicate information of a device that records the revoked remote attestation result; the transceiver module 1202 is further configured to send a subscription request to the third electronic device based on the first indication information, the subscription request including the first identity.

In one possible implementation, the first identification and/or the first indication information is located in the target remote attestation result.

Referring to fig. 13, fig. 13 is a schematic structural diagram of another verification apparatus for remote verification according to an embodiment of the present application. Specifically, the verification device of the remote proof result is deployed in the first electronic device, and the device includes: a transceiver module 1301, configured to receive a subscription request sent by a second electronic device, where the subscription request is used to request a first electronic device to notify the second electronic device when a target remote attestation result is revoked, where the target remote attestation result is used to instruct a third electronic device to execute a result of a remote attestation process, and the first electronic device is a device for recording the revoked remote attestation result; the transceiver module 1301 is further configured to send a first notification message to the third electronic apparatus when the target remote attestation result is revoked, the first notification message being configured to indicate that the target remote attestation result is revoked.

In one possible implementation, before the transceiver module 1301 sends the first notification message to the third electronic apparatus, the transceiver module 1301 is further configured to receive a second notification message sent by the fourth electronic apparatus, where the second notification message is used to indicate that the target remote attestation result is revoked, and the fourth electronic apparatus is used to participate in the remote attestation process of the third electronic apparatus and generate the target remote attestation result.

Fig. 14 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 14, the electronic apparatus 1400 is equipped with the verification device for remote certification results described above. The electronic device 1400 is implemented with a general bus architecture.

The electronic device 1400 includes at least one processor 1401, a communication bus 1402, a memory 1403, and at least one communication interface 1404.

In the alternative, processor 1401 is a general purpose CPU, NP, microprocessor, or one or more integrated circuits for implementing aspects of the present application, such as an application-specific integrated circuit (ASIC), a programmable logic device (programmable logic device, PLD), or a combination thereof. The PLD is a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general-purpose array logic (generic array logic, GAL), or any combination thereof.

A communication bus 1402 is used to transfer information between the above-described components. The communication bus 1402 is classified into an address bus, a data bus, a control bus, and the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.

Alternatively, the memory 1403 is a read-only memory (ROM) or other type of static storage device that can store static information and instructions. Alternatively, memory 1403 is a random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions. Alternatively, memory 1403 is an electrically erasable programmable read-only Memory (EEPROM), a compact disk read-only Memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. Alternatively, the memory 1403 is independent and connected to the processor 1401 via the communication bus 1402. Optionally, the memory 1403 and the processor 1401 are integrated.

The communication interface 1404 uses any transceiver-like device for communicating with other devices or communication networks. Communication interface 1404 includes a wired communication interface. Optionally, the communication interface 1404 further comprises a wireless communication interface. The wired communication interface is, for example, an ethernet interface. The ethernet interface is an optical interface, an electrical interface, or a combination thereof. The wireless communication interface is a wireless local area network (wireless local area networks, WLAN) interface, a cellular network communication interface, a combination thereof, or the like.

In a particular implementation, as one embodiment, processor 1401 includes one or more CPUs, such as CPU0 and CPU1 shown in FIG. 14.

In a particular implementation, as one embodiment, the electronic device 1400 includes multiple processors, such as processor 1401 and processor 1405 shown in fig. 14. Each of these processors is a single-core processor (single-CPU) or a multi-core processor (multi-CPU). A processor herein refers to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In some embodiments, memory 1403 is used to store program code 1406 that executes aspects of the present application, and processor 1401 executes program code 1406 stored in memory 1403. That is, the electronic device 1400 implements the above-described method embodiments by the processor 1401 and the program code 1406 in the memory 1403.

The embodiment of the application also provides a verification system of the remote proof result, which comprises a first electronic device and a second electronic device, wherein the first electronic device is deployed with the device described in the embodiment corresponding to fig. 10, and the second electronic device is deployed with the device described in the embodiment corresponding to fig. 11.

The embodiment of the application also provides a verification system of the remote proof result, which comprises a first electronic device and a second electronic device, wherein the first electronic device is deployed with the device described in the embodiment corresponding to fig. 12, and the second electronic device is deployed with the device described in the embodiment corresponding to fig. 13.

In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are referred to each other, and each embodiment is mainly described as a difference from other embodiments.

A refers to B, referring to a simple variation where A is the same as B or A is B.

The terms "first" and "second" and the like in the description and in the claims of embodiments of the present application are used for distinguishing between different objects and not necessarily for describing a particular sequential or chronological order of the objects, and should not be interpreted to indicate or imply relative importance. For example, a first speed limiting channel and a second speed limiting channel are used to distinguish between different speed limiting channels, rather than to describe a particular order of speed limiting channels, nor should the first speed limiting channel be understood to be more important than the second speed limiting channel.

In the examples herein, unless otherwise indicated, the meaning of "at least one" means one or more and the meaning of "a plurality" means two or more.

The above-described embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces, in whole or in part, the procedures or functions described in accordance with embodiments of the present application. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.

The above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions from the scope of the technical solutions of the embodiments of the present application.

Claims (56)

1. A method of verifying a remote attestation result, comprising:

the method comprises the steps that a first electronic device obtains a target remote proving result, wherein the target remote proving result is used for indicating a second electronic device to execute a remote proving process;

the first electronic device sends a first request message to a third electronic device, wherein the first request message is used for requesting to determine whether the target remote proof result is revoked, and the third electronic device is used for recording the revoked remote proof result;

the first electronic device receives a first response message sent by the third electronic device and determines whether the target remote proving result is revoked according to the first response message, wherein the first response message is used for indicating whether the target remote proving result is revoked.

2. The method according to claim 1, wherein the method further comprises:

the first electronic device obtains first indication information related to the target remote attestation result, wherein the first indication information is used for indicating information of a device for recording the revoked remote attestation result;

the first electronic device sending a first request message to a third electronic device, including:

the first electronic device sends the first request message to the third electronic device based on the first indication information.

3. The method of claim 2, wherein the first indication information is used to indicate an internet protocol IP address, a domain name, or a URL corresponding to the third electronic device.

4. A method according to claim 2 or 3, wherein the first indication information is located in the target remote attestation result.

5. The method of any of claims 1-4, wherein the first response message includes a remote attestation result revocation list indicating revoked remote attestation results;

the first electronic device determining whether the remote attestation result is revoked according to the first response message, including:

If the target remote attestation result is in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is revoked;

or, if the target remote attestation result is not in the remote attestation result revocation list, the first electronic device determines that the target remote attestation result is not revoked.

6. The method according to any one of claims 1-4, further comprising:

the first electronic device obtains a first identifier, wherein the first identifier is used for uniquely identifying the target remote proving result;

the first request message is used for requesting the third electronic device to confirm whether the target remote proof result is revoked, and the first request message comprises the first identifier;

the first response message is used for indicating that the target remote attestation result is revoked, or the first response message is used for indicating that the target remote attestation result is not revoked.

7. The method according to any one of claims 1-6, further comprising:

the first electronic device receives a notification message sent by the third electronic device, wherein the notification message is used for indicating that the target remote proving result is revoked;

The first electronic device determines that the target remote attestation result is revoked according to the notification message.

8. The method of claim 7, wherein prior to the first electronic device receiving the notification message, the method further comprises:

the first electronic device sends a subscription request to the third electronic device, wherein the subscription request is used for requesting the third electronic device to notify the first electronic device when the target remote proving result is revoked.

9. The method of claim 8, wherein the subscription request is the first request message.

10. The method according to any of claims 1-9, wherein the first electronic device is a trusted device RP, the second electronic device is a prover device attest, the third electronic device is a remote attestation device Verifier, and the third electronic device is further configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result.

11. The method of any of claims 1-9, wherein the third electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result was revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result;

The first electronic device is RP, the second electronic device is Attester, the third electronic device is revocation server RS and the fourth electronic device is Verifier.

12. The method according to any one of claims 1-11, further comprising:

if the target remote attestation result is revoked, the first electronic device performs the following operations on the second electronic device: terminating interaction with the second electronic device or limiting access rights of the second electronic device.

13. A method of verifying a remote attestation result, comprising:

the first electronic device receives a first request message sent by a third electronic device, wherein the first request message is used for requesting to determine whether the target remote proof result is revoked, and the first electronic device is used for recording the revoked remote proof result;

the first electronic device sends a first response message to the third electronic device, wherein the first response message is used for indicating whether the target remote proving result is revoked.

14. The method of claim 13, wherein the first electronic device obtaining and recording whether the target remote attestation result was revoked comprises:

The first electronic device obtains one or more revocation messages, wherein the one or more revocation messages are used for indicating a revocation remote attestation result;

the first electronic device generates a remote attestation result revocation list from the one or more revocation messages, the remote attestation result revocation list being used to indicate revoked remote attestation results.

15. The method of claim 14, wherein the first response message includes the remote attestation result revocation list.

16. The method of claim 13 or 14, wherein the first request message includes a first identification for uniquely identifying the target remote attestation result, the first request message for requesting the first electronic device to determine whether the target remote attestation result is revoked;

the method further comprises the steps of:

the first electronic device queries the recorded revoked remote attestation results to determine whether the target remote attestation result is revoked;

the first response message is used for indicating that the target remote attestation result is revoked, or the first response message is used for indicating that the target remote attestation result is not revoked.

17. The method according to any one of claims 13-16, characterized in that the method further comprises:

if the target remote attestation result is changed from not revoked to revoked, the first electronic device sends a notification message to the third electronic device, the notification message indicating that the target remote attestation result is revoked.

18. The method of claim 17, wherein before the first electronic device sends a notification message to the third electronic device, the method further comprises:

the first electronic device receives a subscription request sent by the third electronic device, wherein the subscription request is used for requesting the first electronic device to notify the third electronic device when the target remote proving result is revoked.

19. The method of claim 18, wherein the subscription request is the first request message.

20. The method of any of claims 13-19, wherein the first electronic device is a Verifier, the second electronic device is an attest, the third electronic device is an RP, and the first electronic device is further configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result.

21. The method of any of claims 13-19, wherein the first electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result was revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result;

the first electronic device is a revocation server RS, the second electronic device is an attest, the third electronic device is RP, and the fourth electronic device is a Verifier.

22. A method of verifying a remote attestation result, comprising:

the method comprises the steps that a first electronic device obtains a target remote proving result, wherein the target remote proving result is used for indicating a second electronic device to execute a remote proving process;

the first electronic device sends a subscription request to third electronic device, wherein the subscription request is used for requesting the third electronic device to inform the first electronic device when the target remote proving result is revoked, and the third electronic device is used for recording the revoked remote proving result;

the first electronic device receives a notification message sent by the third electronic device, wherein the notification message is used for indicating that the target remote proving result is revoked.

23. The method of claim 22, wherein the method further comprises:

the first electronic device obtains a first identifier and first indication information related to the target remote attestation result, wherein the first indication information is used for indicating information of a device for recording the revoked remote attestation result;

the first electronic device sending a subscription request to a third electronic device, comprising:

the first electronic device sends the subscription request to the third electronic device based on the first indication information, wherein the subscription request comprises the first identification.

24. The method of claim 23, wherein the first identification and/or the first indication is located in the target remote attestation result.

25. A method of verifying a remote attestation result, comprising:

the method comprises the steps that a first electronic device receives a subscription request sent by a second electronic device, wherein the subscription request is used for requesting the first electronic device to inform the second electronic device when a target remote proving result is revoked, the target remote proving result is used for indicating a third electronic device to execute a remote proving process result, and the first electronic device is used for recording the revoked remote proving result;

When the target remote attestation result is revoked, the first electronic device sends a first notification message to the third electronic device, the first notification message being used to indicate that the target remote attestation result is revoked.

26. The method of claim 25, wherein prior to the first electronic device sending a first notification message to the third electronic device, the method further comprises:

the first electronic device receives a second notification message sent by a fourth electronic device, wherein the second notification message is used for indicating that the target remote proof result is revoked, and the fourth electronic device is used for participating in the remote proof process of the third electronic device and generating the target remote proof result.

27. A device for verifying a remote attestation result, the device deployed in a first electronic device, the device comprising:

the acquisition module is used for acquiring a target remote proving result, wherein the target remote proving result is used for indicating a second electronic device to execute a remote proving process;

a transceiver module configured to send a first request message to a third electronic device, where the first request message is used to request to determine whether the target remote attestation result is revoked, and the third electronic device is a device for recording the revoked remote attestation result;

The transceiver module is further configured to receive a first response message sent by the third electronic device;

and the processing module is used for determining whether the target remote proving result is revoked according to the first response message, and the first response message is used for indicating whether the target remote proving result is revoked.

28. The apparatus of claim 27, wherein the device comprises a plurality of sensors,

the acquisition module is further used for acquiring first indication information related to the target remote attestation result, wherein the first indication information is used for indicating information of equipment for recording the revoked remote attestation result;

the transceiver module is further configured to send the first request message to the third electronic device based on the first indication information.

29. The apparatus of claim 28, wherein the first indication information is used to indicate an internet protocol IP address, a domain name, or a uniform resource location system URL corresponding to the third electronic device.

30. The apparatus of claim 28 or 29, wherein the first indication is located in the target remote attestation result.

31. The apparatus of any of claims 27-30, wherein the first response message includes a remote attestation result revocation list indicating revoked remote attestation results;

The processing module is specifically configured to:

if the target remote attestation result is in the remote attestation result revocation list, determining that the target remote attestation result is revoked;

or if the target remote attestation result is not in the remote attestation result revocation list, determining that the target remote attestation result is not revoked.

32. The apparatus of any one of claims 27-30, wherein,

the acquisition module is further used for acquiring a first identifier, wherein the first identifier is used for uniquely identifying the target remote proving result;

the first request message is used for requesting the third electronic device to confirm whether the target remote proof result is revoked, and the first request message comprises the first identifier;

the first response message is used for indicating that the target remote attestation result is revoked, or the first response message is used for indicating that the target remote attestation result is not revoked.

33. The apparatus of any one of claims 27-32, wherein,

the receiving and transmitting module is further configured to receive a notification message sent by the third electronic device, where the notification message is used to indicate that the target remote attestation result is revoked;

The processing module is further configured to determine that the target remote attestation result is revoked according to the notification message.

34. The apparatus of claim 33, wherein the transceiver module is further configured to send a subscription request to the third electronic device before the transceiver module receives the notification message, the subscription request requesting the third electronic device to notify the first electronic device when the target remote attestation result is revoked.

35. The apparatus of claim 34, wherein the subscription request is the first request message.

36. The apparatus of any of claims 27-35, wherein the first electronic device is a trusted device RP, the second electronic device is a prover device attest, the third electronic device is a remote attestation device Verifier, and the third electronic device is further configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result.

37. The apparatus of any of claims 27-35, wherein the third electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result was revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result;

The first electronic device is RP, the second electronic device is Attester, the third electronic device is revocation server RS and the fourth electronic device is Verifier.

38. The apparatus of any one of claims 27-37, wherein,

if the target remote attestation result is revoked, the first electronic device performs the following operations on the second electronic device: terminating interaction with the second electronic device or limiting access rights of the second electronic device.

39. A device for verifying a remote attestation result, the device deployed in a first electronic device, the device comprising:

a transceiver module, configured to receive a first request message sent by a third electronic device, where the first request message is used to request to determine whether the target remote attestation result is revoked, and the first electronic device is a device for recording the revoked remote attestation result;

the transceiver module is further configured to send a first response message to the third electronic device, where the first response message is used to indicate whether the target remote attestation result is revoked.

40. The apparatus of claim 39, wherein the apparatus further comprises:

An acquisition module configured to acquire one or more revocation messages, the one or more revocation messages being configured to indicate a revocation remote attestation result;

a processing module for generating a remote attestation result revocation list from the one or more revocation messages, the remote attestation result revocation list being used to indicate revoked remote attestation results.

41. The apparatus of claim 40, wherein the first response message includes the remote attestation result revocation list.

42. An apparatus as defined in claim 39 or 40, wherein the first request message includes a first identification to uniquely identify the target remote attestation result, the first request message to request the first electronic device to determine whether the target remote attestation result is revoked; the apparatus further comprises:

a processing module for querying the recorded revoked remote attestation results to determine whether the target remote attestation result is revoked;

the first response message is used for indicating that the target remote attestation result is revoked, or the first response message is used for indicating that the target remote attestation result is not revoked.

43. The apparatus of any one of claims 39-42, wherein,

the transceiver module is further configured to send a notification message to the third electronic device, the notification message indicating that the target remote attestation result is revoked, if the target remote attestation result changes from not revoked to revoked.

44. The apparatus of claim 43, wherein before the transceiver module sends a notification message to the third electronic device,

the receiving and transmitting module is further used for receiving a subscription request sent by the third electronic device, wherein the subscription request is used for requesting the first electronic device to notify the third electronic device when the target remote certification result is revoked.

45. The apparatus of claim 44, wherein the subscription request is the first request message.

46. The apparatus of any of claims 39-45, wherein the first electronic device is a Verifier, the second electronic device is an attest, the third electronic device is an RP, and the first electronic device is further configured to participate in a remote attestation process of the second electronic device and generate the target remote attestation result.

47. The apparatus of any one of claims 39-45, wherein the first electronic device is further configured to obtain a revocation message from a fourth electronic device indicating that the target remote attestation result was revoked, the fourth electronic device being configured to participate in a remote attestation process of the second electronic device and to generate the target remote attestation result;

the first electronic device is a revocation server RS, the second electronic device is an attest, the third electronic device is RP, and the fourth electronic device is a Verifier.

48. A device for verifying a remote attestation result, the device deployed in a first electronic device, the device comprising:

the acquisition module is used for acquiring a target remote proving result, wherein the target remote proving result is used for indicating a second electronic device to execute a remote proving process;

a transceiver module, configured to send a subscription request to a third electronic device, where the subscription request is used to request the third electronic device to notify the first electronic device when the target remote attestation result is revoked, and the third electronic device is a device for recording the revoked remote attestation result;

The transceiver module is further configured to receive a notification message sent by the third electronic device, where the notification message is used to indicate that the target remote attestation result is revoked.

49. The apparatus of claim 48, wherein the device comprises,

the acquisition module is further used for acquiring a first identifier and first indication information related to the target remote attestation result, wherein the first indication information is used for indicating information of equipment for recording the revoked remote attestation result;

the transceiver module is further configured to send the subscription request to the third electronic device based on the first indication information, where the subscription request includes the first identifier.

50. The apparatus of claim 49, wherein the first identification and/or the first indication is located in the target remote attestation result.

51. A device for verifying a remote attestation result, the device deployed in a first electronic device, the device comprising:

a receiving and transmitting module, configured to receive a subscription request sent by a second electronic device, where the subscription request is used to request the first electronic device to notify the second electronic device when the target remote attestation result is revoked, where the target remote attestation result is used to instruct a third electronic device to execute a result of a remote attestation process, and the first electronic device is a device for recording the revoked remote attestation result;

The transceiver module is further configured to send a first notification message to the third electronic device when the target remote attestation result is revoked, the first notification message being configured to indicate that the target remote attestation result is revoked.

52. The apparatus of claim 51, wherein, prior to the transceiver module sending a first notification message to the third electronic device,

the transceiver module is further configured to receive a second notification message sent by a fourth electronic device, where the second notification message is used to indicate that the target remote attestation result is revoked, and the fourth electronic device is used to participate in a remote attestation process of the third electronic device and generate the target remote attestation result.

53. An electronic device comprising a processor and a memory, the memory for storing program code, the processor for invoking the program code in the memory to cause the electronic device to perform the method of any of claims 1-26.

54. A verification system of remote attestation results, comprising a first electronic device with the apparatus of any of claims 27-38 deployed and a second electronic device with the apparatus of any of claims 39-47 deployed.

55. A verification system of remote attestation results, comprising a first electronic device with an apparatus as claimed in any of claims 48-50 deployed and a second electronic device with an apparatus as claimed in any of claims 51-52 deployed.

56. A computer readable storage medium storing instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1-26.