CN117951752A

CN117951752A - Data protection method, apparatus, device, storage medium and computer program product

Info

Publication number: CN117951752A
Application number: CN202410135053.8A
Authority: CN
Inventors: 吴冕冠
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2024-01-31
Filing date: 2024-01-31
Publication date: 2024-04-30

Abstract

The application relates to a data protection method, a device, equipment, a storage medium and a computer program product, and relates to the technical field of information security. The method comprises the following steps: the application server responds to a data processing instruction triggered on the application server, sends a credibility verification request of the application server to the remote authentication server, receives a credibility result of the application server sent by the remote authentication server, starts an application program image of the application program when the credibility result is passed, and encrypts service data of the application program in the application program image after the application program image is started. Wherein the trustworthiness result is determined based on a pre-registered server hardware digest, and the application is installed on the application server. By adopting the method, the data security of the application program for transacting business can be ensured.

Description

Data protection method, apparatus, device, storage medium and computer program product

Technical Field

The present application relates to the field of information security technology, and in particular, to a data protection method, apparatus, device, storage medium, and computer program product.

Background

With the continuous development of technology, technologies and means for stealing data are endless, and based on the technologies and means, it is important to protect the security of the data.

Taking the business data in a bank as an example, a user usually uses an application server with a special application program installed in the bank to conduct business handling, and once the application program has a security problem, the business data of the user also has a risk of being stolen.

Therefore, how to ensure the data security of the application program handling the business is a technical problem to be solved.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a data protection method, apparatus, device, storage medium, and computer program product for ensuring data security of an application program handling a service.

In a first aspect, the present application provides a data protection method, applied to an application server, the method comprising:

responding to a data processing instruction triggered on an application server, and sending a credibility verification request of the application server to a remote authentication server;

Receiving a credibility result of an application server sent by a remote authentication server; the trustworthiness result is determined based on a pre-registered server hardware digest;

if the credibility result is passed, starting an application program mirror image of the application program, and encrypting service data of the application program in the application program mirror image after starting; the application program is installed on the application server.

In one embodiment, sending a trust verification request for an application server to a remote authentication server includes:

And sending a credibility verification request carrying the hardware digest of the application server to the remote authentication server to instruct the remote authentication server to perform credibility verification on the application server based on the hardware digest and the server hardware digest.

In one embodiment, the data processing instructions include a user identification and a mirror identification; an application image for launching an application, comprising:

Acquiring an application program image of the application program according to the image identification, and acquiring an image decryption key of the application program image according to the user identification;

And decrypting the application program image based on the image decryption key, and running the decrypted application program image.

In one embodiment, obtaining an application image of the application according to the image identifier includes:

Pulling an application program mirror image corresponding to the mirror image identification from a mirror image warehouse; the image repository includes application images of a plurality of applications.

In one embodiment, obtaining the image decryption key of the application image according to the user identifier includes:

The mirror image identification and the user identification are sent to the remote authentication server, so that the remote authentication server is instructed to carry out identity verification on a target user corresponding to the user identification;

Receiving a mirror image decryption key sent by a remote authentication server; the mirror decryption key is sent by the remote authentication server in the event that the target user is authenticated.

In one embodiment, the application server includes an encryption processor; the encryption processing of the service data of the application program in the application program mirror image comprises the following steps:

In the running process of the application program in the application program mirror image, an encryption instruction is sent to an encryption processor; the encryption instruction is used for instructing the encryption processor to carry out hardware encryption processing on the service data in the application program.

In a second aspect, the present application also provides a data protection method, applied to a remote authentication server, where the method includes:

Receiving a credibility verification request of an application server sent by the application server; the credibility verification request is sent by the application server when receiving a data processing instruction triggered on the application server;

determining a credibility result of the application server according to a pre-registered server hardware abstract;

Sending a credibility result of the application server to the application server, indicating the application server to start an application program image of the application program under the condition that the credibility result is passed, and encrypting service data of the application program in the application program image after the application program image is started; the application program is installed on the application server.

In one embodiment, receiving a trust verification request of an application server sent by the application server includes: receiving a credibility verification request of an application server for sending a hardware abstract carrying the application server;

Accordingly, determining the trust result of the application server according to the pre-registered server hardware digest includes:

And verifying the credibility of the application server according to the hardware abstract and the server hardware abstract to obtain a credibility result of the application server.

In one embodiment, according to the hardware digest and the server hardware digest, performing the trust verification on the application server to obtain a trust result of the application server, including:

judging whether the hardware abstract is consistent with the hardware abstract of the server or not;

if the trust results are consistent, determining that the trust results of the application server are passing;

if the application server is inconsistent, the credibility result of the application server is determined to be failed.

In one embodiment, the method further comprises:

Receiving a mirror image identifier and a user identifier sent by an application server;

And carrying out identity verification on the target user corresponding to the user identifier according to the mirror image identifier and the user identifier.

In one embodiment, according to the mirror image identifier and the user identifier, performing identity verification on the target user corresponding to the user identifier includes:

Acquiring a trusted user list of the application program image according to the image identification;

Under the condition that the user identification is in a trusted user list, determining that the target user authentication corresponding to the user identification passes;

in the event that the user identification is not in the trusted user list, it is determined that the target user identity verification is not passed.

In one embodiment, the method further comprises:

Transmitting a mirror image decryption key of the application program mirror image to the application server under the condition that the identity verification of the target user is passed; the mirror image decryption key is generated by the key management center according to the identification of the application program and is sent to the remote authentication server.

In a third aspect, the present application also provides a data protection apparatus, including:

the instruction response module is used for responding to the data processing instruction triggered on the application server and sending a credibility verification request of the application server to the remote authentication server;

The result receiving module is used for receiving the credibility result of the application server sent by the remote authentication server; the trustworthiness result is determined based on a pre-registered server hardware digest;

The data processing module is used for starting the application program mirror image of the application program if the credibility result is passed, and encrypting the service data of the application program in the application program mirror image after the starting; the application program is installed on the application server.

In a fourth aspect, the present application also provides a data protection apparatus, including:

the request receiving module is used for receiving a credibility verification request of the application server, which is sent by the application server; the credibility verification request is sent by the application server when receiving a data processing instruction triggered on the application server;

The result determining module is used for determining the credibility result of the application server according to the preregistered server hardware abstract;

the result sending module is used for sending a credibility result of the application server to the application server, indicating the application server to start an application program mirror image of the application program under the condition that the credibility result is passed, and encrypting service data of the application program in the application program mirror image after the application program mirror image is started; the application program is installed on the application server.

In a fifth aspect, the present application also provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the method of any one of the embodiments of the first or second aspects described above when the computer program is executed by the processor.

In a sixth aspect, the present application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of any one of the embodiments of the first or second aspects described above.

In a seventh aspect, the application also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of any of the embodiments of the first or second aspects described above.

The data protection method, the device, the equipment, the storage medium and the computer program product are characterized in that an application server responds to a data processing instruction triggered on the application server, a credibility verification request of the application server is sent to a remote authentication server, a credibility result of the application server sent by the remote authentication server is received, then an application program image of the application program is started under the condition that the credibility result is passed, and service data of the application program in the application program image after the starting is encrypted. Wherein the trustworthiness result is determined based on a pre-registered server hardware digest, and the application is installed on the application server. In the method, the application server verifies the credibility of the application server through the remote authentication server, and starts the application program mirror image under the condition that the verification is passed, which is equivalent to performing security verification on the running environment of the application program mirror image before the application program mirror image is started, so as to ensure the security of the running environment of the application program mirror image. And then, after the application program in the application program mirror image is started, the service data of the application program is encrypted, so that the security of the service data in the running application program is further improved. In the next step, even if an attacker steals the running state data, the attacker cannot directly acquire the plaintext content of the service data because the service data is obtained through encryption, and the purpose of protecting the service data is still realized. In conclusion, the method guarantees the data security of application programs handling the service through two dimensions of operation environment verification and service data encryption.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the drawings that are required to be used in the embodiments or the related technical descriptions will be briefly described, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to the drawings without inventive effort for those skilled in the art.

FIG. 1 is a diagram of an application environment for a data protection method in one embodiment;

FIG. 2 is a flow chart of a method of data protection in one embodiment;

FIG. 3 is a flow chart of a data protection method according to another embodiment;

FIG. 4 is a flow chart of a data protection method in another embodiment;

FIG. 5 is a flow chart of a data protection method according to another embodiment;

FIG. 6 is a flow chart of a data protection method in another embodiment;

FIG. 7 is a flow chart of a method of protecting data in another embodiment;

FIG. 8 is a flow chart of a data protection method in another embodiment;

FIG. 9 is a block diagram of the structure of a data protection device in one embodiment;

FIG. 10 is a block diagram of a data protection device in another embodiment;

FIG. 11 is an internal block diagram of a computer device in one embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

The data protection method provided by the embodiment of the application can be applied to an application environment shown in figure 1. Wherein the application server 102 communicates with the remote authentication server 104 via a network. The application server 102 may be an interactive terminal device, such as a computer device. In addition, a plurality of applications may be run on the application server 102 to provide business transaction services. The remote authentication server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.

Taking the business data in the bank as an example, in the related art, when a user handles the banking business, the user usually performs the banking business based on an application program dedicated to the bank. In this case, if an attacker steals the application program and the service data, information will be revealed, so that the application program and the service data are in a high-risk state.

Based on the above, in order to ensure the data security of the application program handling the service, the embodiment of the application provides a data protection method, an application server responds to a data processing instruction triggered on the application server, sends a credibility verification request of the application server to a remote authentication server, then receives a credibility result of the application server sent by the remote authentication server, starts an application program mirror image of the application program if the credibility result is passed, and encrypts service data of the application program in the application program mirror image after the start. Since the service data processing process of the application program is performed under the condition that the credibility verification of the application server is passed, the operation environment of the application program can be ensured to be safe, and in addition,

In an exemplary embodiment, as shown in fig. 2, a data protection method is provided, which is illustrated by using an application server in fig. 1 as an example, and includes:

s201, responding to a data processing instruction triggered on the application server, and sending a credibility verification request of the application server to a remote authentication server.

The application server is terminal equipment which supports interaction with a user under a specific application scene and provides service handling services for the user, such as service handling equipment of a banking website hall, service handling equipment of an automobile ticket hall, service handling equipment of a subway station and the like.

It should be noted that, the application servers in different application fields are specifically designed and configured by related personnel in the field based on actual application scenes, for example, the security requirement of the financial field on the user service data is higher, and then the application servers in the banking website are correspondingly required to have a processor with higher security level.

Before the application server is formally put into use, a developer usually performs preprocessing on the application server, for example, device identification, developer identification information, application program identification information and the like are stored on the application server, so that the application server can be automatically calibrated, automatically installed, automatically started and the like when deployed in an actual scene, the deployment speed of the application server is improved, and business handling services are provided for users.

In practical application, the application server is subjected to multiple links such as application server encapsulation, application server transmission, application server decapsulation and the like between the completion of the design and the formally input application, which means that the application server has a certain time interval between the completion of the design and the formally input application. In addition, the application server may switch the running state at fixed time intervals during the regular use, for example, the application server is in a working state on a working day and is in a closing state on a rest day.

Therefore, considering the suitability of the application server and the application scenario, in order to ensure the security of the running environment of the application server, the application server needs to be subjected to credibility verification every time the application server is run, so as to determine that the application server to be currently run is not attacked or replaced.

In the embodiment of the application, in response to a data processing instruction triggered on an application server, the application server carries state information capable of representing the current running environment of the application server in a credibility verification request, and sends the credibility verification request to a remote authentication server to instruct the remote authentication server to verify the credibility of the application server.

The data processing instruction of the application server may be automatically triggered by the application server at a preset time or manually triggered by an operation and maintenance personnel, which is not limited in the embodiment of the present application.

S202, receiving a credibility result of an application server sent by a remote authentication server; the trustworthiness result is determined based on a pre-registered server hardware digest.

The server hardware abstract is a basis for representing that an application server is a trusted application server, and specifically means that in a development stage of the application server, a developer logs in the application server under a trusted environment, and the application server registers standard hardware information in a remote authentication server in advance.

For the remote authentication server, after receiving the credibility verification request of the application server, the remote authentication server verifies the credibility of the application server according to the pre-level server hardware abstract, generates a credibility result, and sends the credibility result to the application server.

The remote authentication server queries whether a pre-registered server hardware abstract exists in the state information after receiving the reliability verification request carrying the state information, if so, a reliability result is generated to be passed, and if not, the reliability result is generated to be a failed result.

For the application server, the trust result received by the application server is the trust result determined by the remote authentication server. The trusted result may or may not pass.

S203, if the credibility result is passed, starting an application program mirror image of the application program, and encrypting service data of the application program in the application program mirror image after starting; the application program is installed on the application server.

The trusted result is pass, meaning that the application server has not been tampered with, that is, the application server's operating environment is trusted. Based on the method, the application program mirror image corresponding to the application program can be started, and service data in the application program mirror image in an running state can be encrypted.

If the trusted result is failed, the application server is not trusted in the running environment, and based on the result, the application server stops starting the application program image.

The application program image may be an image generated by encrypting the application program according to the user key, in other words, the essential content in the application program image is the same as the essential content of the application program, and the difference between the essential content and the essential content is that the application program image is a ciphertext version of the application program, and the application program is a plaintext version of the application program image.

In the embodiment of the application, the credibility of the application server is verified through the remote authentication server, and the application program mirror image is started under the condition that the verification is passed, which is equivalent to the safety verification of the running environment of the application program mirror image before the application program mirror image is started, so as to ensure the safety of the running environment of the application program mirror image. And then, after the application program in the application program mirror image is started, the service data of the application program is encrypted, so that the security of the service data in the running application program is further improved. In the next step, even if an attacker steals the running state data, the attacker cannot directly acquire the plaintext content of the service data because the service data is obtained through encryption, and the purpose of protecting the service data is still realized. In conclusion, the method guarantees the data security of application programs handling the service through two dimensions of operation environment verification and service data encryption.

In the foregoing embodiment, the basis that the application server triggers the remote authentication server to perform the trust has been described, that is, the application server sends the trust verification request to the remote authentication server. The following describes, by way of one embodiment, the specific content of the trust verification request sent by the application server, and how the remote authentication server performs the trust verification steps.

In one exemplary embodiment, sending a trust verification request for an application server to a remote authentication server comprises:

The hardware abstract of the application server refers to the hardware information such as CPU information, hard disk type and the like corresponding to the current moment of the application server. The server hardware abstract means that an application server logs in the application server in a trusted environment by a developer in a development stage, and the application server registers standard hardware information in a remote authentication server in advance. In an ideal case, i.e. in the case where the application server does not experience any environmental changes, the hardware digest and the server hardware digest should be completely identical.

The application server carries the hardware abstract information in a credibility verification request and sends the information to the remote authentication server so as to instruct the remote authentication server to compare the hardware abstract with the hardware abstract of the pre-registration server, and a credibility result of the application server is obtained.

In the embodiment of the application, the application server sends the hardware abstract to the remote authentication server to instruct the remote authentication server to verify the hardware abstract by taking the server hardware abstract as a standard basis, the higher the reliability result accuracy of the application server is according to reliability, and the server application abstract is prestored on the remote authentication server, so that the verification speed of the remote authentication server is further improved.

After the application server has passed the trust verification, the current running environment is indicated to be safe, and in this environment, the application program image can be started on the application server to provide services for the user. One implementation of an application server to launch an application image is described below by way of one embodiment.

In one exemplary embodiment, as shown in FIG. 3, the data processing instructions include a user identification and a mirror identification; an application image for launching an application, comprising:

s301, acquiring an application program image of the application program according to the image identification, and acquiring an image decryption key of the application program image according to the user identification.

In one exemplary embodiment, obtaining an application image of an application according to an image identification includes:

Taking an application server as a bank A as an example, application program images of application programs of a plurality of different organization banks such as a bank A, a bank B, a bank C and the like are stored in an image warehouse, wherein the bank A belongs to the organization A, the bank B belongs to the organization B, and the bank C belongs to the organization C.

According to the embodiment of the application, the application server directly acquires the corresponding application program image from the image warehouse according to the image identification, and the speed of acquiring, deploying and executing the application program image by the application server is improved to a certain extent according to simplicity and convenience in deployment.

In an exemplary embodiment, as shown in fig. 4, obtaining the image decryption key of the application image according to the user identifier includes:

s401, the mirror image identification and the user identification are sent to the remote authentication server, so that the remote authentication server is instructed to carry out identity verification on a target user corresponding to the user identification.

S402, receiving a mirror image decryption key sent by a remote authentication server; the mirror decryption key is sent by the remote authentication server in the event that the target user is authenticated.

Optionally, the remote authentication server determines a mirror image identifier list corresponding to the user identifier according to the user identifier, if the mirror image identifier sent by the application server is in the mirror image identifier list, the mirror image decryption key corresponding to the mirror image identifier is sent to the application server, and if the mirror image identifier sent by the application server is not in the mirror image identifier list, an instruction that the identity verification fails is sent to the application server, so as to instruct the application server to stop starting the mirror image of the application program.

Optionally, the remote authentication server determines a trusted user list corresponding to the mirror image identifier according to the mirror image identifier, if the user identifier sent by the application server is in the trusted user list, the remote authentication server sends a mirror image decryption key corresponding to the mirror image identifier to the application server, and if the user identifier sent by the application server is not in the trusted user list, an instruction that the identity verification fails is sent to the application server, so as to instruct the application server to stop starting the application program mirror image.

S302, decrypting the application program image based on the image decryption key, and running the decrypted application program image.

The application server decrypts the application program image based on the image decryption key to obtain a decrypted application program image, namely a plaintext version of the application program, and the application program in the decrypted application program image is operated on the application server.

In the embodiment of the application, the application program image of the application program is obtained according to the image identification, which means that the application program is in an encrypted state before being started, so that the safety of the application program under static state is ensured. In addition, before the application program container mirror image is started, the user needs to be authenticated, and under the condition that the user authentication passes, the application server can only take the mirror image decryption key of the application program container mirror image and run the application program in the application program container mirror image. This means that only the owner of the application container image can launch and run the application container, while other attackers cannot directly steal the running application and service data, thus effectively protecting the running application and service data.

When protecting application program data, not only the application program under static state is protected, but also service data in the application program under running state is required to be protected so as to avoid the leakage of the application program data in all directions and all periods. In one exemplary embodiment, the application server includes an encryption processor; the encryption processing of the service data of the application program in the application program mirror image comprises the following steps:

Taking the service handling equipment with the application server as the financial website as an example, as the protection requirement on service data in the financial field is higher, the service data and the application program running in the application program mirror image need to be protected under any condition, and the running environment and the security level of the processing environment of the application server of the financial website are required to be higher. The processor corresponding to the application server is an encryption processor, and the encryption processor is instructed to perform hardware encryption processing on the service data in the application program in the running process of the application program.

In the embodiment of the application, the service data in the running application program container is encrypted to ensure that the corresponding dynamic service data is still in an encrypted state when the application program is in a running state, so that the relevant contents of the application program are protected by encryption under the full life cycle of the static state and the running state.

The above is a description of the related embodiment of the application server for the execution subject side. The embodiment of the application also provides the corresponding embodiment of the process for the execution subject by using the remote authentication server. Because all implementation principles and detailed procedures of the embodiments using the remote authentication server as the execution subject and the technical effects that can be achieved are the same as those of the embodiments using the application server as the execution subject, the following embodiments are not repeated for brevity and clarity, and the implementation process and implementation effect of each embodiment can be referred to in the description of the foregoing embodiments.

Next, an embodiment of the data protection method will be described with respect to the remote authentication server in fig. 1 as an execution subject. In one exemplary embodiment, as shown in fig. 5, the method includes:

s501, receiving a credibility verification request of an application server sent by the application server; the trust verification request is sent by the application server upon receipt of a data processing instruction triggered on the application server.

The remote authentication server is in one-to-one communication connection with the application server so as to facilitate data interaction between the remote authentication server and the application server.

In the embodiment of the application, the remote authentication server is used for receiving the credibility verification request sent by the application server and carrying out credibility verification on the application server according to the credibility verification request.

The application server sends a credibility verification request in response to a data processing instruction, wherein the data processing instruction can be automatically triggered by the application server at a preset time or manually triggered by an operation and maintenance personnel.

S502, determining a credibility result of the application server according to a pre-registered server hardware abstract.

The remote authentication server uses the hardware abstract of the server as a reference basis to verify the running environment of the application server at the current moment, and a credibility result of the application server is obtained.

S503, sending a credibility result of the application server to the application server, indicating the application server to start an application program image of the application program under the condition that the credibility result is passed, and encrypting service data of the application program in the application program image after the application program image is started; the application program is installed on the application server.

After generating the trust result for the application server, the remote authentication server sends the trust result to the application server. The trust result includes passing and failing cases, and the indication of the application server is described below in the case that the remote authentication server passes and fails the trust verification, respectively.

And under the condition that the credibility result is passed, the application server is instructed to start the application program image of the application program, and the service data of the application program in the application program image after the application program image is started is encrypted.

And in the case that the credibility result is passing, indicating the application server to stop starting the application program mirror image of the application program.

In the embodiment of the application, the remote authentication server receives the credibility verification request of the application server sent by the application server, determines the credibility result of the application server according to the preregistered hardware abstract of the server, sends the credibility result of the application server to the application server, indicates the application server to start the application program mirror image of the application program under the condition that the credibility result is passed, and encrypts the service data of the application program in the application program mirror image after the application program mirror image is started. The application program is installed on the application server, wherein the credibility verification request is sent by the application server when receiving a data processing instruction triggered on the application server. In the method, the remote authentication server determines the credibility result of the application server according to the preregistered server hardware abstract, which is equivalent to carrying out security check on the running environment of the application server based on the server hardware abstract, so as to ensure the security of the running environment of the application program mirror image. Further, if the credibility result is passed, the application server is instructed to start the application program mirror image of the application program, and the service data of the application program in the application program mirror image after the application program mirror image is started is encrypted, so that the security of the service data in the application program in an operation state is further improved. Therefore, even if an attacker steals the running state data, the attacker cannot directly acquire the plaintext content of the service data because the service data is obtained through encryption processing, and the purpose of protecting the service data is still realized. In conclusion, the method guarantees the data security of application programs handling the service through two dimensions of operation environment verification and service data encryption.

The following describes the specific contents of the trust verification request sent by the application server, and the steps of how the remote authentication server performs the trust verification.

In one exemplary embodiment, receiving a trust verification request of an application server sent by the application server includes: receiving a credibility verification request of an application server for sending a hardware abstract carrying the application server;

Accordingly, determining the trust result of the application server according to the pre-registered server hardware digest includes: and verifying the credibility of the application server according to the hardware abstract and the server hardware abstract to obtain a credibility result of the application server.

For the application server, the application server carries the hardware digest information in the trust verification request and sends it to the remote authentication server.

For the remote authentication server, after receiving the hardware digest sent by the application server, the remote authentication server compares the hardware digest with the pre-registered server hardware digest, and obtains the credibility result of the application server according to the comparison result. The embodiment of the application does not limit the way how the remote authentication server obtains the credibility result of the application server.

Illustratively, the remote authentication server calculates a similarity of the hardware digest and the server hardware digest, and determines a trusted result of the application server according to the similarity. If the calculated similarity is greater than a similarity threshold, determining that the credibility result of the application server is passing; if the calculated similarity is smaller than or equal to the similarity threshold, determining that the credibility result of the application server is failed.

In the embodiment of the application, the remote authentication server uses the hardware abstract of the server as a standard basis, the hardware abstract sent by the application server is verified, the basis is reliable, and the server application abstract is prestored on the remote authentication server, so that the verification speed of the remote authentication server is further improved.

The foregoing embodiments are not limited to the manner in which the remote authentication server obtains the trust result of the application server, which means that the remote authentication server may be compared in a plurality of realizations, and another realization in which the remote authentication server determines the trust result based on the hardware digest and the server hardware digest is described below by way of one embodiment.

In an exemplary embodiment, performing the trust verification on the application server according to the hardware digest and the server hardware digest to obtain a trust result of the application server, including:

The remote authentication server takes the server hardware abstract as a standard basis, performs comparison verification with the hardware abstract, and determines that the credibility result of the application server is passed if the hardware abstract is consistent with the server hardware abstract and indicates that the running environment of the current application server is safe; if the hardware abstract is inconsistent with the hardware abstract of the server, and the running environment of the current application server is not safe, the credibility result of the application server is determined to be failed.

In the embodiment of the application, the remote service authenticator determines that the credibility result is passed under the condition that the hardware abstract and the hardware abstract of the server are consistent, and determines that the credibility result is failed under the condition that the hardware abstract and the hardware abstract of the server are inconsistent, which is equivalent to comprehensively and strictly comparing the hardware abstract and the hardware abstract of the server, and verifies the hardware running environment of the current application server from multiple dimensions so as to improve the accuracy of the credibility result.

It should be noted that the application server passing the trust verification means that the running environment of the application server is safe, that is, the application server can enter the working state, and the application server needs to further start the application program mirror image at this time to actually enter the working state. In addition, the application program mirror image is an encrypted mirror image, in order to ensure the safety of application program data in the application program mirror image, the remote authentication server can also pass identity verification, and in the case of verification passing, a mirror image decryption key is sent to the application server so as to instruct the application server to start an application program in the application program mirror image.

Next, an implementation manner of identity verification by the remote authentication server is described.

In an exemplary embodiment, as shown in fig. 6, the method further comprises:

s601, receiving the mirror image identification and the user identification sent by the application server.

The image identifier and the user identifier may be stored in the application server in advance, in which case the remote authentication server directly receives the image identifier and the user identifier sent by the application server, and verifies the user identity directly according to the image identifier and the user identifier.

The image identifier and the user identifier may also be stored in the authentication request, in which case the remote authentication server receives the authentication request carrying the image identifier and the user identifier sent by the application server, and verifies the user identity according to the image identifier and the user identifier.

Of course, the image identification and the user identification may also be stored in the data processing request, etc. In this regard, on the premise that the application server has the image identifier and the user identifier, the method for obtaining the image identifier and the user identifier by the application server according to the embodiment of the present application is not limited, for example, the method includes storing in advance, receiving the image identifier and the user identifier sent by the third party platform, and so on.

S602, according to the mirror image identification and the user identification, carrying out identity verification on the target user corresponding to the user identification.

The remote authentication server stores the corresponding relation between the mirror image identification and the user list in advance, wherein the corresponding relation is that one mirror image identification corresponds to the trusted user list or one user identification corresponds to the mirror image identification list.

In the embodiment of the application, the remote authentication server performs identity verification on the target user corresponding to the user identifier according to the mirror image identifier and the user identifier, and the method is reliable and easy to deploy.

As can be seen from the foregoing embodiments, the application image is an image encrypted by the application, in other words, even if the application server pulls up the application image, the application in the application image still cannot be directly run, so the application server needs to obtain the image decryption key and decrypt the application image.

Based on this, the application server can instruct the remote authentication server to send the mirror decryption key to the application server by interacting with the remote authentication server in the case that the target user authentication passes. In an exemplary embodiment, the method further comprises:

The key management center is a trusted management platform taking the organization type as a unit and is responsible for generating a mirror image encryption key and a mirror image decryption key of an application program of the organization.

Taking a banking institution as an example, if banks a, B and C belong to banks of different institutions, the key management center 1 corresponding to bank a, the key management center 2 corresponding to bank B and the key management center 3 corresponding to bank C are different from each other.

In practice, the key management center receives an identification of an application and creates a set of application keys, that is, a mirror encryption key and a mirror decryption key, for the application. The mirror image encryption key is used for manufacturing an application program mirror image, and the mirror image decryption key is used for decrypting the application program mirror image.

In the embodiment of the application, the key management center is in communication connection with the remote authentication server, so that the key management center can conveniently send the generated image encryption key and the image decryption key of the application program to the remote authentication server.

And the remote authentication server determines an image decryption key of the image of the application program according to the image identification under the condition that the identity verification of the target user is passed, and sends the image decryption key to the application server so as to instruct the application server to decrypt the image of the application program according to the image decryption key.

In the embodiment of the application, the remote authentication server sends the mirror image decryption key to the application server under the condition that the user identity verification is passed, and the application server can run the application program in the application program container mirror image after decrypting the application program container mirror image according to the mirror image decryption key. In this way, the user can easily access the application container image, and the user can easily access the application container image.

Another implementation of authentication of a target user by a remote authentication server is described below by way of one embodiment.

In an exemplary embodiment, as shown in fig. 7, according to the mirror image identifier and the user identifier, performing identity verification on the target user corresponding to the user identifier includes:

And S701, acquiring a trusted user list of the application program mirror image according to the mirror image identification.

The remote authentication server stores the correspondence between the application images and the user identifications in advance to characterize the owners of each application image. For example, application image a corresponds to a trusted user list comprising user 1, user 2, and user 3, meaning that user 1, user 2, and user 3 are all owners of application image a, i.e., user 1, user 2, and user 3 have the right to launch application image a.

S702, determining that the identity verification of the target user corresponding to the user identifier passes under the condition that the user identifier is in a trusted user list.

If the user identification sent by the application server is in the trusted user list, determining that the target user authentication corresponding to the user identification passes, and sending a mirror image decryption key corresponding to the mirror image identification to the application server.

S703 determining that the target user authentication is not passed in case the user identification is not in the trusted user list.

If the user identification sent by the application server is not in the trusted user list, determining that the identity verification of the target user is not passed, and sending an instruction that the identity verification is not passed to the application server to instruct the application server to stop starting the application program image.

In the embodiment of the application, the remote authentication server inquires whether the user identifier exists in the trusted user list, if so, the authentication of the target user is determined to pass, otherwise, the authentication of the target user is determined to not pass, and the result determination mode is clear in logic, reliable in comparison basis and easy to realize.

In an exemplary embodiment, as shown in fig. 8, the data protection method applied to an application server includes:

s801, in response to a start instruction of an application server, the application server is verified.

S802, judging whether the verification of the application server is passed.

If the application server trustworthiness verification is passed, S803 is performed. If the application server credibility verification is not passed, S809 is performed.

S803, pulling the application program image from the image warehouse according to the image identification.

S804, the application server accesses the remote authentication server to acquire the mirror image decryption key.

S805, judging whether the user identity verification is passed.

If the authentication is passed, S806 is performed. If the authentication is not passed, S809 is performed.

S806, starting the application program mirror image.

S807, the memory data in the application program mirror image is encrypted by hardware.

S808, the mirror image running of the application program is finished.

S809, application program mirror image startup fails.

In the embodiment of the application, the data and the application programs running in the container are ensured to be protected under any condition by encrypting the running service container. In addition, by making an encrypted mirror image, the related programs and data of the service application are ensured to be operated only in a trusted operation environment which is checked by a user in advance by means of identity authentication and the like, and meanwhile, the application is not started to operate in time, and the mirror image is encrypted, so that the related data of the service is protected in a whole life cycle.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a data protection device for realizing the above related data protection method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in one or more embodiments of the data protection device provided below may refer to the limitation of the data protection method hereinabove, and will not be repeated herein.

In an exemplary embodiment, as shown in fig. 9, there is provided a data protection apparatus, including: an instruction response module 901, a result receiving module 902, and a data processing module 903, wherein:

The instruction response module 901 is configured to send a trust verification request of the application server to a remote authentication server in response to a data processing instruction triggered on the application server;

A result receiving module 902, configured to receive a trusted result of the application server sent by the remote authentication server; the trustworthiness result is determined based on a pre-registered server hardware digest;

The data processing module 903 is configured to start an application image of the application program when the trusted result is passed, and encrypt service data of the application program in the application image after the start; the application program is installed on the application server.

In an exemplary embodiment, the instruction response module 901 is further configured to send a trust verification request carrying a hardware digest of the application server to the remote authentication server, so as to instruct the remote authentication server to perform trust verification on the application server based on the hardware digest and the server hardware digest.

In one exemplary embodiment, the data processing module 903 includes: an image starting unit and an image decrypting unit, wherein:

The image starting unit is used for acquiring an application program image of the application program according to the image identification and acquiring an image decryption key of the application program image according to the user identification;

And the image decryption unit is used for decrypting the application program image based on the image decryption key and running the decrypted application program image.

In an exemplary embodiment, the image starting unit is further configured to pull the application image corresponding to the image identifier from the image repository; the image repository includes application images of a plurality of applications.

In an exemplary embodiment, the image initiation unit further comprises an identification sending subunit and a key receiving subunit, wherein:

The identification sending subunit is used for sending the mirror image identification and the user identification to the remote authentication server so as to instruct the remote authentication server to carry out identity verification on the target user corresponding to the user identification;

the key receiving subunit is used for receiving the mirror image decryption key sent by the remote authentication server; the mirror decryption key is sent by the remote authentication server in the event that the target user is authenticated.

In an exemplary embodiment, the data processing module 903 is further configured to send an encryption instruction to the encryption processor during an application running in the application image; the encryption instruction is used for instructing the encryption processor to carry out hardware encryption processing on the service data in the application program.

The modules in the data protection apparatus may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In an exemplary embodiment, as shown in fig. 10, there is provided a data protection apparatus, including: a request receiving module 1001, a result determining module 1002, and a result transmitting module 1003, wherein:

a request receiving module 1001, configured to receive a trust verification request of an application server sent by the application server; the credibility verification request is sent by the application server when receiving a data processing instruction triggered on the application server;

A result determining module 1002, configured to determine a trusted result of the application server according to a pre-registered server hardware digest;

The result sending module 1003 is configured to send a trusted result of the application server to the application server, instruct the application server to start an application image of the application program if the trusted result is passed, and encrypt service data of the application program in the application image after the application image is started; the application program is installed on the application server.

In an exemplary embodiment, the request receiving module 1001 is configured to receive a trust verification request sent by an application server, where the trust verification request carries a hardware digest of the application server;

Accordingly, the result determining module 1002 is configured to perform the trust verification on the application server according to the hardware digest and the server hardware digest, to obtain a trust result of the application server.

In an exemplary embodiment, the result determining module 1002 is further configured to determine whether the hardware digest and the server hardware digest are consistent; if the trust results are consistent, determining that the trust results of the application server are passing; if the application server is inconsistent, the credibility result of the application server is determined to be failed.

In an exemplary embodiment, the data protection apparatus further includes: the device comprises an identification receiving module and an identity verification module, wherein:

The identification receiving module is used for receiving the mirror image identification and the user identification sent by the application server;

and the identity verification module is used for carrying out identity verification on the target user corresponding to the user identifier according to the mirror image identifier and the user identifier.

In an exemplary embodiment, the identity verification module comprises a list acquisition unit, a first determination unit and a second determination unit, wherein:

the list acquisition unit is used for acquiring a trusted user list of the application program mirror image according to the mirror image identification;

the first determining unit is used for determining that the target user identity corresponding to the user identifier passes the authentication under the condition that the user identifier is in a trusted user list;

And the second determining unit is used for determining that the identity verification of the target user fails in the case that the user identification is not in the trusted user list.

In an exemplary embodiment, the data protection device further includes a key sending module, configured to send a mirror decryption key of the application program mirror to the application server if the target user authentication passes; the mirror image decryption key is generated by the key management center according to the identification of the application program and is sent to the remote authentication server.

In an exemplary embodiment, there is also provided an application server for executing the steps in each of the method embodiments in the data protection method with the application server as an execution body.

In an exemplary embodiment, there is also provided a remote authentication server for performing the steps in the method embodiments in the data protection method with the application server as the execution subject.

In an exemplary embodiment, a computer device, which may be a terminal, is provided, and an internal structure thereof may be as shown in fig. 11. The computer device includes a processor, a memory, an input/output interface, a communication interface, a display unit, and an input means. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface, the display unit and the input device are connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The input/output interface of the computer device is used to exchange information between the processor and the external device. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a data protection method. The display unit of the computer device is used for forming a visual picture, and can be a display screen, a projection device or a virtual reality imaging device. The display screen can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be a key, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in FIG. 11 is merely a block diagram of some of the structures associated with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements may be applied, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.

In an exemplary embodiment, a computer device is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor performing the steps of the method embodiments described above when the computer program is executed.

In an exemplary embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method embodiments described above.

In an exemplary embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are both information and data authorized by the user or sufficiently authorized by each party, and the collection, use and processing of the related data are required to meet the related regulations.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magneto-resistive random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (PHASE CHANGE Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in various forms such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), etc. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. A method of data protection, applied to an application server, the method comprising:

responding to a data processing instruction triggered on the application server, and sending a credibility verification request of the application server to a remote authentication server;

Receiving a credibility result of the application server sent by the remote authentication server; the trustworthiness result is determined based on a pre-registered server hardware digest;

2. The method of claim 1, wherein the sending the trust verification request of the application server to a remote authentication server comprises:

And sending a credibility verification request carrying the hardware digest of the application server to the remote authentication server so as to instruct the remote authentication server to perform credibility verification on the application server based on the hardware digest and the server hardware digest.

3. The method of claim 1 or 2, wherein the data processing instructions include a user identification and a mirror identification; the application program mirror image of the starting application program comprises:

4. A method according to claim 3, wherein said obtaining an application image of said application according to said image identification comprises:

Pulling an application program image corresponding to the image identification from an image warehouse; the image warehouse comprises application program images of a plurality of application programs.

5. A method according to claim 3, wherein said obtaining a mirror decryption key for said application mirror based on said user identification comprises:

Receiving a mirror image decryption key sent by the remote authentication server; the mirror decryption key is sent by the remote authentication server if the target user authentication passes.

6. The method according to claim 1 or 2, wherein the application server comprises an encryption processor; the encrypting the service data of the application program in the application program mirror image comprises the following steps:

sending an encryption instruction to the encryption processor in the running process of an application program in the application program mirror image; the encryption instruction is used for instructing the encryption processor to carry out hardware encryption processing on the service data in the application program.

7. A data protection method, applied to a remote authentication server, the method comprising:

Receiving a credibility verification request of an application server, wherein the credibility verification request is sent by the application server; the credibility verification request is sent by the application server after receiving a data processing instruction triggered on the application server;

sending a credibility result of the application server to the application server, indicating the application server to start an application program image of an application program under the condition that the credibility result is passed, and encrypting service data of the application program in the application program image after the application program image is started; the application program is installed on the application server.

8. The method of claim 7, wherein the receiving the application server trust verification request sent by the application server comprises: receiving a credibility verification request which is sent by the application server and carries a hardware abstract of the application server;

Accordingly, the determining the credibility result of the application server according to the preregistered server hardware abstract comprises the following steps:

and carrying out credibility verification on the application server according to the hardware abstract and the server hardware abstract to obtain a credibility result of the application server.

9. The method according to claim 8, wherein the performing the trust verification on the application server according to the hardware digest and the server hardware digest to obtain the trust result of the application server includes:

if the trust results are consistent, determining that the trust results of the application servers are passed;

if the application server is inconsistent, determining that the credibility result of the application server is failed.

10. The method according to any one of claims 7-9, further comprising:

receiving a mirror image identifier and a user identifier sent by the application server;

and according to the mirror image identification and the user identification, carrying out identity verification on a target user corresponding to the user identification.

11. The method according to claim 10, wherein the authenticating the target user corresponding to the user identifier according to the mirror identifier and the user identifier includes:

acquiring a trusted user list of the application program mirror image according to the mirror image identification;

Under the condition that the user identification is in the trusted user list, determining that the target user authentication corresponding to the user identification passes;

And in the case that the user identification is not in the trusted user list, determining that the target user identity verification is not passed.

12. The method of claim 11, wherein the method further comprises:

Transmitting a mirror image decryption key of the application program mirror image to the application server under the condition that the target user identity verification is passed; the mirror image decryption key is generated by the key management center according to the identification of the application program and is sent to the remote authentication server.

13.A data protection device, the device comprising:

the instruction response module is used for responding to a data processing instruction triggered on the application server and sending a credibility verification request of the application server to a remote authentication server;

14. A data protection device, the device comprising:

The request receiving module is used for receiving a credibility verification request of the application server, which is sent by the application server; the credibility verification request is sent by the application server after receiving a data processing instruction triggered on the application server;

The result determining module is used for determining the credibility result of the application server according to a pre-registered server hardware abstract;

The result sending module is used for sending a credibility result of the application server to the application server, indicating the application server to start an application program mirror image of the application program when the credibility result is passed, and encrypting service data of the application program in the application program mirror image after the application program mirror image is started; the application program is installed on the application server.

15. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 12 when the computer program is executed.

16. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 12.

17. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 12.