WO2019109852A1 - Procédé et système de transmission de données - Google Patents

Procédé et système de transmission de données Download PDF

Info

Publication number
WO2019109852A1
WO2019109852A1 PCT/CN2018/118133 CN2018118133W WO2019109852A1 WO 2019109852 A1 WO2019109852 A1 WO 2019109852A1 CN 2018118133 W CN2018118133 W CN 2018118133W WO 2019109852 A1 WO2019109852 A1 WO 2019109852A1
Authority
WO
WIPO (PCT)
Prior art keywords
tam
application
security application
server
identity authentication
Prior art date
Application number
PCT/CN2018/118133
Other languages
English (en)
Chinese (zh)
Inventor
王雪松
Original Assignee
阿里巴巴集团控股有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2019109852A1 publication Critical patent/WO2019109852A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a data transmission method and system.
  • the terminal device includes a Trusted Execution Environment (TEE) and a Rich Execution Environment (REE), and the rich execution environment is also called an untrusted execution environment.
  • TEE Trusted Execution Environment
  • REE Rich Execution Environment
  • the client that is, the service client
  • the secure end service security application
  • Business clients are used to perform user operations
  • business security applications are used to protect sensitive resources such as payments, fingerprints, and digital rights.
  • the application server (hereinafter referred to as the application server) needs to send sensitive resources to the service security application in the trusted execution environment TEE of the terminal device; for example, the application server needs to update the digital certificate in the service security application, and the application server Deliver the payment QR code to the business security application.
  • the process of the application server sending the sensitive resource to the service security application may be: the application server may establish a secure channel with the service client of the non-trusted execution environment in the terminal device, and then send the encrypted sensitive resource to the service client through the secure channel. .
  • the service client decrypts the encrypted sensitive resource to obtain the sensitive resource, and transmits the sensitive resource to the service security application in the trusted execution environment.
  • the service client in the terminal device is in an open non-trusted execution environment. After the service client obtains the decrypted sensitive resource, the sensitive resource is exposed to the non-trusted execution environment, so there are sensitive resources. The risk of disclosure.
  • the present application provides a data transmission method and system, which can directly provide an end-to-end secure channel, that is, establish a secure channel between an application server and a service security application, thereby preventing leakage of sensitive resources.
  • a data transmission system comprising:
  • An application server configured to send an application identifier of the security application and data to be sent to the security application to the TAM server;
  • the TAM server is configured to perform bidirectional authentication with the TAM security application of the trusted execution environment, and negotiate a session key after the mutual authentication succeeds; receive the application identifier and the data sent by the application server, and use the session key Performing an encryption operation on the data, and transmitting the encrypted data and the application identifier to the terminal device;
  • a terminal device configured to control a TAM security application in the trusted execution environment to perform mutual authentication with the TAM server, and negotiate a session key after the two-way authentication succeeds;
  • the TAM client of the non-trusted execution environment receives the TAM server Transmitting the encrypted data and the application identifier, and transmitting the encrypted data and the application identifier to the TAM security application;
  • the TAM security application decrypting the encryption by using the session key
  • the data obtains data, and the data is sent to the security application corresponding to the application identifier.
  • the TAM security application in the trusted execution environment performs mutual authentication with the TAM server, specifically:
  • the TAM server sends an identity authentication request to the TAM security application via the TAM client, the TAM security application generates an identity authentication credential, and the TAM security application sends an identity authentication credential to the TAM via the TAM client a server, the TAM server performs identity authentication on the TAM security application based on the identity authentication request and the identity authentication credential;
  • the TAM security application sends an identity authentication request to the TAM server via the TAM client, the TAM server generates an identity authentication credential, and the TAM server sends the identity authentication credential to the TAM security application via the TAM client.
  • the TAM security application performs identity authentication on the TAM server based on the identity authentication request and the identity authentication credential;
  • the session key is determined based on the identity authentication request and the identity authentication credential.
  • the process for the terminal device to send the data to the security application corresponding to the application identifier includes:
  • the TAM security application invokes an internal application interface of the trusted execution environment
  • a data transmission method includes:
  • the TAM security application in the trusted execution environment of the terminal device performs mutual authentication, and the negotiation of the session key after the two-way authentication is passed includes:
  • the session key is determined based on the identity authentication request and the identity authentication credential.
  • the sending the encrypted data and the application identifier of the security application to the TAM security application of the terminal device including:
  • a data transmission method includes:
  • the TAM security application in the trusted execution environment performs mutual authentication with the TAM server, and negotiates the session key after the two-way authentication is passed;
  • the TAM client of the non-trusted execution environment receives the encrypted data and the application identifier sent by the TAM server, and transmits the encrypted data and the application identifier to the TAM security application;
  • the TAM security application decrypts the encrypted data using the session key to obtain data, and sends the data to a security application corresponding to the application identifier.
  • the TAM security application in the trusted execution environment performs mutual authentication with the TAM server, and negotiates the session key after the two-way authentication is passed, including:
  • the TAM security application receives the identity authentication request sent by the TAM server by the TAM client, generates an identity authentication credential, and sends the identity authentication credential to the TAM server via the TAM client for the TAM server. Authenticating the TAM security application;
  • the TAM security application sends an identity authentication request to the TAM server via the TAM client, and obtains an identity authentication credential sent by the TAM server, and performs identity authentication on the TAM server;
  • the session key is determined based on the identity authentication request and the identity authentication credential.
  • the transmitting the encrypted data and the application identifier to the TAM security application including:
  • the TAM client invokes an application program interface of the trusted execution environment
  • the transmitting the encrypted data and the application identifier to the TAM security application including:
  • the TAM security application invokes an internal application interface of the trusted execution environment
  • a data transmission system comprising:
  • An application server configured to perform mutual authentication with the service security application in the trusted execution environment, and negotiate a session key after the mutual authentication succeeds; use the session key to encrypt the data, and send the encrypted data to the terminal device. ;
  • a terminal device configured to control a service security application in the trusted execution environment to perform mutual authentication with the application server, and negotiate a session key after the two-way authentication succeeds;
  • the service client of the non-trusted execution environment receives the application server Transmitting the encrypted data and transmitting the encrypted data to the service security application;
  • the service security application decrypting the encrypted data using the session key to obtain data.
  • a data transmission method includes:
  • a data transmission method includes:
  • the service security application in the trusted execution environment performs mutual authentication with the application server, and negotiates the session key after the two-way authentication is passed;
  • the service client of the non-trusted execution environment receives the encrypted data sent by the application server, and transmits the encrypted data to the service security application;
  • the security application decrypts the encrypted data using the session key to obtain data.
  • This application directly authenticates the session key between the TAM server and the TAM security application in the trusted execution environment, which is equivalent to establishing a secure channel between the TAM server and the TAM security application.
  • the TAM server sends the encrypted data to the TAM security application on the secure channel, and then the TAM security application transmits the data to the service security application.
  • the process of sending the encrypted data to the TAM security application by the TAM server is equivalent to transmitting data in a secure channel. In this way, when the data is sensitive, it can prevent sensitive resources from being exposed in the non-trusted environment, thus protecting sensitive resources.
  • FIG. 1 is a schematic structural diagram of a data transmission system according to an embodiment of the present application.
  • FIG. 2 is a flowchart of a data transmission method according to an embodiment of the present application.
  • FIG. 3 is a flowchart of still another data transmission method according to an embodiment of the present application.
  • 4a is a schematic structural diagram of a data transmission system according to an embodiment of the present application.
  • 4b is a flowchart of a data transmission method according to an embodiment of the present application.
  • FIG. 5 is a flowchart of still another data transmission method disclosed in the embodiment of the present application.
  • Sensitive resources resources that require security, such as keys, digital certificates, and important data.
  • TEE English full name Trusted Execution Environment, Chinese full name trusted execution environment, TEE has a separate operating system for storing, processing and protecting sensitive resources.
  • REE English full name Rich Execution Environment, Chinese full name rich execution environment, because of its openness, it is also called untrusted execution environment.
  • the non-trusted execution environment has strong processing power and weak security.
  • TAM English full name Trusted Application Manager, Chinese full name trusted application management system.
  • the trusted application management system is used to manage security applications inside the TEE.
  • TA English full name Trusted Application, Chinese full name security application, the application running inside TEE is called security application.
  • an application server 100 and a terminal device 200 are included.
  • the untrusted execution environment of the terminal device includes a service client, and the trusted execution environment of the terminal device includes a service security application.
  • a first embodiment of a data transmission method is provided. Referring to Figure 2, the following steps are included:
  • Step S201 The application server 100 performs mutual authentication with the service security application of the trusted execution environment, and negotiates the session key after the authentication succeeds.
  • the application server sends an identity authentication request to the service security application by the service client, and the service security application generates the identity authentication credential, and the service security application sends the identity authentication credential to the server through the service client.
  • the application server authenticates the business security application based on the identity authentication request and the identity authentication credential. After the application server successfully authenticates the service security application, the session key is determined based on the identity authentication request and the identity authentication credential.
  • the service security application sends an identity authentication request to the application server via the service client, and the application server generates an identity authentication credential, and the application server sends the identity authentication credential to the service security application via the service client.
  • the business security application authenticates the application server based on the identity authentication request and the identity authentication credentials. After the service security application successfully authenticates the application server, the session key is determined based on the identity authentication request and the identity authentication credential.
  • the "Alipay” application is taken as an example to illustrate this step: the "Alipay” application server performs mutual authentication with the "Alipay” client and the "Alipay” security application, and negotiates the session key after successful authentication.
  • the application directly performs mutual authentication between the application server and the service security application in the trusted execution environment and negotiates the session key, which is equivalent to establishing a secure channel between the application server and the service security application. Subsequently, the secure channel can be used to exchange sensitive resources between the application server 100 and the service security application.
  • Step S202 The application server 100 encrypts the sensitive resource by using the session key, and sends the encrypted sensitive resource to the service client, and the service client transmits the encrypted sensitive resource to the service security application.
  • the application server 100 encrypts the sensitive resource by using the session key to obtain the encrypted sensitive resource. Then, the application server 100 sends the encrypted sensitive resource to the service client because the external device cannot directly interact with the service security application.
  • the service client invokes the application interface TEE Client API of the trusted execution environment to transmit the encrypted sensitive resources to the service security application.
  • the example of the Alipay application is continued as an example: the Alipay application server 100 encrypts the sensitive resource by using the session key, and sends the encrypted sensitive resource to the Alipay client, Alipay.
  • the client transmits the encrypted sensitive resources to the "Alipay" security application.
  • the encrypted data is transmitted during the transmission process of the application server and the service security application, it is equivalent to transmitting sensitive resources in the secure channel. Therefore, the present application does not have the problem that sensitive resources are exposed to a non-trusted environment, so that sensitive resources can be protected.
  • Step S203 The service security application decrypts the encrypted sensitive resource by using the session key.
  • the service security application can use the session key negotiated in step S101 to decrypt the encrypted sensitive resource, thereby obtaining and using the sensitive resource.
  • "Alipay” security application uses the session key to decrypt the encrypted sensitive resources to obtain and use sensitive resources.
  • the application directly performs mutual authentication between the application server and the service security application in the trusted execution environment and negotiates the session key, which is equivalent to establishing a secure channel between the application server and the service security application.
  • the process of the application server sending the encrypted sensitive resource to the service security application is equivalent to transmitting the sensitive resource in the secure channel. This protects sensitive resources by exposing sensitive resources to non-trusted environments.
  • the terminal device contains many applications.
  • the application server corresponding to the application and the security application corresponding to the application can adopt the scheme shown in FIG. 2, so as to implement the purpose of the application server sending the sensitive resource to the security application.
  • the application server and the service security application of each application need to perform the process of mutual authentication and negotiation of the session key.
  • the terminal device it takes a lot of resources to process the two-way authentication and negotiate the session key.
  • a second embodiment of the data transmission system is provided. Referring to FIG. 4a, a plurality of application servers 100, a TAM server 300, and a terminal device 200 are included.
  • the TAM server 300 is added between the application server 100 and the terminal device 200, and the TAM client working with the TAM server is installed in the non-trusted execution environment of the terminal device, and the TAM client is installed in the trusted execution environment.
  • TAM security applications that work together.
  • the application server, the service client, and the service security application corresponding to each application do not need to perform the two-way authentication and the cumbersome process of negotiating the key, and each application server only needs to send the sensitive resource and the application identifier to the TAM server.
  • the TAM server, the TAM client, and the TAM security application work together, and the process of mutual authentication and negotiation of the symmetric key by the TAM server and the TAM security application replaces the two-way authentication and negotiation between each application server and each service security application in the first embodiment.
  • the process of symmetric keys are used to generate symmetric keys.
  • multiple application servers can manage sensitive resources through the second embodiment of the data transmission system, and the data transmission system embodiment 1 need not be separately maintained for each application server, thereby reducing the workload of application development and maintenance.
  • a second embodiment of a data transmission method is provided. Since the execution process of each application server is consistent, the execution process of the second embodiment of the data transmission system is described by taking an application server as an example.
  • Step S401 The application server 100 sends the application identifier and the sensitive resource of the service security application to the TAM server 300.
  • the application server 100 corresponding to the Alipay application sends the application identifier of the Alipay and the sensitive resource that needs to be sent to the security application of the Alipay to the TAM server 300 .
  • Step S402 The TAM server 300 performs mutual authentication with the TAM security application of the trusted execution environment, and negotiates the session key after the mutual authentication succeeds.
  • the TAM server sends an identity authentication request to the TAM security application via the TAM client, and the TAM security application generates an identity authentication credential, and the TAM security application sends the identity authentication credential to the TAM server via the TAM client.
  • the TAM server authenticates the TAM security application based on the identity authentication request and the identity authentication credential.
  • the session key is determined based on the identity authentication request and the identity authentication credential.
  • the TAM security application sends an identity authentication request to the TAM server via the TAM client, and the TAM server generates an identity authentication credential, and the TAM server sends the identity authentication credential to the TAM security application via the TAM client.
  • the TAM security application authenticates the TAM server based on the identity authentication request and the identity authentication credential; after the TAM security application successfully authenticates the TAM server, the session key is determined based on the identity authentication request and the identity authentication credential.
  • Step S403 The TAM server 300 receives the application identifier and the sensitive resource sent by the application server, encrypts the sensitive resource by using the session key, and sends the encrypted sensitive resource and the application identifier to the terminal device.
  • TAM client for the Central African Trusted Execution Environment.
  • Step S404 The TAM client of the non-trusted execution environment receives the encrypted sensitive resource and the application identifier sent by the TAM server, and transmits the encrypted sensitive resource and the application identifier to the TAM. Security application.
  • the TAM client invokes the application interface TEE Client API of the trusted execution environment to transmit the encrypted sensitive resources to the TAM security application.
  • the present application does not have the problem that sensitive resources are exposed to a non-trusted environment, so that sensitive resources can be protected.
  • Step S405 The TAM security application uses the session key to decrypt the encrypted sensitive resource to obtain a sensitive resource, and sends the sensitive resource to the security application corresponding to the application identifier.
  • the TAM security application decrypts the encrypted sensitive resource and obtains the sensitive resource
  • the sensitive resource is finally transmitted to the security application corresponding to the application identifier by calling the internal application interface (TEE Internal API) of the trusted execution environment.
  • TAE Internal API the internal application interface
  • the example of the Alipay application is used as an example.
  • the TAM security application sends the encrypted sensitive resource to the Alipay security application corresponding to the Alipay application identifier through the TEE Internal API.
  • This application directly authenticates the session key between the TAM server and the TAM security application in the trusted execution environment, which is equivalent to establishing a secure channel between the TAM server and the TAM security application.
  • the TAM server sends the encrypted sensitive data to the TAM security application on the secure channel, and then transmits it to the service security application by the TAM security application.
  • the process of sending the encrypted sensitive resource to the TAM security application by the TAM server is equivalent to transmitting sensitive resources in the secure channel. This protects sensitive resources by exposing sensitive resources to non-trusted environments.
  • multiple application servers can manage sensitive resources through the second embodiment of the data transmission system, and the data transmission system embodiment 1 need not be separately maintained for each application server, thereby reducing the workload of application development and maintenance. .
  • the functions described in the method of the present embodiment can be stored in a computing device readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, a portion of the embodiments of the present application that contributes to the prior art or a portion of the technical solution may be embodied in the form of a software product stored in a storage medium, including a plurality of instructions for causing a
  • the computing device (which may be a personal computer, server, mobile computing device, or network device, etc.) performs all or part of the steps of the methods described in various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)
  • Communication Control (AREA)

Abstract

La présente invention concerne un procédé et un système de transmission de données. Le procédé consiste : à effectuer une authentification bidirectionnelle avec une application sécurisée de TAM d'un environnement d'exécution de confiance dans un dispositif terminal et à négocier une clé de session après que l'authentification bidirectionnelle a réussi ; à utiliser la clé de session pour effectuer une opération de cryptage sur des données à envoyer à l'application sécurisée ; et à envoyer les données cryptées et un identifiant d'application de l'application sécurisée à une application sécurisée de TAM d'un dispositif terminal. Le processus d'un serveur TAM envoyant des données cryptées à une application sécurisée de TAM est équivalent à la transmission de données dans un canal sécurisé. L'exposition de données peut être empêchée dans un environnement non sécurisé, ce qui permet de protéger les données.
PCT/CN2018/118133 2017-12-08 2018-11-29 Procédé et système de transmission de données WO2019109852A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711292803.9 2017-12-08
CN201711292803.9A CN109905350B (zh) 2017-12-08 2017-12-08 一种数据传输方法及系统

Publications (1)

Publication Number Publication Date
WO2019109852A1 true WO2019109852A1 (fr) 2019-06-13

Family

ID=66751323

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/118133 WO2019109852A1 (fr) 2017-12-08 2018-11-29 Procédé et système de transmission de données

Country Status (3)

Country Link
CN (1) CN109905350B (fr)
TW (1) TWI791050B (fr)
WO (1) WO2019109852A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112329071A (zh) * 2020-12-16 2021-02-05 支付宝(杭州)信息技术有限公司 一种隐私数据处理方法、系统、装置及设备
CN113704826A (zh) * 2021-09-13 2021-11-26 支付宝(杭州)信息技术有限公司 一种基于隐私保护的业务风险检测方法、装置及设备
CN113905355A (zh) * 2020-07-06 2022-01-07 北京亚华意诺斯新能源科技有限公司 一种表具安全防护系统、数据传输方法、表具及服务器
CN115021911A (zh) * 2022-05-31 2022-09-06 支付宝(杭州)信息技术有限公司 数据的处理方法、装置及设备
CN116032556A (zh) * 2022-12-13 2023-04-28 支付宝(杭州)信息技术有限公司 小程序应用的密钥协商方法及装置

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109145628B (zh) * 2018-09-06 2020-08-25 江苏恒宝智能系统技术有限公司 一种基于可信执行环境的数据采集方法及系统
CN112422487A (zh) * 2019-08-23 2021-02-26 北京小米移动软件有限公司 数据传输方法、装置、系统及计算机可读存储介质
CN114338065A (zh) * 2020-09-30 2022-04-12 中兴通讯股份有限公司 安全通讯方法、装置、服务器及存储介质
CN112422587B (zh) * 2021-01-21 2021-04-13 腾讯科技(深圳)有限公司 身份校验方法、装置、计算机设备及存储介质
CN112929169B (zh) * 2021-02-07 2022-10-28 成都薯片科技有限公司 秘钥协商方法及系统
CN112926046B (zh) * 2021-03-26 2024-04-19 公安部第三研究所 保护设备标识信息的移动终端设备匿名标识信息认证方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103856485A (zh) * 2014-02-14 2014-06-11 武汉天喻信息产业股份有限公司 可信用户界面安全指示器的初始化系统及方法
CN104408371A (zh) * 2014-10-14 2015-03-11 中国科学院信息工程研究所 一种基于可信执行环境高安全应用系统的实现方法
CN104636917A (zh) * 2015-02-03 2015-05-20 武汉天喻信息产业股份有限公司 一种具备安全支付功能的移动支付系统及方法
CN105101169A (zh) * 2014-05-13 2015-11-25 中国移动通信集团公司 可信执行环境处理信息的方法、装置、终端及sim卡
CN105590201A (zh) * 2015-04-23 2016-05-18 中国银联股份有限公司 移动支付装置及移动支付系统

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8959331B2 (en) * 2012-11-19 2015-02-17 At&T Intellectual Property I, Lp Systems for provisioning universal integrated circuit cards
CN103873243B (zh) * 2012-12-12 2018-06-15 腾讯科技(北京)有限公司 实现数据安全传输的方法、系统、服务器和终端
TWI543014B (zh) * 2015-01-20 2016-07-21 動信科技股份有限公司 快速佈署可信任執行環境應用的系統與方法
CN106453196B (zh) * 2015-08-04 2020-01-07 中国移动通信集团公司 一种针对可信执行环境的密钥写入装置、系统及方法
CN106454528A (zh) * 2015-08-07 2017-02-22 阿里巴巴集团控股有限公司 基于可信执行环境的业务处理方法和客户端
CN105488679B (zh) * 2015-11-23 2019-12-03 北京小米支付技术有限公司 基于生物识别技术的移动支付设备、方法和装置
CN107426174B (zh) * 2017-06-09 2019-12-24 武汉果核科技有限公司 一种可信执行环境的访问控制方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103856485A (zh) * 2014-02-14 2014-06-11 武汉天喻信息产业股份有限公司 可信用户界面安全指示器的初始化系统及方法
CN105101169A (zh) * 2014-05-13 2015-11-25 中国移动通信集团公司 可信执行环境处理信息的方法、装置、终端及sim卡
CN104408371A (zh) * 2014-10-14 2015-03-11 中国科学院信息工程研究所 一种基于可信执行环境高安全应用系统的实现方法
CN104636917A (zh) * 2015-02-03 2015-05-20 武汉天喻信息产业股份有限公司 一种具备安全支付功能的移动支付系统及方法
CN105590201A (zh) * 2015-04-23 2016-05-18 中国银联股份有限公司 移动支付装置及移动支付系统

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113905355A (zh) * 2020-07-06 2022-01-07 北京亚华意诺斯新能源科技有限公司 一种表具安全防护系统、数据传输方法、表具及服务器
CN112329071A (zh) * 2020-12-16 2021-02-05 支付宝(杭州)信息技术有限公司 一种隐私数据处理方法、系统、装置及设备
CN112329071B (zh) * 2020-12-16 2024-06-04 支付宝(杭州)信息技术有限公司 一种隐私数据处理方法、系统、装置及设备
CN113704826A (zh) * 2021-09-13 2021-11-26 支付宝(杭州)信息技术有限公司 一种基于隐私保护的业务风险检测方法、装置及设备
CN115021911A (zh) * 2022-05-31 2022-09-06 支付宝(杭州)信息技术有限公司 数据的处理方法、装置及设备
CN116032556A (zh) * 2022-12-13 2023-04-28 支付宝(杭州)信息技术有限公司 小程序应用的密钥协商方法及装置

Also Published As

Publication number Publication date
TW201926943A (zh) 2019-07-01
CN109905350A (zh) 2019-06-18
TWI791050B (zh) 2023-02-01
CN109905350B (zh) 2022-08-12

Similar Documents

Publication Publication Date Title
WO2019109852A1 (fr) Procédé et système de transmission de données
US11792169B2 (en) Cloud storage using encryption gateway with certificate authority identification
US9465947B2 (en) System and method for encryption and key management in cloud storage
EP2820792B1 (fr) Procédé de fonctionnement d'un dispositif informatique, dispositif informatique et programme informatique
US11102191B2 (en) Enabling single sign-on authentication for accessing protected network services
CN110249336B (zh) 使用签名密钥对可信执行环境的寻址
TW201814496A (zh) 資料儲存方法、資料獲取方法、裝置及系統
US11044082B2 (en) Authenticating secure channel establishment messages based on shared-secret
US20200351107A1 (en) Secure authentication of remote equipment
US20110167263A1 (en) Wireless connections to a wireless access point
US20130227287A1 (en) Method of operating a computing device, computing device and computer program
KR20060045440A (ko) 패스워드 보호 비밀 데이터의 노출 없이 통신 네트워크을통해 이 비밀 데이터를 복구하는 방법 및 시스템
US11411731B2 (en) Secure API flow
JP2020533853A (ja) デジタル証明書を管理するための方法および装置
CN110235134B (zh) 使用洁净室供应来寻址可信执行环境
EP4096147A1 (fr) Mise en uvre d'une enclave sécurisée pour des clés cryptographiques mandatées
EP4096160A1 (fr) Mise en uvre par secret partagé de clés cryptographiques obtenues par procuration
US11606193B2 (en) Distributed session resumption
US20240113885A1 (en) Hub-based token generation and endpoint selection for secure channel establishment
CN114553426B (zh) 签名验证方法、密钥管理平台、安全终端及电子设备
CN111901335B (zh) 基于中台的区块链数据传输管理方法及系统
WO2024124924A1 (fr) Procédé et appareil d'accord de clé pour applet
CN113727059B (zh) 多媒体会议终端入网认证方法、装置、设备及存储介质
US11736461B1 (en) Sharing secrets over one or more computer networks using proxies
EP4395236A1 (fr) Partage de secrets sur un ou plusieurs réseaux informatiques à l'aide de mandataires

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18886929

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18886929

Country of ref document: EP

Kind code of ref document: A1