WO2020048289A1

WO2020048289A1 - System and method for processing user information

Info

Publication number: WO2020048289A1
Application number: PCT/CN2019/099943
Authority: WO
Inventors: 程强
Original assignee: 深圳市红砖坊技术有限公司
Priority date: 2018-09-05
Filing date: 2019-08-09
Publication date: 2020-03-12
Also published as: CN110881015A; CN110881015B

Abstract

Disclosed are a system and method for processing user information. The system comprises at least one terminal device and a server setting a trusted execution environment. The method comprises: a terminal device sending a user information adding request to a server; the server correspondingly storing a user identifier, user information and an encryption marker in the received user information adding request; the terminal device sending a user identifier and a first re-encryption instruction in a user information query request to the server as a user information re-encryption request; the server querying user information corresponding to the user identifier in the received user information re-encryption request; in the trusted execution environment of the server, executing a user information re-encryption operation to obtain re-encrypted user information, and sending the obtained re-encrypted user information to the terminal device; and the terminal device using a re-encryption key to decrypt the received re-encrypted user information to obtain user information plaintext. The embodiment increases the security of user information.

Description

System and method for processing user information

Cross-reference to related applications

This application claims the priority and priority of a Chinese invention patent application filed on September 5, 2018 with the China National Intellectual Property Office (CNIPA) with an application number of 201811030446.3 and an invention name of "Systems and Methods for Processing User Information" The rights, the Chinese invention patent application is incorporated herein by reference in its entirety.

Technical field

The embodiments of the present application relate to the field of computer technology, and in particular, to a system and method for processing user information.

Background technique

At present, when an end user uses an application installed on a terminal device or accesses a website, in order to obtain various services provided by the application or website, the user or user must first enter the correct user name and password to log in to the application or website. To obtain the user information of the user by using the user name and password of the user, so as to customize the service for the user according to the obtained user information.

Service providers of applications or websites can use data mining technology to profile users based on user information, so as to provide users with more accurate services. However, while the service is getting more and more targeted, various problems such as the abuse of private data brought by the management of user information, endless advertising harassment, leakage of user information, and the prevalence of fraud have also arisen.

Summary of the Invention

The embodiments of the present application propose a system and method for processing user information.

In a first aspect, an embodiment of the present application provides a system for processing user information. The system includes: at least one terminal device and a server, and the server sets a trusted execution environment, where the terminal device is configured to: To the encrypted user information addition request including the user ID, the user information to be added, and the plaintext key, perform the key and user information encryption operation in the target trusted execution environment that supports the key and user information encryption operation, and get The ciphertext key corresponding to the plaintext key and the user information ciphertext corresponding to the user information to be added, and the user ID including the encrypted user information addition request, the obtained user information ciphertext, and the encryption mark are encrypted marks. The user information addition request is sent to the server, where the encrypted mark is used to characterize that the user information in the user information addition request is encrypted user information ciphertext. The key and user information encryption operations include: using the target trusted execution environment to store The encrypted plaintext key uses the key, and the plaintext key is encrypted to obtain the same as the plaintext key. A ciphertext key corresponding to the key; and encrypting the user information to be added using the plaintext key to obtain the user information ciphertext corresponding to the plaintext of the user information to be added; the terminal device is configured to: The user information to be added and the unencrypted user information addition request marked as unencrypted are sent to the server as a user information addition request. The unencrypted mark is used to characterize the user information in the user information addition request as Plaintext of unencrypted user information; a server configured to: in response to receiving a user information addition request sent by the terminal device, store the user identification, user information, and encryption mark in the received user information addition request in correspondence; the terminal The device is configured to: in response to detecting a user information query request, the user information query request includes a user identification, a ciphertext key, and a transfer key, and use the transfer key command public key to query the received user information query request. The ciphertext key and the turnkey are encrypted to obtain a first turnkey command. And sending the user identification in the user information query request and the obtained first transfer password instruction to the server as a user information transfer request corresponding to the user information query request; the server is configured to: in response to receiving the User information transfer request, query the user information and encryption token corresponding to the user ID in the received user information transfer request; in the trusted execution environment of the server, perform the user information transfer operation to get the same The user information transfer request corresponding to the user information transfer request, and the obtained user transfer request information is sent to the terminal device that sent the received user information transfer request. The user information transfer operation includes: using the server ’s The private key of the cryptographic instruction corresponding to the public key of the cryptographic instruction stored in the trusted execution environment decrypts the first cryptographic instruction in the received user information cryptographic request to obtain the ciphertext key and the cryptographic password Key; in response to determining that the found encryption token is an encrypted token, utilizing the encryption key stored in the server's trusted execution environment Decrypt the ciphertext key obtained by decryption to obtain the plaintext key; use the plaintext key obtained by decryption to decrypt the found user information to obtain the user information plaintext; in response to determining that the found encrypted token is an unencrypted token , Determine the found user information as user information plaintext; encrypt the obtained user information plaintext by using the decryption key to obtain the encrypted user information corresponding to the received user information secret request; terminal The device is configured to: in response to receiving the encrypted user information corresponding to the transmitted user information encrypted request sent by the server, using the transmitted user information query request corresponding to the encrypted password in the user information transmitted encrypted request The key decrypts the received encrypted user information to obtain the user information in plain text.

In a second aspect, an embodiment of the present application provides a method for processing user information, which is applied to a server in a system for processing user information. The system for processing user information includes at least one terminal device and a server, and the server is configured A trusted execution environment. The method includes: in response to receiving a user information addition request sent by a terminal device, storing a user identifier, user information, and encryption mark in the received user information addition request, and storing the encryption mark in a corresponding manner. The user information in the user information adding request is an encrypted mark of the encrypted user information ciphertext or the user information in the user information adding request is an encrypted mark of the unencrypted user information plaintext; in response to receiving A user information transfer request sent to a terminal device, where the user information transfer request includes a user identification and a first transfer instruction, and queries the user information and the encryption token corresponding to the user identification in the received user information transfer request ; In the trusted execution environment, perform user information encryption operation, get The encrypted user information corresponding to the received encrypted user information request, and the obtained encrypted user information is sent to the terminal device that sends the received encrypted user information request. The user information encrypted operation includes: : Use the private key of the cryptographic instruction corresponding to the public key of the cryptographic instruction stored in the trusted execution environment of the server to decrypt the first cryptographic instruction in the received user information cryptographic request to obtain the ciphertext key And the cipher key; in response to determining that the found encryption token is an encrypted token, using the encryption key stored in the trusted execution environment of the server to decrypt the encrypted ciphertext key with the key to obtain the plaintext key; The decrypted user information is decrypted using the plaintext key obtained to decrypt the user information plaintext; in response to determining that the found encrypted tag is an unencrypted tag, the found user information is determined to be the user information plaintext; the decrypted The encryption key encrypts the obtained user information in plain text, and obtains the encryption user information corresponding to the received user information encryption request .

In a third aspect, an embodiment of the present application provides an apparatus for processing user information, which is applied to a server in a system for processing user information. The system for processing user information includes at least one terminal device and a server, and the server is configured A trusted execution environment, the device includes: a user information adding unit configured to respond to a user information adding request sent by the terminal device, and correspond to the user identification, user information, and encryption token in the received user information adding request Storage, where the encryption tag is an encrypted tag used to characterize the user information in the user information addition request as encrypted user information ciphertext or the user information used to characterize the user information in the user information addition request is unencrypted user information plaintext Unencrypted mark; the user information query unit is configured to respond to receiving a user information transfer request from the terminal device, wherein the user information transfer request includes a user identification and a first transfer instruction, and the query and the received The user information corresponding to the user ID in the user information transfer request and Secret mark; user information transfer unit, configured to perform user information transfer operation in a trusted execution environment, to obtain the transfer user information corresponding to the received user information transfer request, and to transfer the obtained transfer information The confidential user information is sent to the terminal device that sends the received user information transfer request. The user information transfer operation includes: using the transfer instruction private key corresponding to the transfer instruction public key stored in the trusted execution environment of the server. Key to decrypt the first encryption instruction in the received user information encryption request to obtain the ciphertext key and the encryption key; in response to determining that the found encryption token is an encrypted token, the server ’s available encryption token is used. The encryption key stored in the message execution environment uses the key to decrypt the decrypted ciphertext key to obtain the plaintext key; the decrypted user key is used to decrypt the found user information to obtain the user information plaintext; Determine the found encrypted mark as unencrypted mark, determine the found user information as user information plaintext; use the decryption key obtained by decryption User information obtained plaintext is encrypted to obtain the index information corresponding to the user encrypted with the user secret information transfer requests received.

In a third aspect, an embodiment of the present application provides a server, including: one or more processors; a storage device storing one or more programs thereon, when the one or more programs are processed by the one or more programs When the processor executes, the foregoing one or more processors implement the method as described in any implementation manner of the second aspect.

In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed by one or more processors, the computer program is implemented as described in any implementation manner in the second aspect. Methods.

The system and method for processing user information provided in the embodiments of the present application, by adding user information to a server in a terminal device, autonomously selecting to add encrypted user information or unencrypted user information to the server, and in the server Whether the user information added to the corresponding record is encrypted. When the user uses the terminal device to query the user information from the server: If the user information is encrypted, the terminal device needs to provide the corresponding ciphertext key corresponding to the plaintext key used when the user information is encrypted, and the server is trusted. In the execution environment, the plaintext key can be obtained by decrypting the ciphertext key, and the plaintext key is used to decrypt the user information to obtain the plaintext user information. If the user information is not encrypted, you can directly obtain the plaintext user information, and finally use the terminal. The turnkey provided during the device query encrypts the obtained user information plaintext to obtain the turnkey user information, so that the terminal device can use the turnkey to decrypt the turnkey user information to obtain the user information plaintext. That is, for programs outside the trusted execution environment in the server, the user information plaintext of the encrypted user information cannot be obtained, and thus the data mining analysis of the user information plaintext cannot be performed, thereby protecting the security of user information and data. .

BRIEF DESCRIPTION OF THE DRAWINGS

Other features, objects, and advantages of the present application will become more apparent by reading the detailed description of the non-limiting embodiments with reference to the following drawings:

FIG. 1 is an exemplary system architecture diagram to which an embodiment of the present application can be applied; FIG.

2A is a sequence diagram of an embodiment of a system for processing user information according to the present application;

2B is a flowchart of an embodiment of a key and user information encryption operation according to the present application;

2C is a flowchart of an embodiment of a user information transfer operation according to the present application;

FIG. 3A, FIG. 3B, FIG. 3F, FIG. 3H and FIG. 3K are timing diagrams of another embodiment of a system for processing user information according to the present application;

3C is a flowchart of an embodiment of a first user ID generating operation according to the present application;

3D is a flowchart of an embodiment of a user identity verification operation according to the present application;

3E is a flowchart of an embodiment of a ciphertext generating operation of user authentication information according to the present application;

3G is a flowchart of an embodiment of a second user identifier generating operation according to the present application;

3I is a flowchart of an embodiment of a ciphertext generating operation of user identification verification information according to the present application;

3J is a flowchart of an embodiment of a verification information generating operation according to the present application;

3L is a flowchart of an embodiment of an information encryption operation according to the present application;

3M is a flowchart of an embodiment of a first information decryption operation according to the present application;

FIG. 3O is a flowchart of an embodiment of an information transfer operation according to the present application; FIG.

4 is a flowchart of an embodiment of a method for processing user information according to the present application;

5 is a schematic structural diagram of an embodiment of a device for processing user information according to the present application; and

FIG. 6 is a schematic structural diagram of a computer system suitable for implementing a server according to an embodiment of the present application.

detailed description

The following describes the present application in detail with reference to the accompanying drawings and embodiments. It can be understood that the specific embodiments described herein are only used to explain the related invention, rather than limiting the invention. It should also be noted that, for the convenience of description, only the parts related to the related invention are shown in the drawings.

It should be noted that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. The application will be described in detail below with reference to the drawings and embodiments.

FIG. 1 illustrates an exemplary system architecture 100 of an embodiment of a system for processing user information or a method for processing user information to which the present application can be applied.

As shown in FIG. 1, the system architecture 100 may include

terminal devices

101, 102, and 103, a network 104, and a server 105. The network 104 is a medium for providing a communication link between the

terminal devices

101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, and so on.

The user can use the

terminal devices

101, 102, 103 to interact with the server 105 through the network 104 to receive or send messages and the like. Various communication client applications can be installed on the

terminal devices

101, 102, and 103, such as web browser applications, shopping applications, search applications, instant messaging tools, email clients, social platform software, and so on.

The

terminal devices

101, 102, and 103 may be hardware or software. When the

terminal devices

101, 102, and 103 are hardware, they can be various electronic devices with a display screen, including but not limited to smart phones, tablet computers, laptop computers, and desktop computers. When the

terminal devices

101, 102, and 103 are software, they can be installed in the electronic devices listed above. It can be implemented as multiple software or software modules or as a single software or software module. It is not specifically limited here.

The server 105 may be a server provided with a Trusted Execution Environment (TEE, Trusted Execution Environment) and providing various services, such as a background server that provides support for web pages or applications displayed on the

terminal devices

101, 102, and 103. The background server may analyze and process the received user information addition request, user information query request, and other data, and feed back the processing result (for example, the encrypted user information) to the terminal device.

Here, TEE is an operating environment coexisting with Rich OS (usually Android, etc.) on the device, and provides security services for Rich OS. TEE has its own execution space. The software and hardware resources that TEE can access are separated from Rich OS. TEE provides a secure execution environment for Trusted Applications (TA), while also protecting the confidentiality, integrity, and access rights of resources and data of trusted applications. In order to ensure the trusted root of TEE itself, TEE must be verified and isolated from RichOS during the secure boot process. In TEE, each trusted application is independent of each other and cannot be accessed without authorization.

As an example, the TEE set in the server can be implemented in the following two ways:

(1) With the help of security protection capabilities provided by specific CPU chips, such as Intel SGX, ARM Trust Zone, etc., construct a trusted execution environment.

In order to ensure the security strength, you can also add trusted hardware support at the bottom of the trusted execution environment, such as using a security chip that complies with the Trusted Platform Module (TPM) standard, or using a Trusted Cryptography that conforms to the Trusted Cryptographic Module (TCM). Module) standard security chip.

(2) A cryptographic lock (commonly known as a software dog) is used to implement a trusted execution environment.

Common software dogs are often packaged into a compact USB (Universal Serial Bus) device. The software dogs not only provide file storage, but also support running customized programs. With SoftDog, it is not necessary to limit the device type of the server, as long as the server has a USB interface, which reduces the device requirements for the server.

It should be understood that the SoftDog can be directly connected to the server using USB, and can also use TCP / IP communication to pull USB devices remotely and access the server as a remote logical device by using technologies such as USB Over Network. It can also be understood that there can be multiple, even thousands of such remote logical devices, forming a device pool service mode.

It should be noted that the method for processing user information provided in the embodiments of the present application is generally executed by the server 105, and accordingly, a device for processing user information is generally provided in the server 105.

It should be understood that the numbers of terminal devices, networks, and servers in FIG. 1 are merely exemplary. According to implementation needs, there can be any number of terminal devices, networks, and servers.

With continued reference to FIG. 2A, a timing diagram 200 of one embodiment of a system for processing user information according to the present application is shown.

The system for processing user information in the embodiments of the present application may include a server and at least one terminal device, a network connection between the server and at least one terminal device, and a trusted execution environment is set in the server.

As shown in FIG. 2A, the timing sequence 200 of an embodiment of a system for processing user information according to the present application may include the following steps:

Step 201: In response to detecting a request for adding encrypted user information, the terminal device executes the encryption operation of the key and the user information in a target trusted execution environment that provides support for the encryption operation of the key and the user information, and obtains a key corresponding to the plaintext key. Send the ciphertext key and the user information ciphertext corresponding to the user information to be added, and send the user information including the user ID in the encrypted user information addition request, the obtained user information ciphertext, and the encrypted user information marked as encrypted. To the server.

In this embodiment, when the terminal device detects a request for adding encrypted user information including a user identifier, user information to be added, and a plaintext key, the target device can perform credible execution of the target to support the encryption operation of the key and user information. In the environment, the key and user information encryption operations are performed to obtain the ciphertext key corresponding to the plaintext key and the user information ciphertext corresponding to the user information to be added. The obtained user information ciphertext and encrypted user information added with the encrypted mark are sent to the server. The encrypted mark is used to indicate that the user information in the user information adding request is an encrypted user information ciphertext. The above key and user information encryption operation may include sub-step 2011 and sub-step 2012 shown in FIG. 2B:

In sub-step 2011, the encrypted plaintext key in the target trusted execution environment is used to encrypt the plaintext key in the detected encrypted user information addition request to obtain a ciphertext key corresponding to the plaintext key.

Wherein, using the encrypted plaintext key key stored in the target trusted execution environment to encrypt the plaintext key in the detected encrypted user information addition request, DES (Data Encrytion Standard) can be used. ) Algorithm, 3DES / TDEA (Triple Data Encryption Algorithm, Triple Data Encryption Algorithm) algorithm, AES (Advanced Encryption Standard) algorithm, Blowfish algorithm, RC2 algorithm, RC4 algorithm, RC5 algorithm, IDEA algorithm (International Data Encryption Algorithm) , International data encryption algorithms) and other symmetric encryption algorithms now known or developed in the future. Here, the encrypted plaintext key stored in the target trusted execution environment cannot be stored outside the trusted execution environment of the electronic device where the target trusted execution environment is located, and the program in the target trusted execution environment can access the encryption. The key for the plaintext key, but programs outside the trusted execution environment of the electronic device where the target trusted environment is located cannot access the key for the encrypted plaintext key, which can ensure the availability of the electronic device where the target trusted execution environment is located. Outside the letter execution environment, the ciphertext key cannot be decrypted to obtain the plaintext key.

Sub-step 2012: Use the plaintext key to encrypt the user information to be added in the detected encrypted user information addition request to obtain the user information password corresponding to the detected user information to be added in the encrypted user information addition request. Text.

Similarly, when using the plaintext key to encrypt the user information to be added in the detected encrypted user information addition request, various symmetric encryption algorithms can also be used.

Here, the terminal device may be any terminal device among at least one terminal device.

Here, the target trusted execution environment may be a trusted execution environment set in the terminal device. In this way, the terminal device may perform key and user information encryption operations in the trusted execution environment set in the terminal device.

Here, the target trusted execution environment may also be a trusted execution environment set in other electronic devices connected to the terminal device network. In this way, the terminal device may send an encrypted user information addition request to the electronic device provided with the trusted execution environment. , The electronic device performs a key and user information encryption operation in the trusted execution environment of the electronic device, and obtains a ciphertext key corresponding to the plaintext key and a user information ciphertext corresponding to the user information to be added, and then the above The electronic device may send the obtained ciphertext key and user information ciphertext to the terminal device, so that the terminal device may include the user identifier included in the encrypted user information addition request, the obtained user information ciphertext, and the encryption mark as A request to add encrypted user information to the server is sent.

In practice, the terminal device may detect the encrypted user information addition request in various implementation manners. For example, the terminal device may detect that the user uses the terminal device to access a new user registration page for the user to enter registered user information, and the user ID, user information to be added, and plaintext key are entered in the new user registration page. Indicates that the user wishes to encrypt the input user information to be encrypted using the input plaintext key, that is, for the user, the input user information to be added is sensitive information, and the user information to be added cannot be stored in plain text. In the server, it must be encrypted and stored in the server. At this time, the terminal device can determine that an encrypted user information addition request is detected. For another example, the terminal device may also detect that the user has opened a new user registration interface in the application installed on the terminal device for the user to enter registered user information, and the user identification, user information to be added, and In the case of a plaintext key, it also indicates that the user wishes to use the entered plaintext key to encrypt the user information to be added, that is, for the user, the user information to be added is sensitive information and cannot be The user information to be added is stored in the server in plain text, and must be encrypted and stored in the server. At this time, the terminal device may also determine that an encrypted user information addition request is detected.

Here, the user information to be added may include various attribute information of the user. For example, the user information to be added may include name, age, gender, mobile phone number, certificate number, nickname, avatar image, hobbies, occupation, income status, education, Hometown, Home Address, Work Address, etc.

Here, the user identifier is used to uniquely identify each user corresponding to the user information stored by the server. The user ID can include at least one of the following: numbers, characters, and text.

It can be understood that the ciphertext key generation process corresponding to the plaintext key and the user information ciphertext generation process can be separated. The ciphertext key must be generated in the trusted execution environment, and the user information ciphertext can be generated in the trusted execution environment. If the current program execution environment is relatively secure (the possibility of resident rogue software or phishing software is low) and the In the case of standard encryption and decryption methods, it can also be generated outside the trusted execution environment.

In step 202, the terminal device sends an unencrypted user information addition request to the server as a user information addition request in response to detecting an unencrypted user information addition request including a user identification, user information to be added, and an encrypted mark as an unencrypted mark.

Here, the unencrypted flag is used to indicate that the user information in the user information adding request is plaintext of the user information that is not encrypted.

As an example, "0" may be used as the unencrypted mark, and "1" may be used as the encrypted mark, or "False" may be used as the unencrypted mark, and "True" may be used as the encrypted mark.

In practice, the terminal device may detect the unencrypted user information addition request in various implementation manners. For example, the terminal device may detect that the user has accessed the new user registration page for the user to enter the registered user information using the terminal device, and the user ID and the user information to be added are entered in the new user registration page but the plaintext key is not entered. In this case, it indicates that the user does not want to encrypt the input user information to be added, that is, for the user, the input user information to be added is not sensitive information, and the user information to be added can be stored in plain text in the server. At this time, the terminal device may determine that an unencrypted user information addition request is detected. For another example, the terminal device may also detect that the user has opened a new user registration interface in the application installed on the terminal device for the user to enter registered user information, and the user ID and user information to be added are entered in the new user registration interface but When the plaintext key is not entered, it also indicates that the user does not want to encrypt the input user information to be added, that is, for the user, the input user information to be added is not sensitive information, and the user to be added can be The information is stored in the server in clear text. At this time, the terminal device may also determine that an unencrypted user information addition request is detected.

Step 203: In response to receiving the user information adding request sent by the terminal device, the server stores the user identifier, user information, and encryption mark in the received user information adding request in a corresponding manner.

Here, the server may add a request for the received user information, whether it is a request for adding user information encrypted and marked as encrypted or a request for adding user information encrypted as unencrypted, the received user information may be added The user ID, user information, and encryption token in the add request are stored correspondingly.

It can be understood that, in practice, due to the huge amount of user information, the server may store the user identification, user information, and encryption mark in the received user information addition request in a distributed database.

Step 204: In response to detecting the user information query request, the terminal device uses the public key of the cryptographic instruction to encrypt the ciphertext key and the cryptographic key in the received user information query request to obtain the first cryptographic instruction, and The user identification in the user information query request and the obtained first transfer password instruction are sent to the server as a user information transfer password request corresponding to the user information query request.

In this embodiment, the terminal device may detect a user information query request, where the user information query request includes a user identifier, a ciphertext key, and a transfer key, and the received data is transferred using the transfer key public key. The ciphertext key and the transfer key in the obtained user information query request are encrypted to obtain a first transfer password instruction, and the user ID and the obtained first transfer password instruction in the received user information query request are used as A user information transfer request corresponding to the received user information query request is sent to the server.

Here, the user ID in the user information query request may be a user ID input by the user using the terminal device, that is, the user wants to query user information of the user indicated by the input user ID.

Here, the user information is uploaded from the terminal device and stored to the server by the user using the terminal device through steps 201, 202, and 203. If the added user information is encrypted, the terminal device needs to provide the key used to encrypt the user information if it needs to query the encrypted user information, but to ensure security, the user information cannot be encrypted here. The plaintext key used is sent to the server to prevent the server from using the plaintext key to decrypt the user information, thereby causing the server to leak or abuse the user information. From the description in step 201, when encrypting the user information in step 201, a ciphertext key corresponding to the plaintext key used to encrypt the user information is also generated, and the generated ciphertext key is also the same as that in step 201. The encrypted user information in the corresponding request corresponds to the plaintext key. Here, the ciphertext key in the user information query request is the ciphertext key corresponding to the plaintext key in the encrypted user information adding request whose user identifier is the user identifier in the user information query request in step 201. When the user needs to add user information to the server using the terminal device, the user needs to memorize the ciphertext key generated for the plaintext key in step 201 so as to provide it when querying the user information. In practice, in order to reduce the memory burden of the user, each user ID of the terminal device and the corresponding ciphertext key may be stored correspondingly, for example, correspondingly stored in a correspondence table, or stored in the operating system of the terminal device. In the registry. In this way, the terminal device can obtain the ciphertext key corresponding to the user identity through the foregoing corresponding storage relationship.

Here, the transfer key in the user information query request may be a key string received by the terminal device from the user, or the transfer key in the user information query request may be a key randomly generated by the terminal device.

Here, using the public key of the cryptographic instruction to encrypt the ciphertext key and the cryptographic key in the received user information query request may use various asymmetric encryption algorithms known now or developed in the future, including but not limited to : RSA encryption algorithm, Elgamal algorithm, backpack algorithm, DH algorithm, ECC (Elliptic Curve Encryption Algorithm), etc. The public key of the turnkey instruction used for encryption is the public key used in the asymmetric encryption process.

Step 205: The server, in response to receiving the user information transfer request sent by the terminal device, queries the user information and the encryption token corresponding to the user ID in the received user information transfer request, and in the trusted execution environment of the server, Perform the user information transfer encryption operation to obtain the transfer user information corresponding to the received user information transfer request, and send the obtained transfer user information to the terminal device that sends the received user information transfer request.

Since the server correspondingly stores the user ID, user information, and encryption mark, the server can query the corresponding user ID in the received user information transfer request when receiving the user information transfer request sent by the terminal device. User information and encryption tokens, and perform the user information transfer operation in the trusted execution environment of the server to obtain the transfer user information corresponding to the received user information transfer request, and the obtained transfer user The information is sent to the terminal device that sends the received user information transfer request. The above-mentioned operation of transferring user information may include sub-steps 2051 to 2052 as shown in FIG. 2C:

Sub-step 2051, using the private key of the cryptographic instruction corresponding to the public key of the cryptographic instruction stored in the trusted execution environment of the server, decrypting the first cryptographic instruction in the received user information cryptographic request to obtain the secret Text key and cipher key.

The private key of the cryptographic instruction here is the private key used for decryption corresponding to the public key of the cryptographic instruction used to encrypt the ciphertext key and the cryptographic key in the received user information query request in step 204. The cryptographic instruction public key can be stored outside the server's trusted execution environment and inside the trusted execution environment. The private key of the cryptographic instruction can only be stored in the trusted execution environment of the server or the terminal device. The private key of the cryptographic instruction can only be accessed by the program in the trusted execution environment of the server or the terminal device. It cannot be accessed by the server. Access to programs outside the trusted execution environment and programs outside the trusted execution environment of the terminal device.

Sub-step 2052, in response to determining that the found encryption token is an encrypted token, using the encryption key stored in the trusted execution environment of the server to decrypt the encrypted ciphertext key with the key to obtain a plaintext key.

Sub-step 2053: Decrypt the found user information by using the decrypted plaintext key to obtain the user information plaintext.

Sub-step 2054, in response to determining that the found encrypted tag is an unencrypted tag, determining the found user information as user information plaintext.

Sub-step 2055: Encrypt the obtained user information in plain text by using the decrypted transfer key to obtain the transferred user information corresponding to the received user information transfer request.

After the user information is encrypted, the user information is encrypted in the server's trusted execution environment using the encryption key. Programs outside the server's trusted execution environment can only obtain the encrypted message after the encryption key is encrypted. Confidential user information cannot be obtained in plain text of user information, thereby preventing the server from revealing plain text of user information.

Step 206: The terminal device, in response to receiving the user information corresponding to the user information transfer request sent by the server, uses the user information corresponding to the user information transfer request to query the transfer key in the request. The received encrypted user information is decrypted to obtain the user information in plain text.

In some optional implementation manners, the user identifier in the encrypted user information addition request, the user identifier in the unencrypted user information addition request, and the user identifier in the user information query request may be the user identifier in the user identifier set of the terminal device. That is, for each terminal device, a user identifier set of the terminal device is stored in the terminal device. The user identifier in the encrypted user information addition request detected by the terminal device in step 201 is the user identifier set stored in the terminal device. User ID in step 202, the user ID in the unencrypted user information addition request detected by the terminal device in step 202 is also the user ID in the user ID set stored in the terminal device, and the user information query request detected by the terminal device in step 204 The user ID in is also the user ID in the user ID set stored in the terminal device.

In some optional implementation manners, the server may be a resource server supporting the OAuth2 protocol.

The system for processing user information provided by the foregoing embodiments of the present application, by adding user information to a server in a terminal device, autonomously chooses to add encrypted user information or unencrypted user information to the server, and in the server Whether the user information added to the corresponding record is encrypted. When a user uses a terminal device to query user information from the server, if the user information is encrypted, the terminal device needs to provide a corresponding ciphertext key corresponding to the plaintext key used when the user information is encrypted, and the trusted execution of the server The plaintext key can be obtained by decrypting the ciphertext key in the environment, and then the plaintext key is used to decrypt the user information to obtain the plaintext user information. If the user information is not encrypted, you can directly obtain the plaintext user information, and then use the terminal device. The encipherment key provided in the query is used to encrypt the obtained plaintext user information to obtain the enciphered user information. Therefore, on the terminal device, the enciphered user information can be decrypted using the encipherment key to obtain the plaintext of the user information, that is, For programs outside the trusted execution environment in the server, the user information plaintext of the encrypted user information cannot be obtained, and thus the data mining analysis of the user information plaintext cannot be performed, and the user information data is protected from leakage.

Further reference is made to FIG. 3A, which illustrates a timing sequence 300 of yet another embodiment of a system for processing user information according to the present application.

As shown in FIG. 3A, the timing sequence 300 according to another embodiment of the system for processing user information according to the present application may include the following steps:

In step 301, the terminal device responds to a request for adding encrypted user information including a user identifier, a user information range identifier, user information to be added, and a plaintext key, and targets a trusted execution environment for the key and user information encryption operations. , Perform encryption operations on the key and user information to obtain the ciphertext key corresponding to the plaintext key and the user information ciphertext corresponding to the user information to be added, and the user ID and user information included in the encrypted user information addition request The range identifier, the obtained user information ciphertext, and the user information encryption request that is encrypted and marked as encrypted are sent to the server.

In this embodiment, the terminal device may provide support for the encryption operation of the key and the user information in a case where an encrypted user information addition request including a user ID, a user information range identifier, user information to be added, and a plaintext key is detected. In the target trusted execution environment, perform key and user information encryption operations to obtain the ciphertext key corresponding to the plaintext key and the user information ciphertext corresponding to the user information to be added, and add the encrypted user information to the request And send a request for adding the user ID, the user information range ID, the obtained user information ciphertext, and the user information whose encryption mark is an encrypted mark to the server. The encrypted mark is used to indicate that the user information in the user information adding request is an encrypted user information ciphertext. The encryption operation of the key and the user information may include sub-steps 2011 and sub-steps 2012 as shown in FIG. 2B. For details, refer to the related description in step 201 in the embodiment shown in FIG. 2A, and details are not described herein again.

Here, regarding the terminal device, the target trusted execution environment, the user information to be added, and the user identifier, reference may be made to the related description in step 201 in the embodiment shown in FIG. 2A, and details are not described herein again.

Here, the user information range identifier is used to indicate at least one kind of attribute information among various attribute information included in the user information, and it can also be understood that the user information range identifier is used to indicate at least one of various fields included in the user information. In practice, various attribute information included in the user information may be classified according to the privacy degree and / or importance degree of each attribute information, and the user information range identifier to which each attribute information belongs is marked. For example, three user information range identifiers "1", "2", and "3" may be marked, where the user information range identifier "1" is used to indicate user attribute information with a low degree of privacy and / or importance, such as, "Interests and hobbies", "avatar pictures", "nicknames", etc. The user information range identifier "2" is used to indicate user attribute information with a higher degree of privacy and / or importance, such as "name", "gender", "Age", etc. The user information range identifier "3" is used to indicate the user attribute information with the highest degree of privacy and / or importance, such as "mobile phone number", "certificate number", "home address", "work address" and many more.

In practice, the terminal device may detect the encrypted user information addition request in various implementation manners. For example, the terminal device may detect that the user has accessed the new user registration page for the user to input the registered user information using the terminal device, and the user identification, the user information range identification, the user information to be added, and the plain text are entered in the new user registration page. In the case of a key, it indicates that the user wishes to encrypt the user information to be added using the entered plaintext key, that is, for the user, the user information to be added is sensitive information, and the user information cannot be The added user information is stored in the server in clear text and must be stored in the server after encryption. At this time, the terminal device can determine that an encrypted user information addition request is detected. For another example, the terminal device may also detect that the user has opened a new user registration interface in the application installed on the terminal device for the user to enter registered user information, and the user identification, user information range identifier, In the case of the user information to be added and the plaintext key, it also indicates that the user wishes to use the entered plaintext key to encrypt the user information to be added, that is, for the user, the user information to be added belongs to For sensitive information, the user information to be added cannot be stored in the server in plain text. It must be encrypted and stored in the server. At this time, the terminal device can also determine that an encrypted user information addition request is detected.

Step 302: The terminal device responds to detecting an unencrypted user information addition request including a user ID, a user information range identifier, user information to be added, and an encrypted mark that is an unencrypted mark, and sends the unencrypted user information addition request as a user information addition request. To the server.

In practice, the terminal device may detect the unencrypted user information addition request in various implementation manners. For example, the terminal device may detect that the user has used the terminal device to access a new user registration webpage for the user to enter registered user information, and the user identity, user information range identifier, and user information to be added are entered in the new user registration webpage but not yet When the plaintext key is entered, it indicates that the user does not want to encrypt the user information to be added, that is, for the user, the user information to be added is not sensitive information, and the user information to be added can be plaintext. Stored in the server, at this time, the terminal device can confirm that an unencrypted user information addition request is detected. For another example, the terminal device may also detect that the user has opened an application installed on the terminal device for the user to input a new user registration interface for the registered user information, and a user identifier and a user information range identifier are entered in the new user registration interface When the user information to be added is not entered in the clear text key, it also indicates that the user does not want to encrypt the user information to be added, that is, for the user, the user information to be added is not sensitive information , The user information to be added can be stored in plain text in the server. At this time, the terminal device can also confirm that an unencrypted user information addition request is detected.

Step 303: In response to receiving the user information adding request sent by the terminal device, the server stores the user identifier, the user information range identifier, the user information, and the encryption mark in the received user information adding request in a corresponding manner.

Here, the server may add a request for the received user information, whether it is a request for adding user information encrypted and marked as encrypted or a request for adding user information encrypted as unencrypted, the received user information may be added The user ID, user information range ID, user information, and encryption tag in the add request are correspondingly stored.

It can be understood that, in practice, due to the huge amount of user information, the server may store the user identification, user information range identification, user information, and encryption mark in the received user information addition request in a distributed database.

Step 304: In response to detecting the user information query request, the terminal device uses the public key of the cryptographic instruction to encrypt the ciphertext key and the cryptographic key in the received user information query request to obtain the first cryptographic instruction, and The user identifier and user information range identifier in the user information query request and the obtained first transfer password instruction are sent to the server as a user information transfer password request corresponding to the user information query request.

In this embodiment, the terminal device may detect a user information query request, where the user information query request includes a user identifier, a user information range identifier, a ciphertext key, and a cipher key. The public key encrypts the ciphertext key and the turnkey in the received user information query request to obtain a first turnkey instruction, and the user identifier and the user information range identifier in the received user information query request And the obtained first encryption instruction is sent to the server as a user information encryption request corresponding to the received user information query request.

Here, the user information range identifier in the user information query request may be the user information range identifier input by the user using the terminal device, that is, the user wishes to query the user information range identifier range of the user indicated by the input user ID. User Info.

Here, regarding the ciphertext key, the cipher key, and the cipher command public key, reference may be made to the related description in step 204 in the embodiment shown in FIG. 2A, and details are not described herein again.

Step 305: The server, in response to receiving the user information transfer request sent by the terminal device, queries the user information and the encryption mark corresponding to the user identifier and the user information range identifier in the received user information transfer request. In the letter execution environment, a user information transfer operation is performed to obtain the transfer user information corresponding to the received user information transfer request, and the obtained transferred user information is transmitted to the received user information transfer request. The requested end device.

Since the server correspondingly stores a user ID, a user information range identifier, a user information, and an encryption mark, the server can query and receive the user information transfer request when the user information transfer request is received from the terminal device. User ID and user information range ID in the corresponding user information and encryption mark, and in the server's trusted execution environment, perform user information encryption operation to obtain the encrypted user corresponding to the received user information encryption request Information and the obtained encrypted user information is sent to the terminal device that sends the received user information encrypted request.

The above-mentioned operation of transferring user information may include sub-step 2051 to sub-step 2052 as shown in FIG. 2C. For details, refer to the related description in step 205 in the embodiment shown in FIG. 2A, and details are not described herein again.

Step 306: The terminal device, in response to receiving the user information corresponding to the sent user information data encryption request sent by the server, uses the user information corresponding to the sent user information data encryption request to query the data encryption key in the request. The received encrypted user information is decrypted to obtain the user information in plain text.

In this embodiment, the specific operation of step 306 is basically the same as the specific operation of step 206 in the embodiment shown in FIG. 2A, and details are not described herein again.

In this embodiment, the user identifier in the encrypted user information addition request, the user identifier in the unencrypted user information addition request, and the user identifier in the user information query request may be the user identifier in the user identifier set of the terminal device.

Due to the limitation of page display, the following reference is continued to FIG. 3B. It should be noted that the process of FIG. 3B may include various steps shown in FIG. 3A in addition to the steps shown in FIG. 3B. In addition, it should be noted that the first terminal device and the second terminal device shown in FIG. 3B can perform various steps that the terminal device shown in FIG. 3A can perform in addition to the corresponding steps shown in FIG. 3B. step.

In some cases, this embodiment may have the following optional implementations:

Alternative implementation (1): At least one terminal device in a system for processing user information may include at least one first terminal device that sets a trusted execution environment, and the above-mentioned sequence 300 may further include steps as shown in FIG. 3B 307:

Step 307: In response to detecting the first user ID generation request including the first user ID category ID, the first terminal device executes the first user ID generation operation in the trusted execution environment of the first terminal device, and obtains the first user ID generation request. A user ID corresponding to a user ID generation request, and adding the obtained user ID to a user ID set of the first terminal device.

In practice, the terminal device may detect the first user identifier generation request in various implementation manners. For example, the terminal device may detect that the user uses the terminal device to access a user identification generating page including a page element (for example, a text box or a drop-down menu) for the user to input the user identification category identification, and the user identification category is entered in the foregoing. When the first user ID category ID is input in the identified page element, it is determined that the first user ID generation request is detected. For another example, the terminal device may also detect that the user has opened a user ID generation interface in an application installed on the terminal device, entered a first user ID category ID, and clicked a control (for example, associated with a first user ID generation operation) (for example, , Button), it is determined that the first user ID generation request is detected.

Here, the first user identifier category identifier is used to indicate a category of a user identifier in a user identifier set of the first terminal device. In practice, user identifiers in a user identifier set can be classified in various ways, each classification corresponding to a different first user identifier category, and the first user identifier category identifier is used to indicate a different first user identifier category. As an example, the classification may be performed according to the type of the application to which the generated user ID is applied. For example, if the user wishes to generate a user ID for a social application or a social website, then the user may enter or select a social application or a social website. The corresponding user identifier category identifier generates a first user identifier generation request. For another example, if the user wishes to generate a user identification of a shopping application or a shopping website, then a user identification category identifier corresponding to the shopping application or a shopping website may be input or selected to generate a first user identification generating request. As an example, the first user identifier category identifier may also be determined in an incremental manner, that is, the first terminal device may store the current first user identifier category identifier. When an instruction input by a user that wishes to generate a user identifier is detected, the first The terminal device may obtain the current first user identification category identifier stored above, and incrementally update the acquired current first user identification category identifier, and generate a first user identification generation request using the current first user identification category identifier after the incremental update. .

Here, when the first terminal device detects a first user identifier generation request including the first user identifier category identifier, in a trusted execution environment of the first terminal device, a first user identifier generation operation is performed to obtain A user ID corresponding to the first user ID generation request, and adding the obtained user ID to a user ID set of the first terminal device. Here, the foregoing first user identifier generating operation may include sub-steps 3071 to 3073 as shown in FIG. 3C:

Sub-step 3071, obtaining an environment identifier including a manufacturer identifier and a product identifier, which is used to indicate the trusted execution environment of the first terminal device.

Here, the environment identification of the trusted execution environment is used to uniquely identify the trusted execution environment. The environment identification of the trusted execution environment may include a manufacturer identification and a product identification. The manufacturer identification of the trusted execution environment is used to uniquely identify different trusted execution environments. The manufacturer of the execution environment, and the product identification is used to uniquely identify the trusted execution environment produced by the same trusted execution environment manufacturer. In practice, the trusted execution environment usually has a manufacturer's logo and a product logo set at the factory, and cannot be modified. Moreover, the environment logo of the trusted execution environment can only be stored in the trusted execution environment and within the trusted execution environment. The program of the trusted execution environment can access the environment identification of the trusted execution environment, while the program of the trusted execution environment cannot access the environment identification of the trusted execution environment. The environmental identification can include at least one of the following: numbers, characters, and text.

In step 3072, a random number is generated randomly.

Sub-step 3073: Encrypt the first extended user identifier by using the user identifier key stored in the trusted execution environment of the first terminal device to obtain a user identifier corresponding to the first user identifier generation request.

Here, the first extended user identifier may include the environment identifier obtained in sub-step 3071, the generated random number, and the first user identifier category identifier in the first user identifier generation request received in step 307.

Here, the user identification key can only be stored in the trusted execution environment, and can only be accessed by programs within the trusted execution environment, and cannot be accessed by programs outside the trusted execution environment.

Here, using the user identification key stored in the trusted execution environment of the first terminal device to encrypt the first extended user identification, various symmetric encryption algorithms may be used.

The user identification generated in step 307 is generated based on the environment identification of the trusted execution environment of the first terminal device, and the generated random number and the first user identification category identification are also added. As for the program, only the generated user ID can be obtained, but the environment ID in the generated user ID cannot be parsed. Only the program in the trusted execution environment can parse the generated user ID to obtain the environment ID in the user ID, so , The user ID in the user ID set of the terminal device can be protected from being cracked by a program outside the trusted execution environment, so that the user ID in the end user ID set is used as the user ID in the encrypted user information addition request, or, The user ID in the end user ID set is used as the user ID in the unencrypted user information addition request, and the user ID in the user information addition request sent to the server is also the user ID in the user ID set of the terminal device, that is, Corresponds to the user ID and user information stored on the server The user ID in the security ID, user information, and encryption mark is also the user ID in the user ID set of the terminal device, and programs outside the trusted execution environment of the server cannot resolve the user ID in the user information stored by the server, and then It is not possible to correlate each user ID in the user ID set of the same terminal device to perform big data analysis, thereby protecting the privacy and security of user information.

Optional implementation (2): Based on the above-mentioned optional implementation (1), the timing sequence 300 may further include step 308 as shown in FIG. 3B:

Step 308: The first terminal device responds to detecting a user identification verification request including a user identity to be verified and information to be encrypted, executes a user identity verification operation in a trusted execution environment of the first terminal device, and obtains a verification request with the user identity. Corresponding verification results.

In practice, the first terminal device may detect the user identity verification request in various implementation manners. For example, for example, when the first terminal device detects that the user has opened and reinstalled an application for processing user information, in order to determine that the user identifier in the user identifier set of the first terminal device is the user identifier of the first terminal device , For each user tag in the user identity set of the first terminal device, a user identity verification request may be generated by using the user identity as the user identity to be verified, and if the user identity verification result is obtained, the user is authenticated. The identity is retained in the user identity set of the first terminal device, and if a non-user identity verification result is obtained, the user identity is deleted from the user identity set of the first terminal device.

Here, the first terminal device may perform a user ID verification operation in a trusted execution environment of the first terminal device when a user ID verification request including a user ID to be authenticated and information to be encrypted is detected, to obtain a user ID The verification result corresponding to the verification request. Here, the information to be encrypted may be randomly generated information or any preset information content.

Here, the above-mentioned user identity verification operation may include sub-steps 3081 to 3087 shown in FIG. 3D:

Sub-step 3081, the user identification key stored in the trusted execution environment of the first terminal device is used to decrypt the to-be-verified user ID to obtain the extended user ID to be verified.

Here, if the user identity to be verified is obtained by encrypting the extended user identity to be verified with the user identity key stored in the trusted execution environment of the first terminal device, here, it is stored in the trusted execution environment of the first terminal device. If the user ID key to be authenticated is decrypted, the extended user ID to be verified can be obtained.

Sub-step 3082 generates a first key according to a preset algorithm according to an environment identifier in the extended user identifier to be verified.

For example, according to a preset algorithm, generating the first key according to the environment identifier in the extended user identifier to be verified may be performed as follows: combining the environment identifier in the extended user identifier to be verified and the trusted execution environment stored in the first terminal device A predetermined key component identifier (for example, it may be a preset constant) to obtain the first key.

As another example, according to a preset algorithm, generating the first key according to the environment identifier in the extended user identifier to be verified may also be performed as follows: the environment identifier in the extended user identifier to be verified and the trusted execution environment of the first terminal device An XOR operation is performed on a preset mask stored in the memory to obtain a first key.

Sub-step 3083: Use the generated first key to encrypt the information to be encrypted to obtain the first encrypted information.

Sub-step 3084, according to a preset algorithm, generating a second key according to an environment identifier of a trusted execution environment of the first terminal device.

Here, the preset algorithm is the preset algorithm in sub-step 3082.

Sub-step 3085: Decrypt the obtained first encrypted information by using the generated second key to obtain the first plaintext information.

Sub-step 3086: Determine whether the obtained first plaintext information is the same as the information to be encrypted.

If the determination is the same, it indicates that the environment identifier in the extended user identifier to be verified obtained by decrypting the user identifier to be verified in sub-step 3081 is the same as the environment identifier of the trusted execution environment of the first terminal device, so that the user identifier to be verified can be determined If it is the user identity of the first terminal device, the process may go to sub-step 3087.

If the determination is different, it indicates that the environment identifier in the extended user identifier to be verified obtained by decrypting the user identifier to be verified in sub-step 3081 is different from the environment identifier of the trusted execution environment of the first terminal device, so that the user identifier to be verified can be determined If it is not the user identity of the first terminal device, the process may go to sub-step 3088.

Sub-step 3087, generating a user identification verification result used to indicate that the user identification to be verified is the user identification of the first terminal device.

Sub-step 3088, generating a non-user identity verification result for indicating that the identity of the user to be verified is not the user identity of the first terminal device.

Based on the above-mentioned optional implementation manner (2), the first terminal device can verify, if necessary, whether the user identifier is the user identifier of the first terminal device.

Optional implementation (3): Based on the above-mentioned optional implementation (1) or optional implementation (2), the value range of the vendor identification of the first terminal device is different from that of the trusted execution environment of the first terminal device. The value range of the product identifier. In addition, at least one terminal device in the system for processing user information may include at least one first terminal device with a trusted execution environment, and may include at least one non-trusted execution environment. The second terminal device, and the above timing sequence 300 may further include steps 309 to 311 as shown in FIG. 3B:

Step 309: The second terminal device responds to detecting a registration request entered by the user to register as a user of the target application and / or the target website, and determining that the second terminal device does not set a corresponding user authentication information ciphertext to the target application and The first terminal device provided by the target website supports the registration request.

Here, the first terminal device provided with the trusted execution environment may be an end user device, and may also provide support for a target application and / or a target website. Here, the target application may be any designated application, and the target website may also be any designated website. For example, the target application may be a book sales e-commerce application, and the target website may also be a book sales e-commerce website. For a second terminal device without a trusted execution environment, in order to use a target application and / or a service provided by a target website supported by the first terminal device, it is necessary to first register as a user of the target application and / or target website. For this reason, if the user of the second terminal device wishes to register as a user of the target application and / or the target website, he can open the target application in the second terminal device and click on the target application associated with the operation of the user registered as the target application. Control, the second terminal device can detect the registration request, or the user of the second terminal device can also use the second terminal device to access the target website and click on the registration page of the target website that is associated with a user operation registered as the target website. Page element, the second terminal device may also detect a registration request.

If the second terminal device has initiated a registration request to the first terminal device supporting the target application and / or the target website and received the user authentication information ciphertext sent by the first terminal device, the second terminal device has been set Pass the corresponding user authentication information ciphertext. Only when the second terminal device has not set the corresponding user authentication information ciphertext and detects the registration request entered by the user to register as the target application and / or the user of the target website, the second terminal device will send the target application to the target application. And / or the first terminal device supported by the target website sends a registration request.

Step 310: In response to receiving a registration request sent by the second terminal device, the first terminal device performs a user authentication information ciphertext generation operation in a trusted execution environment of the first terminal device, obtains the user authentication information ciphertext, and sends The obtained ciphertext of the user authentication information is sent to the second terminal device that sends the received registration request.

Here, the above-mentioned user authentication information ciphertext generating operation may include sub-step 3101 and sub-step 3102 as shown in FIG. 3E:

Sub-step 3101: Update the current user serial number with the sum of the current user serial number and the preset increment stored in the trusted execution environment of the first terminal device.

Here, the current user serial number may be stored in the trusted execution environment of the first terminal device. In practice, when the trusted execution environment leaves the factory, the initial value of the current user serial number can be preset to 0 and the preset increment can be 1. Then, for the first registration request received by the first terminal device, the current user serial number will be Incremented from the initial value of 0 to 1, and updated the current user serial number with 1, that is, for the first registration request received, the updated current user serial number is 1, the second received registration request, the updated current The user serial number is 2.

Sub-step 3102, encrypting the user authentication information by using the user authentication information key stored in the trusted execution environment of the first terminal device to obtain the user authentication information ciphertext.

Here, the user authentication information key and the preset check code are stored in the trusted execution environment of the first terminal device, and only the program in the trusted execution environment of the first terminal device can access the user authentication information key and the preset verification code. If a check code is set, programs outside the trusted execution environment of the first terminal device cannot access the user authentication information key and the preset check code.

Here, the preset check code usually takes an easy-to-recognize short word, such as "seed", so that the trusted execution environment decrypts the user verification information cipher text with the user verification information key, and then checks whether the preset check code is correct to This quickly determines whether the current user authentication information ciphertext is forged.

Here, the user authentication information may include a preset check code stored in the trusted execution environment of the first terminal device, a current user serial number determined in step 3101, and an environment identifier of the trusted execution environment of the first terminal device. .

Here, various symmetric encryption algorithms can be used to encrypt the user authentication information.

Here, in practice, the ciphertext of the user authentication information can be regarded as the seed code of the registered user, and it can be understood that the first terminal device provides a credential for the successful registration operation for the registration request of the second terminal device. Because the seed code is already ciphertext, it is checked against the preset check code after decryption in a trusted execution environment. Therefore, it is not necessary to add an additional signature string to the seed code ciphertext, but add a verification at the end of the seed code. The code is optional, in case the keyboard input error or communication transmission error occurs, the system can automatically identify and report the error by comparing the verification code.

Step 311: In response to receiving the user authentication information ciphertext sent by the first terminal device, the second terminal device determines the received user authentication information ciphertext as the user authentication information ciphertext of the second terminal device.

Due to the limitation of page display, the following continues to refer to FIG. 3F. It should be noted that the process of FIG. 3F may include various steps shown in FIG. 3A and FIG. 3B in addition to the steps shown in FIG. 3F. In addition, it should be noted that the first terminal device and the second terminal device shown in FIG. 3F can perform the corresponding steps shown in FIG. 3B and FIG. 3F, and can also perform the terminal device shown in FIG. 3A. Steps performed.

Alternative implementation (4): Based on the optional implementation (3) above, the timing sequence 300 may further include steps 312 to 314 as shown in FIG. 3F:

Step 312: The second terminal device determines a transfer key in response to detecting a second user identifier generation instruction including a second user identifier category identifier and instructing to generate a user identifier of a target application and / or a target website. Use the second user ID generation request public key to encrypt the second user ID generation request to obtain the second user ID generation request ciphertext, and send the obtained second user ID generation request cipher text to the target application and / or target The website provides the first terminal device supported.

In the operations from step 309 to step 311 described above, for the second terminal device, only the corresponding user authentication information ciphertext is set, and the user identification of the target application and / or target website is not generated. In this way, the second terminal device may detect, by various implementation manners, a second user ID generation instruction including a second user ID category ID and used to instruct the user ID generation of the target application and / or the target website to be input by the user. For example, the second terminal device may detect that the user has entered the second user identification category identifier in the user identification category input control and clicked on the target application installed on the second terminal device to associate with the operation of generating the user identification of the target application. When it is determined that a second user ID generation instruction is detected. For another example, the second terminal device may also detect that the user has visited the target website, enter the second user identification category identifier in the page element for user identification category input, and click the association in the second user identification generation page of the target website. When there is a page element of the operation of generating the user ID of the target application, it is determined that a second user ID generating instruction is detected.

Here, the second terminal device may determine the transfer password if a second user ID generation instruction including a second user ID category identifier and used to instruct generation of the user ID of the target application and / or the target website is detected by the user. key.

Here, the second user identifier category identifier is used to indicate the category of the user identifier in the user identifier set corresponding to the target application and / or the target website in the second terminal device. That is, the second terminal device stores a user identification set for the target application and / or the target website. In practice, the user IDs in the user ID set for the target application and / or target website can be classified in various ways, each classification corresponding to a different second user ID category, and the second user ID category ID is used to indicate Different second user identification categories. As an example, the second user identification category identifier may be determined in an incremental manner, that is, the second terminal device may store the current second user identification category identifier for the target application and / or the target website. When the target application and / or the user identifier of the target website is instructed, the second terminal device may obtain the current second user identifier category identifier stored above, and incrementally update the acquired current second user identifier category identifier, and use the incremental update After that, the current second user identifier category identifier generates a second user identifier generating instruction. As an example, the second user identification category identifier may also be input by the user autonomously. As an example, the second user identification category identifier may also be randomly generated.

Here, the second terminal device may determine the turn-key by using various implementation manners. For example, the encryption key may be randomly generated, or the encryption key stored in advance in the second terminal device may be determined as the encryption key, or the encryption key input by the user may be received.

After the transfer key is determined, the second terminal device may use the second user ID generation request public key to encrypt the second user ID generation request to obtain the second user ID generation request ciphertext. The second user identifier generation request includes the user authentication information cipher text of the second terminal device, the determined transfer key, and the second user identifier category identifier in the detected second user identifier generation instruction.

Finally, the second terminal device may send the obtained second user identifier generation request ciphertext to the first terminal device that provides support for the target application and / or the target website.

Step 313: The first terminal device responds to receiving the second user identifier generation request ciphertext sent by the second terminal device, executes the second user identifier generation operation in the trusted execution environment of the first terminal device, and obtains the received and received The obtained second user ID generates a request for the ciphertext corresponding to the encrypted user ID, and sends the obtained second user ID to the second terminal device that sends the received second user ID to generate the requested cipher text.

The above-mentioned second user identifier generating operation may include sub-steps 3131 to 3135 shown in FIG. 3G:

Sub-step 3131: Use the second user ID generation request private key corresponding to the second user ID generation request public key stored in the trusted execution environment of the first terminal device to generate a request ciphertext for the received second user ID. Decryption is performed to obtain user authentication information ciphertext, re-encryption key, and user identification category identification.

Here, the second user ID generation request public key and the second user ID generation request private key are a pair of asymmetric encryption / decryption key pairs, wherein the second user ID generation request public key can be stored without trusted execution The second terminal device of the environment may also be stored in the trusted execution environment and outside the trusted execution environment of the first terminal device in which the trusted execution environment is set. However, the second user ID generation request private key can only be stored in the trusted execution environment of the first terminal device where the trusted execution environment is set, and can only be a program within the trusted execution environment of the first terminal device. Access cannot be accessed by programs outside the trusted execution environment of the first terminal device.

It should be noted that the decryption method used in sub-step 3131 is a decryption method corresponding to the encryption method that uses the second user ID generation request public key to encrypt the second user ID generation request in step 312.

Sub-step 3132, decrypting the ciphertext of the user authentication information obtained by decryption using the user authentication information key stored in the trusted execution environment of the first terminal device to obtain a verification code, a user serial number, and an environment identifier.

It can be understood that the decryption method used to decrypt the ciphertext of the user authentication information obtained here is symmetric to the user authentication information ciphertext generation operation shown in FIG. 3E, which is used to encrypt the user authentication information in substep 3102. The symmetric decryption method corresponding to the encryption method.

Sub-step 3133, in response to determining that the verification code obtained by the decryption is the same as the preset verification code stored in the trusted execution environment of the first terminal device, and the environment identifier obtained by the decryption is the environment of the trusted execution environment of the first terminal device The identifiers are the same, and the second extended user identifier is generated by using the second manufacturer identifier, the second product identifier, a randomly generated random number, and the user identifier category identifier obtained through decryption.

Here, if the user authentication information ciphertext obtained by decrypting the second user ID generation request ciphertext received in substep 3131 and decrypting the ciphertext in substep 3132 is authentic with the first terminal device The preset verification code stored in the execution environment is the same, and the decrypted environment ID is the same as the environment ID of the trusted execution environment of the first terminal device, indicating that the second user ID received in step 3131 is generated to request the ciphertext. The second terminal device is a second terminal device that is registered with the first terminal device, and the user authentication information ciphertext of the second terminal device is the user authentication information ciphertext generated by the first terminal device. Then, the first terminal device The second extended user identifier may be generated by using the second manufacturer identifier, the second product identifier, a randomly generated random number, and the user identifier category identifier obtained by decryption. The second vendor identifier is generated according to the product identifier of the trusted execution environment of the first terminal device, and the value range of the second vendor identifier and the product identifier of the trusted execution environment of the first terminal device are obtained. The value range and the value range of the vendor identification of the trusted execution environment of the first terminal device are different from each other, and the second product identification is the user serial number obtained by decryption.

Sub-step 3134: Encrypt the generated second extended user identifier by using the user identification key stored in the trusted execution environment of the first terminal device to obtain a second user identifier.

In step 3133, a second extended user identifier has been generated for the second terminal device. However, the second extended user identifier directly includes the second manufacturer identifier, the second product identifier, a random number, and a user identifier category identifier. Programs outside the execution environment cannot parse the above-mentioned second extended user identification, and the generated second extended user identification is encrypted by using the user identification key stored in the trusted execution environment of the first terminal device to obtain a second user. Logo. Here, the second user identifier is an identifier in a cipher text state.

In sub-step 3135, the obtained second user identifier is encrypted by using the decryption transfer key to obtain a second user identifier corresponding to the received second user identifier generation request ciphertext. Here, the encrypted user ID is obtained by encrypting the second user ID in cipher text.

Here, in order to further enhance the user information security of the second terminal device and prevent the program outside the trusted execution environment of the first terminal device from acquiring the second user identity, it is also necessary to use the decryption key obtained by decryption in substep 3131. The second user ID obtained in sub-step 3134 is encrypted to obtain a turn-key user ID corresponding to the second user ID generation request ciphertext received in sub-step 313.

Step 314: The second terminal device responds to receiving the encrypted user ID sent by the first terminal device and corresponding to the obtained second user ID generation request ciphertext and sent to the first terminal device, and uses the obtained second encrypted user ID. The encryption key in the second user ID generation request corresponding to the user ID generation request ciphertext decrypts the received encrypted user ID, obtains the second user ID, and adds the decrypted second user ID to the The user identity of the second terminal device is in a set. Here, the second user identifier obtained after decryption is a ciphertext identifier.

After step 312 to step 314, in order to use the services provided by the target application and / or target website, the second terminal device without a trusted execution environment generates a new terminal device that supports the target application and / or target website. User ID. In other words, after steps 312 to 314, the first terminal device that supports the target application and / or the target website and is provided with a trusted execution environment can develop its own "second-level user", that is, in The second terminal device develops its own "secondary user", thereby improving the function of the first terminal device, so that the first terminal device can also provide services to the outside.

Both the first user ID of the first-level user and the second user ID of the second-level user exist in cipher text. The advantage of using this type of logo is that the expression is relatively short. Both only take up 20 bytes. In addition, It is also an advantage for primary users to develop their own secondary users at will. The disadvantage is that the two are only used to identify a user, and they cannot implement signatures and verify signatures on behalf of the user.

In order to overcome the above-mentioned shortcomings, we have added a design to the trusted execution environment, so that when a first-level user develops his own second-level user, when the second user ID is generated for the second-level user, a pair of available pairs is also generated in step 313 The public and private keys for signature and signature verification, where the public key is returned with the second user identification, and is also encrypted by the turn-key in step 313, and finally the plain text of the public key is decrypted in step 314. The private key in the generated public and private keys never reveals the trusted execution environment. The trusted user's execution environment of the primary user can exercise the signing authority on behalf of the secondary user because it controls the private key of the secondary user.

In step 313, the private key is derived from Formula F according to the generated second user ID, and then the public key is further derived from the private key. For example, any 32-byte data can be used as the private key of the Bitcoin account, and its The public key is derived from the private key. Formula F only needs to derive a 32-byte hash value from the second user ID.

Private key = F (system security word, primary user security word, second user identification)

Among them, the system security word is preset by the manufacturer of the trusted execution environment and is a top-secret string. The first-level user security word is pre-configured into the trusted execution environment by adjusting specific APIs. The trusted execution environment is always The first-level user security words are not leaked to the outside, so others cannot guess, and the private key derived based on the above formula cannot be guessed either. A simple implementation of formula F is: using a hash256 hash algorithm, hashing a string formed by concatenating the system security word, the first user security word, and the second user identifier, to obtain a length of 32 bytes Can be used as the private key corresponding to the second user ID.

Optional implementation (five): Based on any of the optional implementations (a), (b), (c), and (d) above, the manufacturer identification of the first terminal device may be greater than or equal to the first The preset positive integer is less than or equal to the sum of the first preset positive integer and the second preset positive integer. The product identifier of the first terminal device is greater than the second preset positive integer and less than the first preset positive integer. The preset positive integer is greater than the second preset positive integer.

For clarity, the manufacturer ID of the first terminal device can be represented by FactoryNo, the product ID of the first terminal device by ProductNo, the first preset positive integer by I _{1 and the} second preset positive integer by I ₂ , Among them, I ₁ > I ₂ , the above-mentioned optional implementation manner (five) can be expressed as follows:

I ₁ <= FactoryNo <= (I ₁ + I ₂ ) (1)

I ₂ <ProductNo <I ₁ (2)

Alternative implementation method (6): Based on the optional implementation methods (3), (4), or (5), in which the second vendor identification in the optional implementation method (4) is based on the first terminal device. The generation of the product identification of the trusted execution environment may include: the second vendor identification is the sum of the product identification of the trusted execution environment of the first terminal device and the first preset positive integer.

Continue to use the descriptions of the above formulas (1) and (2). In addition, if the second manufacturer's identification is FactoryNo ', the optional implementation method (six) can be expressed as follows:

FactoryNo '= ProductNo + I ₁ (3)

From formula (1), formula (2) and formula (3), the following conclusions can be drawn:

(I ₁ + I ₂ ) <FactoryNo '<2I ₁ (4)

From formula (1), formula (2) and formula (4), the following conclusions can be drawn:

The value ranges of FactoryNo, ProductNo, and FactoryNo 'are different from each other, that is, the value range of the second vendor identification, the value range of the product identification of the trusted execution environment of the first terminal device, and the trusted execution environment of the first terminal device. The value range of the manufacturer ID is different from each other.

Optional implementation method (seven): Based on the above optional implementation method (six), the manufacturer identification and product identification of the first terminal device are four-byte unsigned integers, and the hexadecimal representation of the first preset positive integer is 0x80000000, the hexadecimal representation of the second preset positive integer is 0x000000FF. The following conclusions can be drawn:

FactoryNo is a four-byte unsigned integer with a value ranging from 0x80000000 to 0x800000FF;

ProductNo is a four-byte unsigned integer with a value ranging from 0x00000100 to 0x7FFFFFFF;

FactoryNo 'is a four-byte unsigned integer with a value ranging from 0x80000100 to 0xFFFFFFFF.

It can be seen from the above that the value ranges of FactoryNo, ProductNo, and FactoryNo 'are different, that is, the value range of the second manufacturer's identification, the value range of the product identification of the trusted execution environment of the first terminal device, and the first terminal device. The value range of the vendor ID of the trusted execution environment is different from each other.

Due to the limitation of the page display, the following reference is continued to FIG. 3H. It should be noted that the process of FIG. 3H may include various steps shown in FIG. 3A, FIG. 3B, and FIG. 3F in addition to the steps shown in FIG. 3H. In addition, it should be noted that the first terminal device and the second terminal device shown in FIG. 3H can perform the corresponding steps shown in FIG. 3B, FIG. 3F, and FIG. 3H, and can also perform the steps shown in FIG. 3A. Steps that the terminal device can perform.

Optional implementation method (eight): Most current applications or website logins also use a login method that is a verification code login. Here, based on any of the foregoing optional implementation manners, the above-mentioned sequence 300 may further include steps 315 to 319 as shown in FIG. 3H to implement the server's verification of the user identity of the first terminal device:

In step 315, the server, in response to receiving an end user identity verification request including the user identity to be verified, sent by the first terminal device, executes a user identity verification information ciphertext generation operation in a trusted execution environment of the server to obtain verification with the end user identity. Request the corresponding user identification verification information ciphertext, and send the obtained user identification verification information ciphertext to the first terminal device that sends the received end user identification verification request.

Here, the first terminal device may send an end user identity verification request including a user identity to be verified to the server under various preset conditions. For example, before sending the user information addition request to the server in steps 301 and 302, the first terminal device may first send the user ID in the user information addition request to be sent to the server as the terminal user ID generated by the user ID to be verified. Verify the request. If the end-user authentication pass result sent by the server is received, the user information addition request to be sent can be sent to the server. Conversely, if the end-user authentication pass result sent by the server is not passed, the server will not send the to-be-sent User information addition request. For another example, before sending the user information transfer request to the server in step 304, the first terminal device may also send the user ID in the user information transfer request to be sent to the server as the terminal user ID generated by the user ID to be verified. Verify the request. If the end-user authentication pass result sent by the server is received, the user information transfer request to be sent can be sent to the server. Conversely, if the end-user authentication pass result sent by the server is not passed, the server will not send the to-be-sent User information transfer request.

In this way, upon receiving an end user identity verification request including the identity of the user to be authenticated sent by the first terminal device, the server may execute the cipher text generation operation of the user identity verification information in the trusted execution environment of the server, and obtain The user identification verification information ciphertext corresponding to the identification verification request, and the obtained user identification verification information ciphertext is sent to the first terminal device that sends the received end user identification verification request. The ciphertext generation operation of the user identification verification information may include sub-steps 3151 to 3153 as shown in FIG. 3I:

Sub-step 3151: Decrypt the received user ID to be verified by using the user ID key stored in the trusted execution environment of the server to obtain the extended user ID to be verified.

Here, the same user identification key is stored in the trusted execution environment of the first terminal device and the server's trusted execution environment, and by the same token, the user identification key stored in the server's trusted execution environment can only be It is accessed by programs within the server's trusted execution environment and cannot be accessed by programs outside the server's trusted execution environment. If the user identification to be authenticated is obtained by encrypting the user identification key stored in the trusted execution environment of the first terminal device to be used for verification extended user identification, then the user identification key stored in the trusted execution environment of the server is used The received user ID to be verified is decrypted to obtain the extended user ID to be verified.

Sub-step 3152, generating user identification verification information including a set of environment IDs that are allowed to be decrypted and information to be verified, and adding the environment ID in the extended user ID to be verified to the set of environment IDs that are allowed to be decrypted in the generated user ID verification information.

Here, the information to be verified may be randomly generated information or any preset information content.

Sub-step 3153: The generated user identification verification information is encrypted by using the user identification verification information public key in the user identification verification information key pair stored in the trusted execution environment of the server to obtain a user corresponding to the end user identity verification request. Identifies the authentication information ciphertext.

Here, the user identification verification information key includes a user identification verification information public key and a user identification verification information private key, wherein the user identification verification information public key may be stored in the trusted execution environment and trusted of the server or the first terminal device. Outside the execution environment, and the private key of the user identification verification information can only be stored in the trusted execution environment of the server or the trusted execution environment of the first terminal device, the private key of the user identification verification information can only be trusted by the server Programs within the execution environment or programs within the trusted execution environment of the first terminal device.

Step 316: In response to receiving the ciphertext of the user identification verification information sent by the server, the first terminal device executes an operation of generating verification information in a trusted execution environment of the first terminal device, and obtains a secret that is similar to the received user identification verification information. The verification information corresponding to the text, and send the obtained verification information to the server.

Here, the verification information generating operation may include sub-steps 3161 to 3162 as shown in FIG. 3J:

Sub-step 3161: Decrypt the received user identification verification information cipher text by using the user identification verification information private key in the user identification verification information key pair stored in the trusted execution environment of the first terminal device to obtain the user identification. verify message.

Here, the same user identification verification information private key is stored in the trusted execution environment of the first terminal device and the trusted execution environment of the server. If the received user identification verification information ciphertext is obtained by the server using the user identification verification information public key to encrypt the user identification verification information, then the user identification verification information stored in the trusted execution environment of the first terminal device is used. The private key decrypts the ciphertext of the received user identification verification information to obtain the user identification verification information.

Sub-step 3162, in response to determining that the environment identifier of the trusted execution environment of the first terminal device belongs to the decryption-allowed environment identifier set in the user ID verification information obtained by decryption, determining the to-be-verified information in the user ID verification information obtained by decryption Authentication information corresponding to the ciphertext of the received user authentication information.

Here, the user ID verification information obtained by decryption in sub-step 3161 includes a set of environment identifiers that are allowed to be decrypted and information to be verified. The decryption environment identification set indicates that the ciphertext of the user identification verification information received in step 316 was sent by the server to the first terminal device, and the information to be verified in the user identification verification information decrypted in substep 3161 can be determined Authentication information corresponding to the ciphertext of the received user authentication information.

Step 317: The server determines whether the received authentication information corresponds to the user corresponding to the ciphertext of the user identification verification information sent in response to receiving the authentication information corresponding to the ciphertext of the user identification verification information sent by the first terminal device. The information to be verified in the identification verification information is the same.

Here, the server may receive the authentication information corresponding to the sent user identification verification information cipher text sent by the first terminal device, where the sent user identification verification information cipher text and the end user identity received by the server Corresponds to the authentication request, and determines whether the received authentication information is the same as the to-be-verified information in the user identification authentication information corresponding to the ciphertext of the user identification authentication information sent.

In step 318, the server responds to the determination that it is the same, and generates an end-user authentication pass result for indicating that the received end-user identity authentication request authentication passes.

Here, in step 317, the server may determine that the received authentication information is the same as the to-be-verified information in the user identification verification information corresponding to the cipher text of the user identification verification information sent, indicating that the received end user identity verification The user identity to be verified in the request is the user identity of the first terminal device that sent the above-mentioned end user identity verification request, and an end user verification pass result used to indicate that the received end user identity verification request verification is passed can be generated.

Step 319: In response to the determination being different, the server generates an end-user verification failure result for indicating that the received end-user identity verification request verification fails.

Here, in step 317, the server may determine that the received authentication information is different from the to-be-verified information in the user identification verification information corresponding to the cipher text of the user identification verification information sent, indicating that the received end user identification verification The user identity to be verified in the request is not the user identity of the first terminal device that sent the above-mentioned end user identity verification request, and an end user verification failure result may be generated to indicate that the received end user identity verification request fails verification.

After steps 315 to 319 in the above-mentioned optional implementation manner (8), the server can implement verification of the user identity of the first terminal device, and the verification process introduces complex operations in a trusted execution environment, compared with the existing Verification code method, more secure.

Due to the limitation of the page display, the following continues to refer to FIG. 3K. It should be noted that in addition to the steps shown in FIG. 3K, the process of FIG. 3K may also include the steps shown in FIG. 3A, FIG. 3B, FIG. Each step. In addition, it should be noted that the first terminal device and the second terminal device shown in FIG. 3K can perform the corresponding steps shown in FIG. 3B, FIG. 3F, FIG. 3H, and FIG. 3K, and can also perform the steps shown in FIG. 3A. The various steps that the terminal device shown can perform.

Alternative implementation (9): Here, based on any of the alternative implementations (3) to (8) above, the above-mentioned sequence 300 may further include steps 320 to 326. The first terminal device is configured to send information to a designated first terminal device and / or a second terminal device:

Step 320: The first terminal device, in response to detecting an information encryption request including a receiver user identification set and information to be encrypted, performs an information encryption operation in a trusted execution environment of the first terminal device, and obtains a message corresponding to the information encryption request. Information ciphertext.

In practice, the first terminal device may determine that an information encryption request is detected under various preset conditions. As an example, the information creator (for example, the testator) can open the targeted information encryption application installed on the first terminal device, and enter the user ID of each information receiver (for example, the user ID of each heir) as the recipient user. Identify the set, and then input the information to be encrypted (for example, will content) as the information to be encrypted, and click the control of the associated information encryption operation, so that the first terminal device can determine that an information encryption request is detected. For another example, the information creator (for example, the testator) can also use the first terminal device to access the website that provides the directional information encryption function, and enter the user ID of each of the information receivers (for example, the user ID of each of the heirs of the will) as the receiver. Party user identification set, and then input the information to be encrypted (such as will content) as the information to be encrypted, and click the page element of the associated information encryption operation on the page, so that the first terminal device can determine that an information encryption request is detected.

In this way, the first terminal device can perform an information encryption operation in a trusted execution environment of the first terminal device in a case where an information encryption request including a receiver's user identity set and information to be encrypted is detected, to obtain an information encryption request. The corresponding information ciphertext. The information encryption operation may include sub-step 3201 and sub-step 3202 as shown in FIG. 3L:

In step 3201, a receiver environment identifier set is generated by using a receiver environment identifier corresponding to each receiver user identifier in the receiver user identifier set.

Wherein, the receiver's environment identifier is the environment identifier in the receiver's extended user obtained by decrypting the receiver's user ID with the user's identification key stored in the trusted execution environment of the first terminal device.

That is, the user identifier of the receiver is provided within the trusted execution environment of the first terminal device outside the trusted execution environment of the first terminal device. When generating the information ciphertext, not the user identification but the environment identification is used. Therefore, it is necessary to obtain the receiver environment identifier by decrypting the receiver user identifier within the trusted execution environment of the first terminal device.

Sub-step 3202, encrypting the receiver's environment identification set and the information to be encrypted by using the directional information public key in the directional information key pair stored in the trusted execution environment of the first terminal device to obtain information corresponding to the information encryption request Ciphertext.

Here, the directional information key pair includes a directional information public key and a directional information private key, wherein the directional information public key can be stored within the trusted information environment and outside the trusted execution environment of the first terminal device, and the directional information public key It may also be stored in a second terminal device without a trusted execution environment. The private key of the directed information can only be stored in the trusted execution environment of the first terminal device. Only the program within the trusted execution environment of the first terminal device can access the private key of the directed information, and the trusted execution environment of the first terminal device. Other programs cannot access the private key of the directed information.

After this encryption operation, the directional information public key in the generated information ciphertext is used to encrypt the receiver's environment identification set and the information to be encrypted.

It should be noted that, here, when the first terminal device serves as the information creator, the information ciphertext has been created after step 320. The first terminal device may not only serve as the information creator but also the information receiver. In addition, the first terminal device may also be the second terminal device without a trusted execution environment. The information receiver can use various implementation methods to obtain the information ciphertext created by the information creator. For example, the creator of the information can send the ciphertext of the information to the email address specified by the receiver of the information, and then the receiver of the information can obtain the ciphertext of the information by receiving the email, or the creator of the information can also provide the download The URL of the information ciphertext is linked, and then the information receiver clicks the URL link to download the information ciphertext. Alternatively, the information receiver can also copy the information ciphertext directly from the information creator through a USB flash drive.

After step 320, the information is encrypted. That is, when the information ciphertext is generated, the receiver environmental identifier set is specified. Only when the environment identifier belongs to the receiver environmental identifier set specified in the information ciphertext, can the corresponding information ciphertext be used. Information in plain text.

Step 321: In response to detecting the first information decryption request including the ciphertext of the information to be decrypted, the first terminal device executes the first information decryption operation in the trusted execution environment of the first terminal device to obtain the first information decryption request. The corresponding message is plain text.

Here, when the first terminal device serves as the information receiver, in order to use the information ciphertext, the information ciphertext needs to be decrypted. At this time, when the first terminal device detects the first information decryption request including the ciphertext of the information to be decrypted, the first terminal device executes the first information decryption operation in the trusted execution environment of the first terminal device to obtain the first information decryption operation. The plaintext of the message corresponding to the message decryption request. The first information decryption operation may include sub-step 3211 and sub-step 3212 as shown in FIG. 3M:

Sub-step 3211: The ciphertext of the information to be decrypted in the first information decryption request is decrypted by using the directional information private key in the directional information key pair stored in the trusted execution environment of the first terminal device to obtain a first receiver. The environment identification set and the first information are in plain text.

Here, if the information to be decrypted is encrypted with the public key of the directional information, then the private key of the directional information stored in the trusted execution environment of the first terminal device is used to decrypt the ciphertext of the information to be decrypted in the first information decryption request. , The first receiver's environment identifier set and the first information plaintext can be obtained.

Sub-step 3212, in response to determining that the environment identifier of the trusted execution environment of the first terminal device belongs to the first receiver environment identifier set, determining the first information plaintext as the information plaintext corresponding to the first information decryption request.

The first receiver environmental identifier set and the first information plaintext have been decrypted in sub-step 3211. If the environment identifier of the trusted execution environment of the first terminal device belongs to the decrypted first receiver environmental identifier set, step 321 is displayed. The information to be decrypted in is sent to the first terminal device, and then the first plaintext of the information decrypted in sub-step 3211 can be determined as the plaintext of the information corresponding to the first information decryption request, that is, the first terminal can be decrypted in the first terminal. The device uses the plaintext of the information corresponding to the first information decryption request. On the contrary, if the environment identifier of the trusted execution environment of the first terminal device does not belong to the first receiver environmental identifier set obtained by decryption, it indicates that the information to be decrypted in step 321 is not sent to the first terminal device, although In sub-step 3211, the first information plaintext has been decrypted in the trusted execution environment of the first terminal device, but the first terminal device still cannot obtain and use the first information plaintext.

Here, the implementation of distinguishing whether the information to be decrypted is sent to a specified device by using the environment identifier has a significant advantage, because the environment identifier includes the manufacturer identifier and the product identifier, and the manufacturer identifier and the product identifier can each occupy only 4 bytes. For the public key (at least 33 bytes) or the hash of the public key (at least 20 bytes) of the digital currency, the environment identifier of this solution occupies a small amount of bytes. Moreover, because the value ranges of the manufacturer's identification and the product identification do not overlap, when the above first receiver's environmental identification set lists the environmental identification of each device, the manufacturer identification can be listed only once for multiple consecutive devices with the same manufacturer identification. After that, successively listing multiple product identifications can be automatically parsed into designated equipment with the same manufacturer identification. In this way, the byte occupancy of the first receiver environmental identifier set is further compressed.

The directed decryption of the information is achieved through step 321, that is, the plaintext of the information can be used only when the environmental identifier belongs to the receiver environmental identifier set specified in the information ciphertext.

Step 322: The second terminal device determines a transfer key in response to detecting a second information decryption request including a ciphertext of the information to be decrypted.

Here, when the second terminal device is used as the information receiver, since the second terminal device does not have a trusted execution environment, in order to use the information plaintext corresponding to the information cipher text, it is necessary to use the first terminal device to perform information encryption. Determine the encryption key. Here, the second terminal device may receive the key string input by the user as the transfer key, and the second terminal device may also randomly generate a key as the transfer key.

Step 323: The second terminal device encrypts the second cipher instruction with the directional information public key in the directional information key pair to obtain the second cipher instruction.

Here, the second encryption instruction includes user authentication information of the second terminal device and the encryption password determined in step 322.

Step 324: The second terminal device sends the obtained second ciphertext instruction ciphertext and the information ciphertext to be decrypted in the second information decryption request as an information cipher request to the first application providing support for the target application and / or the target website. A terminal device.

Here, since the second terminal device does not have a trusted execution environment, as the information receiver, in order to use the information ciphertext, the information needs to be encrypted by means of the first terminal device. In step 323, the second cipher instruction is encrypted to obtain a second cipher instruction. The cipher text of the message to be decrypted is encrypted. Therefore, the second cipher instruction obtained in step 323 can be encrypted. The ciphertext of the message to be decrypted in the text and the second information decryption request is sent as an information transfer request to the first terminal device that provides support for the target application and / or the target website.

Step 325: In response to receiving the information transfer request sent by the second terminal device, the first terminal device executes the information transfer operation in the trusted execution environment of the first terminal device, and obtains the request with the received information transfer request. The corresponding re-encryption information and the obtained re-encryption information are sent to a second terminal device that sends the received information re-encryption request.

Here, the information transfer operation may include sub-step 3251 to sub-step 3254 as shown in FIG. 3O:

Sub-step 3251, decrypting the second ciphertext instruction ciphertext in the received information cipher request using the directional private key of the directional information key pair stored in the trusted execution environment of the first terminal device, Get user authentication information and transfer key.

Here, the information transcoding request received by the first terminal device from the second terminal device includes the second ciphertext instruction ciphertext and the information to be decrypted, and the second ciphertext instruction ciphertext is encrypted by using the directional information public key. Therefore, by using the directional information private key in the directional information key pair stored in the trusted execution environment of the first terminal device to decrypt the second ciphertext instruction ciphertext in the received information cipher request, it is possible to A second encryption instruction is obtained, and the second encryption instruction includes the user authentication information and the encryption key of the second terminal device.

Sub-step 3252, decrypting the user authentication information obtained by decryption using the user authentication information key stored in the trusted execution environment of the first terminal device to obtain a verification code, a user serial number, and an environment identifier.

Here, because the user authentication information is obtained by the first terminal device using the user authentication information key in the trusted execution environment to encrypt the preset verification code, the current user serial number, and the environment identifier of the trusted execution environment of the first terminal device, Therefore, by using the user authentication information key stored in the trusted execution environment of the first terminal device to decrypt the user authentication information obtained by decryption, a verification code, a user serial number, and an environment identifier can be obtained.

Sub-step 3253, in response to determining that the environment identifier obtained by decryption is the same as the environment identifier of the trusted execution environment of the first terminal device and the verification code obtained by decryption is the preset verification stored in the trusted execution environment of the first terminal device The same code is used, and the directional information private key in the directional information key pair stored in the trusted execution environment of the first terminal device is used to decrypt the information ciphertext in the received information transfer request to obtain the second receiver. The environment identification set and the second information are in plain text.

Here, if the verification code obtained by decrypting the user verification information decrypted in substep 3251 in substep 3252 is the same as the preset verification code stored in the trusted execution environment of the first terminal device, and the decrypted environment identifier is The environment identifier of the trusted execution environment of the first terminal device is the same, indicating that the second terminal device that sent the information transfer request is a second terminal device registered with the first terminal device, and the user of the second terminal device authenticates The information cipher text is the user authentication information cipher text generated by the first terminal device. Then, the first terminal device can use the directional information private key pair in the directional information key pair stored in the trusted execution environment of the first terminal device. The information ciphertext in the received information transfer request is decrypted to obtain the second receiver's environment identification set and the second information plaintext.

Sub-step 3254, in response to determining that the second environment identifier belongs to the second receiver environmental identifier set obtained by decryption, encrypting the decrypted second information plaintext by using the decryption transfer key, to obtain a decryption message with the received information. The secret request corresponds to the confidentiality information.

Here, after the second receiver environmental identifier set and the second information plaintext have been decrypted in step 3253, the second environmental identifier may be generated first, where the vendor identifier in the second environmental identifier is based on the trustworthiness of the first terminal device. The second vendor identifier generated by the product identifier of the execution environment, and the product identifier in the second environment identifier is the user serial number obtained by decryption in sub-step 3252. Then, it is determined whether the second environment identifier belongs to the decrypted second receiver environment identifier set. If it belongs, it indicates that the information ciphertext in the information transfer request received in step 325 is sent to the second environment identifier as instructed. The device ID of the second environment ID is the second vendor ID generated according to the product ID of the trusted execution environment of the first terminal device. The product ID in the second environment ID is in sub-step 3252. The user serial number obtained after decryption, and the user serial number obtained by decrypting the user authentication information in sub-step 3252, and the user authentication information decrypted in sub-step 3252 is a request for the encryption of the received information in sub-step 3251. It is obtained by performing decryption. Therefore, it indicates that the second terminal device that sends the information transfer request belongs to a device that can receive the information to be decrypted in the received information transfer request, that is, the second terminal that sends the information transfer request. The device may receive the plaintext of the second information obtained by decryption in sub-step 3253.

However, in order to prevent the first terminal device from obtaining the plaintext of the second information and leaking the plaintext of the information originally sent to the second terminal device, in the case of determining that the second environment identifier belongs to the decrypted second receiver environment identifier set, it may be used The decryption key obtained in the sub-step 3251 encrypts the plaintext of the second information obtained in the sub-step 3253, and obtains the secret information corresponding to the received information transfer request. Moreover, the above encryption process is performed in the trusted execution environment of the first terminal device. Programs outside the trusted execution environment of the first terminal device cannot obtain the plaintext of the second information. The re-encrypted information obtained after the key encrypts the second information in plain text, thereby protecting the security of the information directed to the second terminal device.

Step 326: In response to receiving the turn-key information sent by the first terminal device, the second terminal device uses the detected turn-key in the second information decryption request to decrypt the received turn-key information to obtain information plaintext.

Here, in a case where the second terminal device receives the re-encryption information sent by the first terminal device, the received re-encryption information corresponds to the information generated and transmitted for the detected second information decryption request. The re-encryption request uses the detected re-encryption key in the second information decryption request to decrypt the received re-encryption information to obtain the plaintext of the information.

Therefore, after step 320 to step 326, the second terminal device serves as the information receiver. Although the trusted execution environment is not set and therefore does not have the information decryption capability, the information terminal can be decrypted by using the first terminal device with the information decryption capability. Use the message plaintext corresponding to the message ciphertext sent to itself.

As can be seen from FIG. 3, compared with the embodiment corresponding to FIG. 2, a user information range identifier is introduced in the time sequence 300 of the system for processing user information in this embodiment. Therefore, the solution described in this embodiment can implement addition and query of user information in different scopes.

With further reference to FIG. 4, it illustrates a process 400 of an embodiment of a method for processing user information, which is applied to a server in a system for processing user information, wherein the system for processing user information includes at least A terminal device and a server. The server sets a trusted execution environment. The process 400 of the method for processing user information includes the following steps:

In step 401, in response to receiving a user information addition request sent by the terminal device, the user identification, user information, and encryption mark in the received user information addition request are correspondingly stored.

In this embodiment, the execution subject of the method for processing user information (for example, the server shown in FIG. 1) may receive a user information addition request sent by the terminal device, where the user information addition request may include User identification, user information, and encryption mark, and store the user identification, user information, and encryption mark in the received user information addition request. Here, the encryption mark is an encrypted mark used to characterize the user information in the user information addition request as encrypted user information ciphertext, or an encrypted mark used to characterize the user information in the user information addition request as unencrypted user information in plain text. Encrypted token. That is, the user information in the received user information addition request may be user information plaintext or encrypted user information ciphertext.

Here, the user information may include various attribute information of the user, for example, the user information may include name, age, gender, mobile phone number, ID number, nickname, avatar image, hobbies, occupation, income status, education background, hometown, home address , Work address, etc.

It can be understood that, in practice, due to the huge amount of user information, the above-mentioned execution subject may store the user identification, user information, and encryption mark in the received user information addition request in a distributed database.

Step 402: In response to receiving the user information transfer request sent by the terminal device, query the user information and the encryption mark corresponding to the user identifier in the received user information transfer request.

Since the execution subject correspondingly stores a user ID, user information, and encryption mark, the execution subject may query and receive the user information transfer request in the case of receiving the user information transfer request from the terminal device. The user information corresponding to the user ID and the encryption token, and then go to step 403 for execution. The user information transfer request may include a user identification and a first transfer request.

Step 403: In a trusted execution environment, perform a user information transfer encryption operation to obtain the transfer user information corresponding to the received user information transfer request, and send the obtained transfer user information to the sender and receiver. The terminal device of the user information transfer request.

In this embodiment, after the above-mentioned execution body can query the user information and the encryption mark in step 402, the user information encryption operation is performed in the trusted execution environment set in the above-mentioned execution body, and the same as received in step 402 is obtained. The user information corresponding to the received user information encryption request, and the obtained user information transmitted to the encryption device is sent to the terminal device that sends the received user information encryption request.

For details, reference may be made to the related description of the user information transfer encryption operation in step 205 in the embodiment shown in FIG. 2A, and details are not described herein again.

After the user information is encrypted, the user information is encrypted in plain text in the trusted execution environment of the above-mentioned execution subject using a turn-key. The program outside the trusted execution environment of the above-mentioned execution subject can only obtain the encrypted key. After the encrypted user information is encrypted, the plaintext of the user information cannot be obtained, thereby preventing the above-mentioned execution subject from revealing the plaintext of the user information.

In some optional implementation manners of this embodiment, the user information addition request received in step 401 may further include a user information range identifier. In this way, step 401 can also be performed as follows: in response to receiving the user information addition request sent by the terminal device, storing the user identification, the user information range identification, the user information, and the encryption mark in the received user information addition request in a corresponding manner.

Here, the user information range identifier is used to indicate at least one kind of attribute information among various attribute information included in the user information, and it can also be understood that the user information range identifier is used to indicate at least one of various fields included in the user information. In practice, various attribute information included in the user information may be classified according to the privacy degree and / or importance degree of each attribute information, and the user information range identifier to which each attribute information belongs is marked.

In some optional implementations of this embodiment, the user information transfer request received in step 402 may further include a user information range identifier. In this way, step 402 can also be performed as follows: Query the user information and the encryption mark corresponding to the user identifier and the user information range identifier in the received user information transfer request.

In some optional implementation manners of this embodiment, the foregoing method for processing user information may further perform the following steps 404 to 407:

Step 404: In response to receiving an end user identity verification request including a user identity to be verified and sent by a terminal device that sets a trusted execution environment, execute a user identity verification information ciphertext generation operation in the trusted execution environment to obtain an identity with the end user. The user identification verification information ciphertext corresponding to the verification request, and the obtained user identification verification information ciphertext is sent to the terminal device that sends the received end user identity verification request.

In this embodiment, the specific operation of step 404 is basically the same as the operation of step 315 in the embodiment shown in FIG. 3H, which is not repeated here. The terminal device that sets the trusted execution environment in step 404 is equivalent to step 315. In the first terminal device.

Step 405: In response to receiving the authentication information corresponding to the sent user identification verification information ciphertext sent by the terminal device setting the trusted execution environment, determine whether the received verification information is in ciphertext with the sent user identification verification information. The information to be verified in the corresponding user identification verification information is the same.

Here, the foregoing execution subject may receive the authentication information corresponding to the sent user identification verification information ciphertext sent by the terminal device that sets the trusted execution environment, where the sent user identification verification information ciphertext is related to the The received end user identity verification request corresponds, and it is determined whether the received verification information is the same as the information to be verified in the user identity verification information corresponding to the sent user identity verification information ciphertext.

In step 406, in response to determining that they are the same, an end-user verification pass result is generated to indicate that the received end-user identity verification request verification has passed.

Here, the foregoing execution body may determine in step 405 that the received authentication information is the same as the to-be-verified information in the user identification verification information corresponding to the ciphertext of the user identification verification information sent, indicating that the received end user The user identity to be verified in the identity verification request is the user identity of the terminal device that sets the trusted execution environment for sending the above-mentioned end user identity verification request, and an end user who can indicate that the received verification of the end user identity verification request is passed can be generated Verify the results.

In step 407, in response to the determination being different, an end user authentication failure result for indicating that the received end user identity authentication request authentication fails is generated.

Here, in step 405, the execution entity may determine that the received verification information is different from the to-be-verified information in the user identification verification information corresponding to the cipher text of the user identification verification information sent, indicating that the received end user The user identity to be verified in the identity verification request is not the user identity of the terminal device that sets the trusted execution environment for sending the above-mentioned end-user identity verification request, the above-mentioned execution subject may generate an indication that the received end-user identity verification request verification is not Passed end-user verification fails.

After steps 404 to 407, the server can verify the user identity of the terminal device that sets the trusted execution environment, and the verification process is more complicated than the existing verification code method due to the introduction of complex operations in the trusted execution environment. Safety.

The method provided by the foregoing embodiment of the present application stores the user ID, user information, and encryption mark in the received user information addition request in a corresponding storage manner, and queries the corresponding user ID in the received user information transfer request. User information and encryption mark, and then perform the user information transfer operation in a trusted execution environment to obtain the transfer user information corresponding to the received user information transfer request, and send the obtained transfer user information to The terminal device sending the received user information re-encryption request avoids obtaining the plaintext of the user information outside the trusted execution environment during the entire process, thereby protecting the security of the user information.

With further reference to FIG. 5, as an implementation of the methods shown in the foregoing figures, this application provides an embodiment of a device for processing user information, which corresponds to the method embodiment shown in FIG. 4. The device can be specifically applied to various electronic devices provided with a trusted execution environment.

As shown in FIG. 5, the apparatus 500 for processing user information in this embodiment includes a user information adding unit 501, a user information query unit 502, and a user information transfer unit 503. The user information adding unit 501 is configured to store the user identification, user information, and encryption mark in the received user information addition request in response to receiving the user information addition request sent by the terminal device, and the encryption mark The encrypted information used to characterize the user information in the user information addition request as encrypted user information ciphertext or the unencrypted mark used to characterize the user information in the user information addition request as unencrypted user information in plain text; user The information query unit 502 is configured to respond to receiving a user information transfer request from the terminal device, where the user information transfer request includes a user identification and a first transfer instruction, and query and transfer the received user information transfer request. The user information and encryption mark corresponding to the user identification in the request; and the user information transfer unit 503 is configured to perform the user information transfer operation in the above-mentioned trusted execution environment to obtain a request for the transfer of the user information to the received user information. The corresponding encrypted user information, and send the obtained encrypted user information to send The terminal device that received the user information transfer request, wherein the user information transfer operation includes: using a transfer instruction private key corresponding to the transfer instruction instruction public key stored in the trusted execution environment of the server, The first encryption instruction in the received user information encryption request is decrypted to obtain the ciphertext key and the encryption key; in response to determining that the found encryption token is an encrypted token, the trusted execution environment of the server is used The encryption key stored in the key is used to decrypt the ciphertext key obtained by decryption to obtain the plaintext key; the plaintext key obtained by decryption is used to decrypt the found user information to obtain the user information plaintext; in response to determining that the found The encrypted mark is unencrypted, and the found user information is determined to be the plaintext of the user information; the decrypted transfer key is used to encrypt the plaintext of the obtained user information to obtain a correspondence with the received user information transfer request Confidential user information.

In this embodiment, the specific processing of the user information adding unit 501, the user information querying unit 502, and the user information transfer unit 503 of the apparatus 500 for processing user information and the technical effects thereof can be respectively referred to corresponding to FIG. 4 Relevant descriptions of step 401, step 402, and step 403 in the embodiment are not repeated here.

In some optional implementations of this embodiment, the user information addition request may further include a user information range identifier; and the above-mentioned user information addition unit 501 may be further configured to: in response to receiving the user information addition request sent by the terminal device , And store the received user information in the user ID, user information range ID, user information, and encryption mark in the request.

In some optional implementations of this embodiment, the user information transfer request may further include a user information range identifier; and the above-mentioned user information query unit 502 may be further configured to: query and receive the user information transfer request The user ID and user information range ID in the corresponding user information and encryption mark.

In some optional implementations of this embodiment, the foregoing apparatus 500 may further include: a generating and sending unit 504 configured to respond to receiving a terminal including a user identifier to be sent and sent by a terminal device that sets a trusted execution environment The user ID verification request executes the user ID verification information ciphertext generation operation in the trusted execution environment to obtain the user ID verification information ciphertext corresponding to the terminal user ID verification request, and obtains the obtained user ID verification information ciphertext. Sending to the terminal device sending the received end user identity verification request, wherein the operation of generating the ciphertext of the user identity verification information includes: using the user identity key stored in the trusted execution environment to pair the received user to be verified The ID is decrypted to obtain the extended user ID to be verified. The user ID verification information including the set of environment IDs to be verified and the information to be verified is generated, and the environment ID in the extended user ID to be verified is added to the generated user ID verification information. Allows decryption of environment ID collections; utilizes the above Encrypting the generated user identification verification information with the public identification key of the user identification verification information in the user identification verification information key pair stored in the trusted execution environment to obtain the ciphertext of the user identification verification information corresponding to the above-mentioned end user identification verification request; The determining unit 505 is configured to respond to receiving the verification information corresponding to the sent user identification verification information ciphertext sent by the terminal device that sets the trusted execution environment, wherein the sent user identification verification information ciphertext and the received The corresponding end user identity verification request corresponds to whether the received verification information is the same as the to-be-verified information in the user identity verification information corresponding to the sent user identity verification information ciphertext; the first result generating unit 506 is configured to In response to the determination being the same, generating an end-user verification pass result indicating that the received end-user identity verification request verification has passed; the second result generating unit 507 is configured to generate the instruction for receiving Of end-user identity verification requests failed Results.

In some optional implementation manners of this embodiment, the foregoing server may be a resource server supporting the OAuth2 protocol.

It should be noted that, for implementation details and technical effects of the units in the apparatus for processing user information provided in the embodiments of the present application, reference may be made to descriptions of other embodiments in the present application, and details are not described herein again.

Reference is now made to FIG. 6, which shows a schematic structural diagram of a computer system 600 suitable for implementing a server according to an embodiment of the present application. The server shown in FIG. 6 is only an example, and should not impose any limitation on the functions and scope of use of the embodiments of the present application.

As shown in FIG. 6, the computer system 600 includes a central processing unit (CPU, Central Processing Unit) 601, which can be loaded into random access according to a program stored in a read-only memory (ROM, Read Only Memory) 602 or from a storage portion 608 A program in a memory (RAM, Random Access Memory) 603 performs various appropriate actions and processes. In the RAM 603, various programs and data required for the operation of the system 600 are also stored. The CPU 601, the ROM 602, and the RAM 603 are connected to each other through a bus 604. An input / output (I / O, Input / Output) interface 605 is also connected to the bus 604.

The following components are connected to the I / O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a cathode ray tube (CRT, Cathode Ray Tube), a liquid crystal display (LCD, Liquid Crystal Display), and a speaker, etc. A storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN (Local Area Network) card, a modem, and the like. The communication section 609 performs communication processing via a network such as the Internet. The driver 610 is also connected to the I / O interface 605 as necessary. A removable medium 611, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, etc., is installed on the drive 610 as needed, so that a computer program read therefrom is installed into the storage section 608 as needed.

In particular, according to an embodiment of the present disclosure, the process described above with reference to the flowchart may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product including a computer program carried on a computer-readable medium, the computer program containing program code for performing a method shown in a flowchart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and / or installed from a removable medium 611. When the computer program is executed by a central processing unit (CPU) 601, the above-mentioned functions defined in the method of the present application are executed. It should be noted that the computer-readable medium described in this application may be a computer-readable signal medium or a computer-readable storage medium or any combination of the foregoing. The computer-readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of computer-readable storage media may include, but are not limited to: electrical connections with one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programming read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the foregoing. In this application, a computer-readable storage medium may be any tangible medium that contains or stores a program that can be used by or in combination with an instruction execution system, apparatus, or device. In this application, a computer-readable signal medium may include a data signal that is borne in baseband or propagated as part of a carrier wave, and which carries computer-readable program code. Such a propagated data signal may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the foregoing. The computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium, and the computer-readable medium may send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device . Program code embodied on a computer-readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Computer program code for performing the operations of the present application may be written in one or more programming languages, or a combination thereof, including programming languages such as Java, Smalltalk, C ++, Python, and also object-oriented. Includes regular procedural programming languages—such as "C" or similar programming languages. The program code can be executed entirely on the user's computer, partly on the user's computer, as an independent software package, partly on the user's computer, partly on a remote computer, or entirely on a remote computer or server. In the case of a remote computer, the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (such as through an Internet service provider) Internet connection).

The flowchart and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagram may represent a module, a program segment, or a part of code, which contains one or more functions to implement a specified logical function Executable instructions. It should also be noted that in some alternative implementations, the functions noted in the blocks may also occur in a different order than those marked in the drawings. For example, two successively represented boxes may actually be executed substantially in parallel, and they may sometimes be executed in the reverse order, depending on the functions involved. It should also be noted that each block in the block diagrams and / or flowcharts, and combinations of blocks in the block diagrams and / or flowcharts, can be implemented by a dedicated hardware-based system that performs the specified function or operation , Or it can be implemented with a combination of dedicated hardware and computer instructions.

The units described in the embodiments of the present application may be implemented by software or hardware. The described unit may also be provided in a processor, for example, it may be described as: a processor includes a user information adding unit, a user information query unit, and a user information transfer and encryption unit. Among them, the names of these units do not constitute a limitation on the unit itself in some cases. For example, the user information adding unit may also be described as "the user ID, user information, and The encrypted token corresponds to the stored unit. "

As another aspect, the present application also provides a computer-readable medium, which may be included in the device described in the foregoing embodiments; or may exist alone without being assembled into the device. The computer-readable medium carries one or more programs, and when the one or more programs are executed by the device, the device causes the device to: in response to receiving a user information addition request sent by a terminal device, update the received user information The user identification, user information, and encryption mark in the add request are correspondingly stored, where the encryption mark is an encrypted mark used to characterize the user information in the user information addition request as an encrypted user information ciphertext or used to characterize the addition of user information The user information in the request is an unencrypted mark of the user information that is not encrypted in plain text; in response to receiving a user information transfer request from the terminal device, wherein the user information transfer request includes a user identification and a first transfer instruction, query User information and encryption tokens corresponding to the user ID in the received user information transfer request; in a trusted execution environment, perform a user information transfer operation to obtain a transfer corresponding to the received user information transfer request Confidential user information, and send the obtained encrypted user information to the receiving A terminal device for requesting the transfer of user information, wherein the operation of transferring user information includes: using a private key of the private key corresponding to the public key of the private key stored in the trusted execution environment of the server, and transmitting the received user information. The first encryption instruction in the encryption request is decrypted to obtain the ciphertext key and the encryption key; in response to determining that the found encryption token is an encrypted token, the encryption key stored in the trusted execution environment of the server is used Decrypt the ciphertext key obtained by decryption to obtain the plaintext key; use the plaintext key obtained by decryption to decrypt the found user information to obtain the user information plaintext; in response to determining that the found encrypted token is an unencrypted token , The found user information is determined as the user information plaintext; the decrypted transfer key is used to encrypt the obtained user information plaintext to obtain the encrypted user information corresponding to the received user information encrypted request.

The above description is only a preferred embodiment of the present application and an explanation of the applied technical principles. Those skilled in the art should understand that the scope of the invention involved in this application is not limited to the technical solution of the specific combination of the above technical features, but should also cover the above technical features or Other technical solutions formed by arbitrarily combining their equivalent features. For example, a technical solution formed by replacing the above features with technical features disclosed in this application (but not limited to) having similar functions.

Claims

A terminal device for processing user information includes:

Processor; and

A memory that stores machine-readable instructions that can be executed by the processor to perform the following operations:

In response to detecting an encrypted user information addition request including a user ID, user information to be added, and a plaintext key, the key and user information encryption operation is performed in a target trusted execution environment that supports the encryption operation of the key and user information To obtain a ciphertext key corresponding to the plaintext key and a user information ciphertext corresponding to the user information to be added, and to include the user ID and the obtained user information secret in the encrypted user information addition request. Send a request for adding the user information of the text and the encryption mark to the encrypted mark to the server;

In response to detecting an unencrypted user information addition request including a user identification, user information to be added, and an encrypted mark as an unencrypted mark, sending the unencrypted user information addition request to the server as a user information addition request, the unencrypted mark It is used to indicate that the user information in the user information addition request is plaintext of the user information without encryption;

In response to detecting a user information query request including a user ID, a ciphertext key, and a transfer key, the ciphertext key and the transfer key in the received user information query request are performed using the transfer key instruction public key Obtain the first transfer password instruction by encryption, and send the user identifier in the user information query request and the obtained first transfer password instruction to the server as a user information transfer password request corresponding to the user information query request; as well as

In response to receiving the encrypted user information corresponding to the sent user information encrypted request sent by the server, the received encrypted user key corresponding to the transmitted user information query request corresponding to the transmitted user information encrypted request is used to receive the received encrypted password. The encrypted user information is decrypted to obtain the user information in plain text.
The terminal device according to claim 1, wherein the encrypted token is used to characterize that the user information in the user information adding request is an encrypted user information ciphertext, and the encryption operation of the key and the user information comprises: using the target A key for encrypting the plaintext key stored in the trusted execution environment, encrypting the plaintext key to obtain a ciphertext key corresponding to the plaintext key; and using the plaintext key to the user to be added The information is encrypted to obtain a user information ciphertext corresponding to the plaintext of the user information to be added.
The terminal device according to claim 1, wherein the encrypted user information addition request and the unencrypted user information addition request further include a user information range identifier.
The terminal device according to claim 3, wherein sending to the server a user information addition request including the user identification in the encrypted user information addition request, the obtained user information ciphertext, and the user information encrypted mark as an encrypted mark, comprising: :

And sending the user identification and user information range identification in the encrypted user information addition request, the obtained encrypted user information, and the user information addition request encrypted with an encrypted mark to the server.
The terminal device according to claim 3, wherein in response to detecting an unencrypted user information addition request including a user identification, user information to be added, and an encrypted mark as an unencrypted mark, the unencrypted user information addition request is treated as a user Sending an information addition request to the server includes:

In response to detecting an unencrypted user information addition request including a user identification, a user information range identification, user information to be added, and an encrypted mark as an unencrypted mark, sending the unencrypted user information addition request to the user information addition request to the server.
The terminal device according to claim 1, wherein the user information query request further includes a user information range identifier, and the user identifier in the user information query request and the obtained first transfer password instruction are used as the same as the Sending the user information transfer request corresponding to the user information query request to the server includes:

And sending the user identifier and user information range identifier in the user information query request and the obtained first transfer password instruction to the server as a user information transfer password request corresponding to the user information query request.
The terminal device according to claim 1, wherein the user identification in the encrypted user information addition request, the user identification in the unencrypted user information addition request, and the user identification in the user information query request are in the user identification set of the terminal device. User ID.
The terminal device according to claim 7, wherein the terminal device comprises a first terminal device setting a trusted execution environment, and the first terminal device is responsive to detecting a first user including a first user identification category identifier An identity generation request, in a trusted execution environment of the first terminal device, performing a first user identity generation operation to obtain a user identity corresponding to the first user identity generation request, and adding the obtained user identity to the In the user identifier set of the first terminal device, the first user identifier generating operation includes: obtaining an environment identifier including a manufacturer identifier and a product identifier, which is used to indicate a trusted execution environment of the first terminal device; randomly generated A random number; using the user identification key stored in the trusted execution environment of the first terminal device to encrypt the first extended user identification to obtain a user identification corresponding to the first user identification generation request, wherein the first An extended user ID includes the obtained environment ID, the generated random number, and the first user ID generation The first user identification category identifier in the request.
The terminal device according to claim 8, wherein the first terminal device executes in a trusted execution environment of the first terminal device in response to detecting a user identification verification request including a user identity to be verified and information to be encrypted. A user identity verification operation obtains a verification result corresponding to the user identity verification request, wherein the user identity verification operation includes: using a user identity key stored in a trusted execution environment of the first terminal device to pair the standby Decrypting the verified user ID to obtain the extended user ID to be verified; generating a first key according to a preset algorithm according to the environment ID in the extended user ID to be verified; and encrypting the information to be encrypted with the generated first key, Obtaining the first encryption information; generating a second key according to the preset algorithm, and an environment identifier of the trusted execution environment of the first terminal device; decrypting the obtained first encryption information using the generated second key To obtain the first plaintext information; and in response to determining that the obtained first plaintext information is the same as the information to be encrypted, generating an instruction for It is described that the user identifier to be verified is the user identifier of the first terminal device, and a user identifier verification result; and in response to determining that the obtained first plaintext information is different from the to-be-encrypted information, generating an indication that the user identifier to be verified is not The non-user identification verification result of the user identification of the first terminal device.
The terminal device according to claim 8 or 9, wherein a value range of the vendor identification is different from a value range of the product identification, and the terminal device includes a second terminal device without a trusted execution environment, and the first The second terminal device responds to detecting a registration request entered by a user to register as a user of a target application and / or a target website, and determining that the second terminal device has not set a corresponding user authentication information ciphertext to the target application and / or Sending, by the first terminal device supported by the target website, the registration request;

In response to receiving the registration request sent by the second terminal device, the first terminal device performs a user authentication information ciphertext generation operation in a trusted execution environment of the first terminal device, obtains the user authentication information ciphertext, and converts the The obtained user authentication information ciphertext is sent to the second terminal device that sends the received registration request, wherein the user authentication information ciphertext generation operation includes: using the current stored in the trusted execution environment of the first terminal device. Sum the user serial number and a preset increment to update the current user serial number; use the user authentication information key stored in the trusted execution environment of the first terminal device to encrypt the user authentication information to obtain the user authentication information ciphertext, where: The user verification information includes a preset check code stored in a trusted execution environment of the first terminal device, the current user serial number, and an environment identifier of the trusted execution environment of the first terminal device;

In response to receiving the user authentication information ciphertext sent by the first terminal device, the second terminal device determines the received user authentication information ciphertext as the user authentication information ciphertext of the second terminal device; A second user ID generation instruction input by a user that includes a second user ID category ID and is used to instruct generation of the user ID of the target application and / or the target website, determines a transfer key, and generates a request using the second user ID The public key encrypts the second user ID generation request to obtain a second user ID generation request ciphertext, and sends the obtained second user ID generation request ciphertext to providing support for the target application and / or the target website The first terminal device, wherein the second user ID generation request includes the user authentication information ciphertext of the second terminal device, the determined transfer key, and the second user ID category ID;

The first terminal device responds to receiving a second user identifier generation request ciphertext sent by the second terminal device, executes a second user identifier generation operation in a trusted execution environment of the first terminal device, and obtains the received and received The second user identifier generation request ciphertext corresponding to the ciphertext user identifier, and sending the obtained ciphertext user identifier to the second terminal device sending the received second user identifier generation request ciphertext;

The second terminal device is responsive to receiving the encrypted user ID sent by the first terminal device and corresponding to the obtained second user ID generation request ciphertext and sent to the first terminal device, and uses the obtained second user The encryption key in the second user ID generation request corresponding to the ciphertext of the ID generation request decrypts the received encrypted user ID to obtain a second user ID, and adds the decrypted second user ID to the first The user identity of the second terminal device is in the set.
The terminal device according to claim 10, wherein the second user identification generating operation comprises: using a first storage device corresponding to the second user identification generation request public key stored in a trusted execution environment of the first terminal device. The second user ID generation request private key decrypts the received second user ID generation request cipher text to obtain the user authentication information cipher text, the re-encryption key, and the user ID category identifier; using the trusted execution environment of the first terminal device The user verification information key stored in the decryption decrypts the user verification information ciphertext to obtain a verification code, a user serial number, and an environment identifier; and in response to determining that the decrypted verification code is in a trusted execution environment of the first terminal device The stored preset verification code is the same and the decrypted environment ID is the same as the environment ID of the trusted execution environment of the first terminal device. The second manufacturer ID, the second product ID, a randomly generated random number, and the decrypted user are used. The identification category identifier generates a second extended user identifier, where the second vendor identifier is based on the first terminal device. Generated by the product identification of the trusted execution environment, and the value range of the second vendor identification, the value range of the product identification of the trusted execution environment of the first terminal device, and the trusted execution environment of the first terminal device. The value range of the vendor ID is different from each other, and the second product ID is the user serial number obtained by decryption; the second extended user ID generated by using the user ID key pair stored in the trusted execution environment of the first terminal device Encrypting to obtain the second user identity; using the decryption transfer key to encrypt the obtained second user identity to obtain the turn-key user identity corresponding to the received second user identity generation request ciphertext.
The terminal device according to claim 10, wherein the second user identifier generating operation comprises:

While generating the second user ID, generate a public key encrypted by the turn-key and a system security word that can be set in advance, a user security word that is pre-configured by the user, and the second user ID. Out the private key.
The terminal device according to claim 10, wherein the manufacturer identification of the first terminal device is greater than or equal to a first preset positive integer and less than or equal to a sum of the first preset positive integer and a second preset positive integer, The product identifier of the first terminal device is greater than the second preset positive integer and smaller than the first preset positive integer, and the first preset positive integer is greater than the second preset positive integer.
The terminal device according to claim 13, wherein the second vendor identification is generated based on a product identification of a trusted execution environment of the first terminal device, comprising:

The second vendor identification is a sum of a product identification of the trusted execution environment of the first terminal device and the first preset positive integer.
The terminal device according to claim 14, wherein the manufacturer identification and product identification of the first terminal device are four-byte unsigned integers, and a hexadecimal representation of the first preset positive integer is 0x80000000, and the The hexadecimal representation of the second preset positive integer is 0x000000FF.
The terminal device according to claim 10, wherein, in response to receiving the ciphertext of the user identification verification information sent by the server, the first terminal device performs verification information generation in a trusted execution environment of the first terminal device. Operation to obtain authentication information corresponding to the received ciphertext of the user identification authentication information, and send the obtained authentication information to the server, wherein the operation of generating the authentication information includes: using the available information of the first terminal device; The user identification verification information private key in the user identification verification information key pair stored in the letter execution environment decrypts the received user identification verification information ciphertext to obtain the user identification verification information; in response to determining the first terminal device's The environment identifier of the trusted execution environment belongs to the set of environment identifiers allowed to be decrypted in the user identification verification information obtained by decryption, and the information to be verified in the decrypted user identification verification information is determined to correspond to the received ciphertext of the user authentication information. verify message.
The terminal device according to claim 16, wherein:

The first terminal device, in response to detecting an information encryption request including a receiver user identification set and information to be encrypted, performs an information encryption operation in a trusted execution environment of the first terminal device to obtain information corresponding to the information encryption request. The ciphertext, wherein the information encryption operation includes: generating a receiver environment identifier set by using a receiver environment identifier corresponding to each receiver user identifier in the receiver user identifier set, wherein the receiver environment identifier is obtained by using the receiver environment identifier The environment identifier in the extended user of the receiver obtained by decrypting the user identifier of the receiver in the user identification key stored in the trusted execution environment of the first terminal device; using the orientation stored in the trusted execution environment of the first terminal device The directional information public key in the information key pair encrypts the receiver's environmental identity set and the information to be encrypted to obtain the information ciphertext corresponding to the information encryption request;

In response to detecting the first information decryption request including the ciphertext of the information to be decrypted, the first terminal device executes the first information decryption operation in the trusted execution environment of the first terminal device to obtain a response corresponding to the first information decryption request. Clear information, wherein the first information decryption operation includes: using the private information private key of the private information key pair stored in the trusted execution environment of the first terminal device to decrypt the first information in the request. The ciphertext of the information to be decrypted is decrypted to obtain the first receiver environmental identifier set and the first information plaintext; and in response to determining that the environment identifier of the trusted execution environment of the first terminal device belongs to the first receiver environmental identifier set, The first information plaintext is determined to be the information plaintext corresponding to the first information decryption request;

The second terminal device determines a transfer key in response to detecting the second information decryption request including the ciphertext of the information to be decrypted; encrypts the second transfer key instruction using the public key of the directed information in the directed information key pair to obtain the first A second ciphertext instruction ciphertext, wherein the second ciphertext instruction includes user authentication information of the second terminal device and the determined cipherkey; the obtained second ciphertext instruction ciphertext and the first The ciphertext of the information to be decrypted in the second information decryption request is sent as an information transfer request to the first terminal device that provides support for the target application and / or the target website;

The first terminal device, in response to receiving the information transfer request sent by the second terminal device, executes the information transfer operation in the trusted execution environment of the first terminal device, and obtains a transfer corresponding to the received information transfer request. Confidential information, and sending the obtained re-encrypted information to the second terminal device that sends the received information re-encryption request;

The second terminal device is responsive to receiving the turn-key information sent by the first terminal device, where the received turn-key information corresponds to the information turn-key request generated and sent for the detected second information decryption request, using the The detected encryption key in the second information decryption request decrypts the received encryption code to obtain the information plaintext.
The terminal device according to claim 17, wherein the information transfer operation comprises using the received private key pair of the directed information in the directed information key pair stored in the trusted execution environment of the first terminal device. Decrypt the second ciphertext instruction ciphertext in the information cipher request to obtain user authentication information and cipher key; use the user authentication information key stored in the trusted execution environment of the first terminal device to decrypt the user The verification information is decrypted to obtain a verification code, a user serial number, and an environmental identifier; in response to determining that the decrypted environmental identifier is the same as the environmental execution identifier of the trusted execution environment of the first terminal device and the decrypted verification code is the same as the first terminal device The preset verification code stored in the trusted execution environment of the same is used, and the private message of the directed information private key pair in the directed information key pair stored in the trusted execution environment of the first terminal device is used to The information ciphertext is decrypted to obtain the second receiver environment identifier set and the second information plaintext; in response to determining that the second environment identifier belongs to the decrypted The second receiver's environment identifier set, encrypts the decrypted second information plaintext by using the decryption transfer key, and obtains the transfer information corresponding to the received information transfer request, wherein the second environment identifier The manufacturer identifier in the second identifier is a second manufacturer identifier generated according to the product identifier of the trusted execution environment of the first terminal device, and the product identifier in the second environment identifier is a user serial number obtained by decryption.
A server for processing user information, including:

Processor; and

A memory that stores machine-readable instructions that can be executed by the processor to perform the following operations:

In response to receiving the user information adding request sent by the terminal device, storing the user identification, user information, and encryption mark in the received user information adding request in a corresponding manner; and

In response to receiving the user information transfer request sent by the terminal device, query the user information and the encryption token corresponding to the user identification in the received user information transfer request; in the trusted execution environment of the server, execute the user The information transfer operation obtains the transfer user information corresponding to the received user information transfer request, and sends the obtained transfer user information to the terminal device that sends the received user information transfer request.
The server according to claim 19, wherein the operation of transferring user information is performed by using a private key of the private key corresponding to the public key of the private key stored in the trusted execution environment of the server, The first encryption instruction in the received user information encryption request is decrypted to obtain the ciphertext key and the encryption key; in response to determining that the found encryption token is an encrypted token, the trusted execution of the server is used The encryption key stored in the environment uses the key to decrypt the decrypted ciphertext key to obtain the plaintext key; the decrypted plaintext key is used to decrypt the found user information to obtain the user information plaintext; in response to determining the lookup The obtained encryption mark is an unencrypted mark, and the found user information is determined to be the plaintext of the user information; the decrypted transfer key is used to encrypt the plaintext of the obtained user information to obtain a request to transfer the encrypted information with the received user information. Corresponding encrypted user information.
The server according to claim 19, wherein in response to receiving the user information adding request sent by the terminal device, storing the user identifier, user information, and encryption mark in the received user information adding request in a corresponding manner, comprising:

The server is configured to, in response to receiving the user information addition request sent by the terminal device, store the user identification, the user information range identification, the user information, and the encryption mark in the received user information addition request in a corresponding manner.
The server according to claim 21, wherein querying the user information and the encryption token corresponding to the user ID in the received user information transfer request includes:

The server is configured to query the user information and the encryption token corresponding to the user identifier and the user information range identifier in the received user information transfer request.
The server of claim 19, wherein the machine-readable instructions are executable by the processor to perform the following operations:

In response to receiving an end user identity verification request including a user identity to be verified, a user identity verification information ciphertext generation operation is performed in a trusted execution environment of the server to obtain a user identity verification corresponding to the end user identity verification request Information ciphertext, and sending the obtained user identification verification information ciphertext to the first terminal device that sends the received end user identification verification request, wherein the operation of generating the user identification verification information ciphertext includes: using the The user identification key stored in the trusted execution environment of the server decrypts the received user identification to be verified, and obtains the extended user identification to be verified; generates user identification verification information including a set of permission to decrypt the environment identification and the information to be verified, and The environment identifier in the extended user identifier to be verified is added to the set of permitted environment identifiers in the generated user identifier verification information; and the user identifier verification information key pair stored in the trusted execution environment of the server is used. User ID verification information public key pair generated user ID verification Information is encrypted, the user's identity authentication information to the ciphertext verification request corresponding to the user identification; and

In response to receiving authentication information corresponding to the sent user identification verification information ciphertext sent by the first terminal device, wherein the sent user identification verification information ciphertext corresponds to an end user identity verification request received by the server, Determine whether the received authentication information is the same as the to-be-verified information in the user identification authentication information corresponding to the ciphertext of the user identification authentication information sent; and in response to the determination, generate the instruction for instructing the received end user identification authentication request for authentication The passed end-user verification pass result; in response to the determination being different, an end-user verification failure result used to indicate that the received end-user identity verification request verification fails.
The server according to claim 23, wherein the server is a resource server supporting the OAuth2 protocol.
A method for processing user information is applied to a server in a system for processing user information. The system for processing user information includes at least one terminal device and a server. The server sets a trusted execution environment. The methods include:

In response to receiving the user information adding request sent by the terminal device, the user identification, user information, and encryption mark in the received user information adding request are correspondingly stored, where the encryption mark is used to characterize the user in the user information adding request The information is an encrypted mark of the encrypted user information ciphertext or an unencrypted mark used to characterize the user information in the user information addition request as the plaintext of the unencrypted user information;

In response to receiving a user information transfer request sent by the terminal device, wherein the user information transfer request includes a user identification and a first transfer instruction, query for a user ID corresponding to the received user information transfer request User information and encryption tokens;

In the trusted execution environment, a user information transfer operation is performed to obtain the transfer user information corresponding to the received user information transfer request, and the obtained transferred user information is sent to the sender. Terminal device for user information transfer request.
The method according to claim 25, wherein the user information transfer encryption operation comprises: using a transfer secret instruction private key corresponding to the transfer secret instruction public key stored in a trusted execution environment of the server, to exchange all The first encryption instruction in the received user information encryption request is decrypted to obtain the ciphertext key and the encryption key; in response to determining that the found encryption token is an encrypted token, the trusted execution of the server is used The encryption key stored in the environment uses the key to decrypt the decrypted ciphertext key to obtain the plaintext key; the decrypted plaintext key is used to decrypt the found user information to obtain the user information plaintext; in response to determining the lookup The obtained encryption mark is an unencrypted mark, and the found user information is determined to be the plaintext of the user information; the decrypted transfer key is used to encrypt the plaintext of the obtained user information to obtain a request to transfer the encrypted information with the received user information. Corresponding encrypted user information.
The method according to claim 25, wherein the user information adding request further comprises a user information range identifier; and

In response to receiving the user information addition request sent by the terminal device, storing the user identifier, user information, and encryption mark in the received user information addition request in a corresponding manner includes:

In response to receiving the user information addition request sent by the terminal device, the user identifier, the user information range identifier, the user information, and the encryption mark in the received user information addition request are correspondingly stored.
The method according to claim 27, wherein the user information transfer request further comprises a user information range identifier; and

The querying the user information and the encryption mark corresponding to the user identifier in the received user information transfer request includes:

Query the user information and encryption mark corresponding to the user ID and user information range ID in the received user information transfer request.
The method according to claim 28, wherein the method further comprises:

In response to receiving an end user identity verification request including a user identity to be verified and sent by a terminal device that sets up a trusted execution environment, a user identity verification information ciphertext generation operation is performed in the trusted execution environment to obtain a connection with the end user. The user identification verification information ciphertext corresponding to the identification verification request, and sending the obtained user identification verification information ciphertext to the terminal device sending the received end user identification verification request, wherein the user identification verification information ciphertext is generated The operation includes: decrypting the received user identifier to be verified using the user identifier key stored in the trusted execution environment to obtain the extended user identifier to be verified; and generating a user identifier including a set of environment identifiers to be decrypted and information to be verified Authentication information, adding the environment identifier in the extended user identifier to be verified to the set of allowed environment identifiers in the generated user identifier authentication information; using the user identifier authentication information key pair stored in the trusted execution environment User ID authentication information public key pair generated user ID Authentication information is encrypted, and the user identification to obtain user authentication information corresponding to the request identification verification ciphertext;

In response to receiving the authentication information corresponding to the sent user identification verification information ciphertext sent by the terminal device setting the trusted execution environment, wherein the sent user identification verification information ciphertext and the received end user identification verification request Correspondingly, it is determined whether the received authentication information is the same as the to-be-verified information in the user identification verification information corresponding to the ciphertext of the user identification verification information sent;

In response to determining that they are the same, generating an end-user verification pass result indicating that the received end-user identity verification request verification has passed;

In response to determining that they are not the same, an end user authentication failure result is generated to indicate that the received end user identity authentication request authentication failed.
The method according to claim 29, wherein the server is a resource server supporting the OAuth2 protocol.
A computer-readable storage medium having stored thereon a computer program, wherein the computer program, when executed by one or more processors, implements the method of any one of claims 25-30.