WO2021095998A1 - A trusted computing method and system - Google Patents

A trusted computing method and system Download PDF

Info

Publication number
WO2021095998A1
WO2021095998A1 PCT/KR2020/002430 KR2020002430W WO2021095998A1 WO 2021095998 A1 WO2021095998 A1 WO 2021095998A1 KR 2020002430 W KR2020002430 W KR 2020002430W WO 2021095998 A1 WO2021095998 A1 WO 2021095998A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
computing
key
cloud server
ciphertext
Prior art date
Application number
PCT/KR2020/002430
Other languages
French (fr)
Inventor
Chumao WU
Guanglei Liu
Original Assignee
Samsung Electronics Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co., Ltd. filed Critical Samsung Electronics Co., Ltd.
Publication of WO2021095998A1 publication Critical patent/WO2021095998A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a trusted computing method and system. After a trusted computing environment and a trusted computing function library in a cloud server pass a legitimacy verification, a data consumer generates a data computing task within an authorized scope, and provides to a computing service provider; the computing service provider obtains a needed data ciphertext and a corresponding key ciphertext, based on the data computing task, and stores to the cloud server; the data consumer adopts a safe transmission method, transmits a computing private key for decrypting the key ciphertext to the cloud server, triggers the cloud server to obtain a data plaintext needed for task execution in the trusted computing environment, by using the computing private key, triggers the cloud server to execute the data computing task, by using the data plaintext and the trusted computing function library, triggers the cloud server to encrypt a corresponding execution result and transmit to the data consumer. By adopting the application, the whole computing performance may be effectively improved.

Description

A TRUSTED COMPUTING METHOD AND SYSTEM
The application relates to network computing security technologies, and more particularly, to a trusted computing method and a system.
An existing trusted computing scheme generally adopts a multi-party computing, and utilizes a trusted execution environment of cloud hardware level. Analysis and computing tasks of multi-party data are completed at the cloud, by using a mixed computing based on partial homomorphic encryption technology and a hardware-level trusted execution environment.
During the process for implementing the application, the inventor finds that the foregoing trusted computing scheme has poor performance and versatility. Specific reasons are analyzed as follows.
Foregoing trusted computing scheme adopts the homomorphic encryption technology in the cloud, which performs data computing and analysis directly based on ciphertext data received from a data holder, thereby ensuring data security. However, the computing is complicated, and computing amount is large, which will generate a greater computing overhead. More particularly, when data mount is large, the overall computing performance will be seriously reduced, thereby affecting the universality of the scheme, and subsequently the scheme cannot be applied on a large scale.
In view of above, the main objective of the application is to provide a trusted computing method and a system, so as to effectively improve computing performance.
To achieve the foregoing objections, the technical solutions put forward by the application are as follows.
A trusted computing method, including:
after a trusted computing environment and a trusted computing function library in a cloud server pass a legitimacy verification, generating, by a data consumer, a data computing task within a corresponding authorized scope, based on data access authorization information obtained from a third party authorized certification center, and transmitting to a computing service provider, wherein the cloud server is provided by the computing service provider;
obtaining, by the computing service provider, a data ciphertext and a corresponding key ciphertext needed for a task execution, based on the data computing task, and storing to the cloud server, wherein the data ciphertext is obtained after an encryption by a corresponding data owner, the key ciphertext is obtained after an encryption with a public key, and the public key is generated by the third party authorized certification center for the data owner;
adopting, by the data consumer, a safe transmission method, transmitting a computing private key for decrypting the key ciphertext in the data access authorization information to the cloud server, triggering the cloud server to obtain a data plaintext needed for the task execution in the trusted computing environment, by using the computing private key, the data ciphertext and the corresponding key ciphertext needed for the task execution, triggering the cloud server to execute the data computing task, by using the data plaintext and the trusted computing function library, triggering the cloud server to adopt an encrypted transmission method and transmit a corresponding execution result to the data consumer.
Preferably, the method further includes:
before the legitimacy verification, transmitting, by the data owner, an access control strategy of data of the data owner, to the third party authorized certification center;
generating, by the third party authorized certification center, the corresponding public key and a primary private key, based on the access control strategy, and transmitting the public key to the data owner;
wherein obtaining the data access authorization information includes:
requesting, by the data consumer, the third party authorized certification center for a permission to the data of the data owner;
generating, by the third party authorized certification center, the computing private key and a corresponding data access authorization certificate for the data consumer with the primary private key, based on the request and the access control strategy transmitted by the data owner, transmitting the data access authorization information to the data consumer, wherein the data access authorization information carries the computing private key and the data access authorization certificate.
Preferably, the third party authorized certification center adopts an attribute encryption method, generates the public key, the primary private key and the computing private key.
Preferably, the method further includes:
encrypting, by the data owner, data of the data owner in advance, based on a preset data upload strategy, encrypting a key used for the encryption, by using the public key generated by the third party authorized certification center for the data owner, uploading a corresponding data encryption result and a key encryption result to the cloud server.
Preferably, obtaining the data ciphertext and the corresponding key ciphertext needed for the task execution, and storing to the cloud server include:
determining, by the computing service provider, whether the cloud server has stored the data ciphertext and the corresponding key ciphertext needed for the task execution;
when determining that the cloud server has not stored the data ciphertext and the corresponding key ciphertext needed for the task execution, triggering, by the computing service provider, the corresponding data owner to perform an encryption and upload process for corresponding data, wherein the encryption and upload process includes: encrypting the data needing to be uploaded, encrypting the key used for the encryption, by using the public key generated by the third party authorized certification center for the data owner, uploading the corresponding data encryption result and the key encryption result to the cloud server.
Preferably, each trusted computing function in the trusted computing function library possesses a first interface and a second interface, the first interface is configured to input a computing parameter, and the second interface is configured to output an encrypted data computing result.
Preferably, the data consumer adopts a remote verification to perform the legitimacy verification.
Preferably, the safe transmission method is an online secure provision.
Preferably, the method further includes:
uploading, by the data consumer, a trusted computing function defined by the data consumer to the trusted computing function library in the cloud server.
Preferably, the method further includes:
transmitting, by the data consumer, a key Kr for encrypting the execution result to the cloud server, when transmitting the computing private key to the cloud server, wherein the key Kr is generated by the data consumer;
wherein transmitting the corresponding execution result to the data consumer with the encrypted transmission method includes:
after encrypting the execution result with the key Kr, transmitting, by the cloud server, a ciphertext of the execution result to the data consumer;
decrypting, by the data consumer, the ciphertext of the execution result with the key Kr, and obtaining a plaintext of the execution result.
A trusted computing system, including a data consumer, a data owner, a third party authorized certification center, a computing service provider and a cloud server, wherein
after a trusted computing environment and a trusted computing function library in the cloud server pass a legitimacy verification, the data consumer is configured to generate a data computing task within a corresponding authorized scope, based on data access authorization information obtained from the third party authorized certification center, and transmit to the computing service provider, wherein the cloud server is provided by the computing service provider;
the computing service provider is configured to obtain a data ciphertext and a corresponding key ciphertext needed for a task execution, based on the data computing task, and store to the cloud server, wherein the data ciphertext is obtained after an encryption by a corresponding data owner, the key ciphertext is obtained after an encryption with a public key, and the public key is generated by the third party authorized certification center for the data owner;
the data consumer is further configured to adopt a safe transmission method, transmit a computing private key for decrypting the key ciphertext in the data access authorization information to the cloud server, trigger the cloud server to obtain a data plaintext needed for the task execution in the trusted computing environment, by using the computing private key, the data ciphertext and the corresponding key ciphertext needed for the task execution, trigger the cloud server to execute the data computing task, by using the data plaintext and the trusted computing function library, trigger the cloud server to adopt an encrypted transmission method and transmit a corresponding execution result to the data consumer.
Preferably, before the legitimacy verification, the data owner is further configured to transmit an access control strategy of data of the data owner to the third party authorized certification center;
the third party authorized certification center is further configured to generate the corresponding public key and a primary private key, based on the access control strategy, and transmit the public key to the data owner;
the data consumer is further configured to request the third party authorized certification center for a permission to the data of the data owner;
the third party authorized certification center is further configured to generate the computing private key and a corresponding data access authorization certificate for the data consumer with the primary private key, based on the request and the access control strategy transmitted by the data owner, transmit the data access authorization information to the data consumer, wherein the data access authorization information carries the computing private key and the data access authorization certificate.
Preferably, the third party authorized certification center is further configured to adopt an attribute encryption method, generate the public key, the primary private key and the computing private key.
Preferably, the data owner is further configured to encrypt data of the data owner in advance, based on a preset data upload strategy, encrypt a key used for the encryption, by using the public key generated by the third party authorized certification center for the data owner, upload a corresponding data encryption result and a key encryption result to the cloud server.
Preferably, the computing service provider is configured to obtain the needed data ciphertext and the corresponding key ciphertext, and store to the cloud server, which include:
determining, by the computing service provider, whether the cloud server has stored the data ciphertext and the corresponding key ciphertext needed for the task execution;
when determining that the cloud server has not stored the data ciphertext and the corresponding key ciphertext needed for the task execution, triggering, by the computing service provider, the corresponding data owner to perform an encryption and upload process for corresponding data, wherein the encryption and upload process includes: encrypting the data needing to be uploaded, encrypting the key used for the encryption, by using the public key generated by the third party authorized certification center for the data owner, uploading the corresponding data encryption result and the key encryption result to the cloud server.
Preferably, each trusted computing function in the trusted computing function library possesses a first interface and a second interface, the first interface is configured to input a computing parameter, and the second interface is configured to output an encrypted data computing result.
Preferably, the data consumer is specifically configured to adopt a remote verification to perform the legitimacy verification.
Preferably, the safe transmission method is an online secure provision.
Preferably, the data consumer is further configured to upload a trusted computing function defined by the data consumer to the trusted computing function library in the cloud server.
Preferably, the data consumer is further configured to transmit a key Kr for encrypting the execution result to the cloud server, when transmitting the computing private key to the cloud server, wherein the key Kr is generated by the data consumer;
the cloud server is configured to transmit a ciphertext of the execution result to the data consumer, after encrypting the execution result with the key Kr; and,
the data consumer is further configured to decrypt the ciphertext of the execution result with the key Kr, and obtain a plaintext of the execution result.
According to foregoing technical solutions, it can be seen that, in the trusted computing method and system put forward by the application, after the trusted computing environment and the trusted computing function library of the cloud server pass the legitimacy verification, the data consumer generates the data computing task within the authorized scope, and transmits to the computing service provider; the computing service provider obtains the data ciphertext and the corresponding key ciphertext required for the task execution, based on the data computing task, and stores into the cloud server; the data consumer adopts the safe transmission method, transmits the computing private key for decrypting the key ciphertext to the cloud server, triggers the cloud server to obtain the data plaintext required for the task execution in the trusted computing environment, by using the computing private key, and to execute the data computing task, by using the data plaintext and the trusted computing function library, and then, triggers the cloud server to encrypt the execution result and transmit to the data consumer. In this way, from one aspect, it is guaranteed that neither key nor plaintext data will be exposed outside the boundary of the trusted environment, during the execution process of the data computing task. From another aspect, the data computing task is executed by using the plaintext data, subsequently the whole computing performance may be effectively improved. In addition, the third-party authorized certification center generates the public key and the computing private key for encrypting and decrypting the key, such that after the data owner encrypts the data once, the encrypted data may be used by multiple data using parties, thereby saving storage overheads of multiple encryptions resulted from a traditional cryptographic algorithms, and improving system scalability. Meanwhile, the introduction of the third party authorized certification center may also ensure the security of the key and traceability of data consumer.
FIG.1 is a method flowchart in accordance with an embodiment of the application.
FIG.2 is an implementation schematic diagram under the Internet of Things (IOT) large-data secure computing scene, in accordance with an embodiment of the application.
FIG.3 is an implementation schematic diagram under the recommendation scene of trusted popular videos, in accordance with an embodiment of the application.
FIG.4 is a block diagram in accordance with an embodiment of an electronic device of the application.
To make objectives, technical solutions and advantages of the application more clear, detailed descriptions of the application will be further provided in the following, accompanying with attached figures and embodiments.
FIG.1 is a method flowchart in accordance with an embodiment of the application. As shown in FIG.1, a trusted computing method in the embodiment mainly includes the following blocks.
In block 101, after a trusted computing environment and a trusted computing function library of a cloud server pass a legitimacy verification of a data consumer, on the basis of data access authorization information obtained from a third party authorized certification center, the data consumer generates a data computing task within a corresponding authorized scope, and transmits to a computing service provider, in which the cloud server is provided by the computing service provider.
In the block, after determining that the trusted computing environment and the trusted computing function library in the cloud server are legal, the data consumer will generate the corresponding data computing task within the accessible permissions, based on computing requirements of the data consumer, and transmit to the computing service provider, such that the computing service provider prepares data used to perform the task for the data consumer.
The specific task generating method is well known to persons having ordinary skill in the art, which is not repeated here.
Preferably, to minimize the attack of the trusted computing function library and the possibility for the data consumer to do evil, there are only two agreed interfaces of each trusted computing function in the trusted computing function library, so as to guarantee that no plaintext data is output from the trusted computing environment, that is:
each trusted computing function in the trusted computing function library only possesses a first interface and a second interface. The first interface is configured to input a computing parameter. And the second interface is configured to output an encrypted data computing result.
In practical applications, the trusted computing function library may pre-store some general trusted computing functions.
Preferably, to meet special data computing requirements of the data consumer, the data consumer may define a trusted computing function, based on computing requirements of the data consumer, and upload the defined trusted computing function to the trusted computing function library of the cloud server.
In practical applications, the data owner may transmit an access control strategy about data thereof to the third party authorized certification center. The third party authorized certification center generates a corresponding public key and a primary private key, based on the access control strategy.
The public key will be transmitted to the data owner. The data owner will utilize the public key to encrypt the key, which is configured to encrypt data of the data owner. The primary private key is configured to generate a corresponding computing private key for the data consumer, which is authorized to use the data of the data owner.
In this case, the data consumer may transmit the computing private key to the cloud server. Subsequently, the cloud server may adopt the computing private key to obtain a corresponding key, decrypt the ciphertext data of the data owner by using the key, so as to obtain corresponding plaintext data. Thus, the data owner only needs to encrypt the data thereof once, and the other data using parties may access corresponding data with the computing private key, which is generated by the third party authorized certification center for each data consumer. Subsequently, it may avoid the inconvenience that the data owner in the traditional cryptographic encryption algorithm needs to separately encrypt data for different data using parties, thereby saving storage overheads of multiple encryptions resulted from the traditional cryptographic algorithm, and improving the system scalability.
Preferably, on the basis of generating corresponding public key and primary private key by the third party authorized certification center with foregoing method and access control strategy of the data consumer, after the legitimacy verification is passed, the data consumer may specifically use the following method to obtain corresponding data access authorization information:
after the legitimacy verification is passed, the data consumer requests the third party authorized certification center for a permission to use the data of the data owner;
the third party authorized certification center generates the computing private key and a corresponding data access authorization certificate for the data consumer, by using the primary private key, based on the request and the access control strategy transmitted by the data owner;
the third party authorized certification center transmits the data access authorization information to the data consumer, in which the data access authorization information carries the computing private key and the data access authorization certificate.
In practical applications, preferably, the third party authorized certification center may adopt an existing attribute encryption method to generate the public key, the primary private key and the computing private key, which is not limited.
To facilitate understanding the implementation of the application, specific implementation of the attribute encryption method will be described as follows:
the attribute encryption method mainly consists of the following four algorithms:
(1) Setup (k, U): in the algorithm, a security parameter k and a system attribute description U are inputted, a public parameter PP and a primary private key MSK are outputted;
(2) Keygen(MSK,X): in the algorithm, a primary private key MSK and a permission X are inputted, and a key SKX is outputted;
(3) Enc(PP,Y,m): in the algorithm, a public parameter PP, a ciphertext index Y and a message m to be encrypted are inputted, and a ciphertext CTY is outputted;
(4) Dec(PP,SKX,CTY): in the algorithm, a public parameter PP, a key SKX and a ciphertext CTY are inputted, and a decrypted result m is outputted.
Preferably, the data consumer may adopt a remote verification to perform the legitimacy verification. Specifically, the remote verification may be provided by a trusted computing platform Intel SGX. The existing Intel SGX supports a client to verify the legitimacy for a remote trusted environment and an executed trusted library, and to generate a verification result report.
In practical applications, the data owner specifically may be the owner of various terminal devices, or certain agencies with data collection authority.
The data consumer specifically may be a party with usage requirements for data analysis result, e.g., some APP developers.
The computing service provider specifically may be a cloud service provider, which provides data storage and trusted computing service, e.g., public cloud service providers Amazon, Alibaba, and so on.
The third party authorized certification center specifically may be a third party, which provides a key application review of attribute cryptography, a key management and distribution, similar to the Certificate Authority (CA) in the Public Key Infrastructure (PKI) system.
In block 102, the computing service provider obtains a data ciphertext and a corresponding key ciphertext required for a task execution, based on the data computing task, and stores into the cloud server.
The data ciphertext is obtained after an encryption by a corresponding data owner. The key ciphertext is obtained after an encryption with the public key. The public key is generated by the third party authorized certification center for the data owner.
In the block, after receiving the data computing task, the computing service provider obtains data required for the execution of the data computing task. Here, to ensure data security, transmission and storage of such data will be encrypted. That is, the data owner of corresponding data needs to encrypt the data, and then upload to the cloud server. The cloud server also stores the data ciphertext. Thus, the encrypted data may also be stored in a cloud untrusted zone.
Preferably, in the block, the following method may be adopted to obtain the data ciphertext and corresponding key ciphertext needed for task execution, and store into the cloud server.
The computing service provider determines whether the cloud server has stored the data ciphertext and corresponding key ciphertext for task execution, if not, triggers the corresponding data owner to execute an encryption and upload process for the corresponding data. The encryption and upload process includes: encrypting the data needing to be uploaded, encrypting the key used for encryption with the public key, which is generated by the third party authorized certification center for the data owner, uploading a corresponding data encryption result and a key encryption result to the cloud server.
In block 103, the data consumer adopts a safe transmission method to transmit the computing private key, for decrypting the key ciphertext, in the data access authorization information to the cloud server, triggers the cloud server to obtain a data plaintext required for the task execution in the trusted computing environment, by using the computing private key, the data ciphertext and the corresponding key ciphertext required for the task execution, triggers the cloud server to execute the data computing task, by using the data plaintext and the trusted computing function library, to adopt an encrypted transmission method, and to transmit a corresponding execution result to the data consumer.
In the block, the data consumer needs to transmit the computing private key, for decrypting the key (that is, the key used by the data owner for encrypting data) corresponding to the data ciphertext required for task execution, to the cloud, such that the cloud server may obtain a key corresponding to the data ciphertext required for task execution, based on the computing private key, the cloud server may decrypt the ciphertext based on the key, obtain a corresponding plaintext, and execute the data computing task by using the plaintext. Thus, compared with the execution of data computing task based on ciphertext data, computing amount of task execution may be greatly simplified, execution efficiency of computing task is improved, subsequently, computing performance may be ensured when performing a data computing on a large scale.
Preferably, to reduce task processing delay, the data owner may encrypt data thereof in advance, based on a preset data upload strategy, and upload the encrypted data of the data owner to the cloud. Specifically, the objective may be implemented by adopting the following method.
The data owner encrypts data thereof in advance, based on the preset data upload strategy, encrypts the key used for encryption, by using the public key generated by the third party authorized certification center for the data owner, uploads a corresponding data encryption result and key encryption result to the cloud server.
In practical applications, the data owner may obtain the key for encrypting data by using a random generation method, and it is determined by the used encryption method. Specifically, the data owner may adopt an existing encryption method to encrypt the data thereof, i.e., encryption algorithms, such as AES, 3-DES, which is not repeated here.
In the block, to ensure the security of the computing private key, the data consumer needs to adopt a safe transmission method to transmit the computing private key to the cloud server. Preferably, the data consumer may transmit the computing private key, by using an online secure provision.
In practical applications, in the block, the cloud server may adopt an existing encryption method to encrypt an execution result of the task, i.e., encryption methods, such as AES, 3-DES, which is not repeated here.
The encryption key for encrypting the execution result may be transmitted by the data consumer to the cloud server, when the data consumer transmits the computing private key to the cloud server, that is:
when transmitting the computing private key to the cloud server, the data consumer transmits a key Kr, generated by the data consumer for encrypting the execution result, to the cloud server.
Preferably, the key Kr may be obtained by using a random generation method.
Correspondingly, the cloud server may use the following method, adopt an encrypted transmission method, and transmit a corresponding execution result to the data consumer;
after encrypting the execution result with the key Kr, the cloud server transmits a ciphertext of the execution result to the data consumer;
the data consumer decrypts the ciphertext of the execution result with the key Kr, and obtains a plaintext of the execution result.
Through the foregoing technical solutions, it can be seen that the following technical effects may be obtained by using foregoing embodiment:
(1) data storage security and data computing security: using a privacy security computing framework of trusted computing, when ensuring privacy security of user data, encrypted storage and trusted analysis of cloud data are achieved; including a remote trusted environment verification, a secret online provision, data is only decrypted and analyzed in a trusted computing environment with isolated protection, returning an encrypted analysis result, during the whole process, neither key nor plaintext data is exposed outside the boundary of the trusted environment;
(2) saving storage space and computing overheads: adopting access control features provided by attribute cryptography, subsequently, the data owner encrypts the data once, and multiple data using parties may use the encrypted data, thereby saving the storage overheads of multiple encryptions resulted from the traditional cryptography algorithm, and improving the system scalability;
(3) traceable: introducing the third party authorized certification center, which is in charge of the legal review of the attribute-key using party, key security management, query functions about user identity and attribute, so as to ensure that the key is safe, and ensure the traceability of the data consumer;
(4) agreeing to minimize trusted computing library interfaces, minimize the risk of data leakage and malicious usage of the data consumer.
In practical applications, foregoing method embodiment may be applied to multiple application scenes, e.g., IOT large-data secure computing scene. As shown in FIG.2, in the scene, the data owner may be massive IOT devices, such as, a mobile phone, a TV, a computer. Each IOT terminal device uploads encrypted data to the cloud server. The data consumer may develop a trusted function, based on requirements thereof, and deploy the trusted function to the computing service provider, implement the IOT large-data analysis with a trusted computing platform, which is provided by the computing service provider, meanwhile, data security may be effectively protected.
In the scene illustrated with FIG.2, the data owner may be institutions, such as, financial institution, medical institution, government institution, and so on. Due to lack of trust among institutions, data isolation problem occurs. Taking into account foregoing embodiment, multiple data owners may store encrypted data thereof in the cloud of the computing service provider. The data consumer may obtain a joint computing result of multi-party data, by calling a trusted computing function at the cloud, without revealing user data of any data owner.
In practical applications, foregoing method embodiment may also be applied to recommended scenes of trusted popular videos. As shown in FIG.3, on the basis of foregoing embodiment, popular video recommendation may be implemented by using the following method:
(1) multiple users agree a data format for data about a terminal device thereof (various IOT devices, such as, smart phone, smart TV, smart home equipment), and obtain an encryption public key from the third party certification authority;
(2) a user terminal device encrypts video information and uploads to the cloud;
(3) a content provider APP requests a computing private key from the third party certification authority;
(4) a third party computing service provider (i.e., Amazon) deploys a trusted computing function library; a computing function may be used by a content provider to develop a data analysis algorithm based on requirements thereof, such as, a user habit analysis algorithm based on device data, machine learning algorithm, and so on, or the computing function may be provided by the third party computing service provider, based on actual requirements of the content developer.
(5) the content provider provides the private key to the third party computing service provider, and obtains an encrypted analysis result of popular videos;
(6) the content provider decrypts and obtains a user popular video/a video with the maximum amount of clicks;
(7) the content provider recommends the popular video to the user.
Corresponding to foregoing method embodiment, the application also provides a trusted computing system, including a data consumer, a data owner, a third party authorized certification center, a computing service provider and a cloud server.
The data consumer is configured to generate a data computing task within a corresponding authorized scope, based on data access authorization information obtained from the third party authorized certification center, after a trusted computing environment and a trusted computing function library in the cloud server pass a legitimacy verification, and transmit the data computing task to the computing service provider; in which the cloud server is provided by the computing service provider.
The computing service provider is configured to obtain a data ciphertext and a corresponding key ciphertext required for task execution, based on the data computing task, and store into the cloud server. The data ciphertext is obtained after an encryption by a corresponding data owner. The key ciphertext is obtained after encryption with the public key. The public key is generated by the third party authorized certification center for the data owner.
The data consumer is configured to adopt a safe transmission method, transmit the computing private key, for decrypting the key ciphertext, in the data access authorization information to the cloud server, trigger the cloud server to obtain a data plaintext needed for task execution in the trusted computing environment, by using the computing private key, the data ciphertex and corresponding key ciphertext needed for task execution, trigger the cloud server to execute the data computing task, by using the data plaintext and the trusted computing function library, trigger the cloud server to use an encrypted transmission method and transmit a corresponding execution result to the data consumer.
Preferably, the data owner is further configured to transmit an access control strategy about data thereof to the third party authorized certification center, before the legitimacy verification.
The third party authorized certification center is further configured to generate a corresponding public key and a primary private key, based on the access control strategy, and transmit the public key to the data owner.
The data consumer is further configured to request the third party authorized certification center for a permission to the data of the data owner.
The third party authorized certification center is further configured to generate the computing private key and a corresponding data access authorization certificate with the primary private key, based on the request and the access control strategy of the data owner, transmit the data access authorization information to the data consumer, in which the data access authorization information carries the computing private key and the data access authorization certificate.
Preferably, the third party authorized certification center is further configured to generate the public key, the primary private key and the computing private key, by using the attribute encryption method.
Preferably, the data owner is further configured to encrypt data thereof in advance, based on a preset data upload strategy, encrypt the key used for encryption, by using the public key generated by the third party authorized certification center for the data owner, upload the corresponding data encryption result and key encryption result to the cloud server.
Preferably, the computing service provider is configured to obtain the data ciphertext and corresponding key ciphertext required for task execution, and store into the cloud server, which specifically include:
determining whether the cloud server has already stored the data ciphertext and the corresponding key ciphertext required for task execution, if not, triggering a corresponding data owner to execute an encryption and upload process for corresponding data; in which the encryption and upload process includes: encrypting the data needing to be uploaded, encrypting the key used for encryption, by using the public key generated by the third party authorized certification center for the data owner, uploading a corresponding data encryption result and key encryption result to the cloud server.
Preferably, each trusted computing function in the trusted computing function library only possesses a first interface and a second interface, in which the first interface is configured to input a computing parameter, and the second interface is configured to output an encrypted data computing result.
Preferably, the data consumer is specifically configured to perform the legitimacy verification by using a remote verification.
Preferably, the safe transmission method is an online secure provision.
Preferably, the data consumer is further configured to upload a trusted computing function, defined by the data consumer, to the trusted computing function library in the cloud server.
Preferably, the data consumer is further configured to transmit a key Kr generated by itself, used for encrypting the execution result, to the cloud server, when transmitting the computing private key to the cloud server.
The cloud server is specifically configured to transmit the ciphertext of the execution result to the data consumer, after encrypting the execution result by using the key Kr.
The data consumer is specifically configured to decrypt the ciphertext of the execution result, by using the key Kr, and obtain the plaintext of the execution result.
FIG.4 is a block diagram in accordance with an embodiment of electronic device of the application. As shown in FIG.4, an electronic device 400 in the embodiment mainly includes transceiver 410 and processor 420.
In processor 420, the processor 420 may refer to one or more processors.
The foregoing is only preferred embodiments of the application, which is not for use in limiting the application. Any modifications, equivalent substitutions and improvements made within the spirit and principle of the application should be covered by the protection scope of the application.

Claims (14)

  1. A trusted computing method, comprising:
    generating, by a data consumer, a data computing task within a corresponding authorized scope, based on data access authorization information obtained from a third party authorized certification center, and transmitting to a computing service provider, after a trusted computing environment and a trusted computing function library in a cloud server pass a legitimacy verification, wherein the cloud server is provided by the computing service provider; and
    adopting, by the data consumer, a safe transmission method configured for:
    transmitting a computing private key for decrypting a key ciphertext in the data access authorization information to the cloud server,
    triggering the cloud server to obtain a data plaintext needed for a task execution in the trusted computing environment, by using the computing private key, the data ciphertext and the corresponding key ciphertext needed for the task execution,
    triggering the cloud server to execute the data computing task, by using the data plaintext and the trusted computing function library, and
    triggering the cloud server to adopt an encrypted transmission method and transmit a corresponding execution result to the data consumer.
  2. The method of claim 1, further comprising:
    requesting, by the data consumer, the third party authorized certification center for a permission to the data of the data owner;
    uploading, by the data consumer, a trusted computing function defined by the data consumer to the trusted computing function library in the cloud server; and
    transmitting, by the data consumer, a key Kr for encrypting the execution result to the cloud server, when transmitting the computing private key to the cloud server, wherein the key Kr is generated by the data consumer,
    wherein the data consumer adopts a remote verification to perform the legitimacy verification, and
    wherein the safe transmission method is an online secure provision.
  3. The method of claim 1, wherein the data consumer adopts the encrypted transmission method and transmits the corresponding execution result to the data consumer by decrypting the ciphertext of the execution result with the key Kr, and obtaining a plaintext of the execution result.
  4. A trusted computing method, comprising:
    transmitting, by a data owner, an access control strategy of data of the data owner, to a third party authorized certification center, before the legitimacy verification; and
    encrypting, by the data owner, data of the data owner in advance, based on a preset data upload strategy, encrypting a key used for the encryption, by using a public key generated by the third party authorized certification center for the data owner, uploading a corresponding data encryption result and a key encryption result to a cloud server.
  5. A trusted computing method, comprising:
    generating, by a third party authorized certification center, a corresponding public key and a primary private key, based on a access control strategy, and transmitting the public key to a data owner; and
    generating, by the third party authorized certification center, a computing private key and a corresponding data access authorization certificate for a data consumer with the primary private key, based on a request and a access control strategy transmitted by the data owner, transmitting a data access authorization information to a data consumer,
    wherein the data access authorization information carries the computing private key and the data access authorization certificate.
  6. The method of claim 5, wherein the third party authorized certification center adopts an attribute encryption method, generates the public key, the primary private key and the computing private key.
  7. A trusted computing method, comprising:
    obtaining, by a computing service provider, a data ciphertext and a corresponding key ciphertext needed for a task execution, based on a data computing task, and storing to a cloud server provided by the computing service provider,
    wherein the data ciphertext is obtained after an encryption by a corresponding data owner, the key ciphertext is obtained after an encryption with a public key, and the public key is generated by a third party authorized certification center for the data owner.
  8. The method of the claim 7, wherein obtaining the data ciphertext and the corresponding key ciphertext needed for the task execution, and storing to the cloud server comprise:
    determining, by the computing service provider, whether the cloud server has stored the data ciphertext and the corresponding key ciphertext needed for the task execution; and
    when determining that the cloud server has not stored the data ciphertext and the corresponding key ciphertext needed for the task execution, triggering, by the computing service provider, the corresponding data owner to perform an encryption and upload process for corresponding data,
    wherein the encryption and upload process comprises: encrypting the data needing to be uploaded, encrypting the key used for the encryption, by using the public key generated by the third party authorized certification center for the data owner, uploading the corresponding data encryption result and the key encryption result to the cloud server.
  9. The method of the claim 7, wherein each trusted computing function in a trusted computing function library in the cloud server possesses a first interface and a second interface, the first interface is configured to input a computing parameter, and the second interface is configured to output an encrypted data computing result.
  10. The method of the claim 7, further comprising:
    after encrypting a execution result with the key Kr, transmitting, by the cloud server, a ciphertext of the execution result to a data consumer.
  11. An electronic device to providing function of a data consumer, comprising:
    transceiver; and
    at least one processor coupled to the transceiver,
    wherein the at least one processor is configured to:
    generate a data computing task within a corresponding authorized scope, based on data access authorization information obtained from a third party authorized certification center, and transmit to a computing service provider, after a trusted computing environment and a trusted computing function library in a cloud server pass a legitimacy verification, wherein the cloud server is provided by the computing service provider,
    adopt a safe transmission method configured for:
    transmitting a computing private key for decrypting a key ciphertext in the data access authorization information to the cloud server,
    triggering the cloud server to obtain a data plaintext needed for a task execution in the trusted computing environment, by using the computing private key, the data ciphertext and the corresponding key ciphertext needed for the task execution,
    triggering the cloud server to execute the data computing task, by using the data plaintext and the trusted computing function library, and
    triggering the cloud server to adopt an encrypted transmission method and transmit a corresponding execution result to the data consumer.
  12. An electronic device to providing function of a data owner, comprising:
    transceiver; and
    at least one processor coupled to the transceiver,
    wherein the at least one processor is configured to:
    transmit an access control strategy of data of the data owner, to a third party authorized certification center, before the legitimacy verification; and
    encrypt data of the data owner in advance, based on a preset data upload strategy, encrypting a key used for the encryption, by using a public key generated by the third party authorized certification center for the data owner, uploading a corresponding data encryption result and a key encryption result to a cloud server.
  13. An electronic device to providing function of a third party authorized certification center, comprising:
    transceiver; and
    at least one processor coupled to the transceiver,
    wherein the at least one processor is configured to:
    generate a corresponding public key and a primary private key, based on a access control strategy, and transmit the public key to a data owner, and
    generate a computing private key and a corresponding data access authorization certificate for a data consumer with the primary private key, based on a request and a access control strategy transmitted by the data owner, transmitting a data access authorization information to a data consumer,
    wherein the data access authorization information carries the computing private key and the data access authorization certificate.
  14. An electronic device to providing function of a computing service provider, comprising:
    transceiver; and
    at least one processor coupled to the transceiver,
    wherein the at least one processor is configured to:
    obtain a data ciphertext and a corresponding key ciphertext needed for a task execution, based on a data computing task, and store to a cloud server provided by the computing service provider, wherein the data ciphertext is obtained after an encryption by a corresponding data owner, the key ciphertext is obtained after an encryption with a public key, and the public key is generated by a third party authorized certification center for the data owner.
PCT/KR2020/002430 2019-11-15 2020-02-19 A trusted computing method and system WO2021095998A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911118927.4 2019-11-15
CN201911118927.4A CN110855671B (en) 2019-11-15 2019-11-15 Trusted computing method and system

Publications (1)

Publication Number Publication Date
WO2021095998A1 true WO2021095998A1 (en) 2021-05-20

Family

ID=69600906

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2020/002430 WO2021095998A1 (en) 2019-11-15 2020-02-19 A trusted computing method and system

Country Status (2)

Country Link
CN (1) CN110855671B (en)
WO (1) WO2021095998A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113438235A (en) * 2021-06-24 2021-09-24 国网河南省电力公司 Data layered credible encryption method
CN114462047A (en) * 2022-01-25 2022-05-10 北京工业大学 Cloud outsourcing computing security method based on SGX technology
CN115002754A (en) * 2022-02-24 2022-09-02 华东师范大学 Lightweight data sharing method based on vehicle social network
CN115021972A (en) * 2022-05-10 2022-09-06 北京百度网讯科技有限公司 Trusted computing method, device, equipment and medium based on block chain
CN115150183A (en) * 2022-07-25 2022-10-04 黄涌瀚 Multivariable public key communication information transmission method based on cloud computing and cloud storage
CN116232769A (en) * 2023-05-08 2023-06-06 北京金商祺科技有限公司 Safe interaction method and platform

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113378174A (en) * 2020-03-10 2021-09-10 续科天下(北京)科技有限公司 Trusted computing method and device
CN111625815B (en) * 2020-05-26 2023-09-26 牛津(海南)区块链研究院有限公司 Data transaction method and device based on trusted execution environment
CN112613057A (en) * 2020-12-29 2021-04-06 北京熠智科技有限公司 Private key storage method based on trusted execution environment
CN112910846B (en) * 2021-01-15 2024-02-27 常熟理工学院 Communication method based on trusted third party authentication
CN112865968B (en) * 2021-02-08 2021-12-03 上海万向区块链股份公司 Data ciphertext hosting method and system, computer equipment and storage medium
CN112948878A (en) * 2021-03-05 2021-06-11 支付宝(杭州)信息技术有限公司 Privacy-protecting set intersection calculation method and device
CN113127881A (en) * 2021-04-20 2021-07-16 重庆电子工程职业学院 Data security processing method based on big data
CN113987561A (en) * 2021-09-18 2022-01-28 京信数据科技有限公司 Trusted execution environment-based private data classification method, system and terminal
CN113886862B (en) * 2021-12-06 2022-04-15 粤港澳大湾区数字经济研究院(福田) Trusted computing system and resource processing method based on trusted computing system
CN114553603B (en) * 2022-04-25 2022-07-29 南湖实验室 Novel data credible decryption method based on privacy calculation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070250446A1 (en) * 2007-04-03 2007-10-25 Sony Computer Entertainment America Inc. System and method for processor cycle accounting and valuation
WO2015003308A1 (en) * 2013-07-09 2015-01-15 Hua Zhong University Of Science Technology Trusted virtual computing system
CN106330984A (en) * 2016-11-29 2017-01-11 北京元心科技有限公司 Dynamic updating method and device of access control strategy
EP3333718A1 (en) * 2015-08-05 2018-06-13 Hangzhou Hikvision Digital Technology Co., Ltd. Task allocation method and task allocation apparatus for distributed data calculation
US10318284B2 (en) * 2008-06-02 2019-06-11 International Business Machines Corporation System and method of generating and managing computing tasks

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9582678B2 (en) * 2011-04-19 2017-02-28 Invenia As Method for secure storing of a data file via a computer communication network
US9147195B2 (en) * 2011-06-14 2015-09-29 Microsoft Technology Licensing, Llc Data custodian and curation system
CN103957109B (en) * 2014-05-22 2017-07-11 武汉大学 A kind of cloud data-privacy protects safe re-encryption method
WO2017096590A1 (en) * 2015-12-10 2017-06-15 Nokia Technologies Oy Schemes of homomorphic re-encryption
CN110086804B (en) * 2019-04-25 2021-08-31 广州大学 Internet of things data privacy protection method based on block chain and trusted hardware
CN110519049A (en) * 2019-08-07 2019-11-29 赤峰学院 A kind of cloud data protection system based on credible performing environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070250446A1 (en) * 2007-04-03 2007-10-25 Sony Computer Entertainment America Inc. System and method for processor cycle accounting and valuation
US10318284B2 (en) * 2008-06-02 2019-06-11 International Business Machines Corporation System and method of generating and managing computing tasks
WO2015003308A1 (en) * 2013-07-09 2015-01-15 Hua Zhong University Of Science Technology Trusted virtual computing system
EP3333718A1 (en) * 2015-08-05 2018-06-13 Hangzhou Hikvision Digital Technology Co., Ltd. Task allocation method and task allocation apparatus for distributed data calculation
CN106330984A (en) * 2016-11-29 2017-01-11 北京元心科技有限公司 Dynamic updating method and device of access control strategy

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113438235A (en) * 2021-06-24 2021-09-24 国网河南省电力公司 Data layered credible encryption method
CN114462047A (en) * 2022-01-25 2022-05-10 北京工业大学 Cloud outsourcing computing security method based on SGX technology
CN114462047B (en) * 2022-01-25 2024-03-29 北京工业大学 Cloud outsourcing calculation safety method based on SGX technology
CN115002754A (en) * 2022-02-24 2022-09-02 华东师范大学 Lightweight data sharing method based on vehicle social network
CN115021972A (en) * 2022-05-10 2022-09-06 北京百度网讯科技有限公司 Trusted computing method, device, equipment and medium based on block chain
CN115150183A (en) * 2022-07-25 2022-10-04 黄涌瀚 Multivariable public key communication information transmission method based on cloud computing and cloud storage
CN116232769A (en) * 2023-05-08 2023-06-06 北京金商祺科技有限公司 Safe interaction method and platform
CN116232769B (en) * 2023-05-08 2023-07-18 北京金商祺科技有限公司 Safe interaction method and platform

Also Published As

Publication number Publication date
CN110855671B (en) 2022-02-08
CN110855671A (en) 2020-02-28

Similar Documents

Publication Publication Date Title
WO2021095998A1 (en) A trusted computing method and system
WO2014069778A1 (en) Id-based encryption and decryption method, and apparatus for executing same
WO2019132272A1 (en) Id as blockchain based service
KR100852146B1 (en) System and method for lawful interception using trusted third parties in voip secure communications
WO2014063455A1 (en) Instant messaging method and system
WO2020147383A1 (en) Process examination and approval method, device and system employing blockchain system, and non-volatile storage medium
US8694783B2 (en) Lightweight secure authentication channel
WO2014069783A1 (en) Password-based authentication method, and apparatus for performing same
CN105553951A (en) Data transmission method and data transmission device
WO2010053319A2 (en) Device and method for security key exchange and system pertaining to same
CN110300287B (en) Access authentication method for public safety video monitoring networking camera
WO2018072261A1 (en) Information encryption method and device, information decryption method and device, and terminal
WO2012093900A2 (en) Method and device for authenticating personal network entity
CN109525388B (en) Combined encryption method and system with separated keys
WO2019182377A1 (en) Method, electronic device, and computer-readable recording medium for generating address information used for transaction of blockchain-based cryptocurrency
WO2019132270A1 (en) Secure communication method in nfv environment and system therefor
CN116614599B (en) Video monitoring method, device and storage medium for secure encryption
CN114401151A (en) Group message encryption method, device, equipment and storage medium
CN112966280A (en) Data processing method and device, server and data management system
WO2019017525A1 (en) User authentication server and system
CN111953487A (en) Key management system
CN116244750A (en) Secret-related information maintenance method, device, equipment and storage medium
CN113609522B (en) Data authorization and data access method and device
CN112019553B (en) Data sharing method based on IBE/IBBE
CN112019351B (en) Mobile terminal information interaction method based on SDKey

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20888350

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20888350

Country of ref document: EP

Kind code of ref document: A1