WO2022257722A1 - Method and apparatus for performing trust check on code security - Google Patents

Method and apparatus for performing trust check on code security Download PDF

Info

Publication number
WO2022257722A1
WO2022257722A1 PCT/CN2022/093834 CN2022093834W WO2022257722A1 WO 2022257722 A1 WO2022257722 A1 WO 2022257722A1 CN 2022093834 W CN2022093834 W CN 2022093834W WO 2022257722 A1 WO2022257722 A1 WO 2022257722A1
Authority
WO
WIPO (PCT)
Prior art keywords
code
report
trusted program
trusted
program
Prior art date
Application number
PCT/CN2022/093834
Other languages
French (fr)
Chinese (zh)
Inventor
姚经纬
杨文玉
肖枭
杨孙鑫
Original Assignee
支付宝(杭州)信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 支付宝(杭州)信息技术有限公司 filed Critical 支付宝(杭州)信息技术有限公司
Publication of WO2022257722A1 publication Critical patent/WO2022257722A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • One or more embodiments of this specification relate to the field of code security, and in particular, to a method and device for authenticity checking of code security.
  • one or more embodiments of this specification provide a method and device for implementing trusted scheduling.
  • a method for authenticity checking of code security including: the code requester initiates a remote verification challenge and a code inspection request; the code provider The party generates a remote verification report for the trusted program in response to the remote verification challenge, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider; and, the code The provider loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself to generate an anchor
  • the identity public key of the program verifies the digital signature, and when it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, the code to be inspected is confirmed according to the code
  • a method for authenticity checking of code security is proposed, which is applied to the code requester, including: initiating a remote verification challenge and a code inspection request, so that the code provider generating a remote verification report for a trusted program in response to the remote verification challenge, the trusted program being pre-provided by the code requester and running in a trusted execution environment at the code provider; and, making the code
  • the provider loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself to generate an anchor A digital signature of the code inspection report; obtaining the remote verification report and the code inspection report, confirming whether the operating environment of the trusted program is credible based on the remote verification report, and using the identity of the trusted program
  • the public key verifies the digital signature, and if it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification, it is confirmed whether the code to be checked is safe according to the code
  • a method for authenticity checking of code security is proposed, which is applied to a code provider, including: generating a target for authenticity in response to a remote verification challenge initiated by a code requester A remote verification report of a trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester obtains the remote verification report, And confirm whether the operating environment of the trusted program is credible based on the remote verification report; and load the trusted program in response to the code inspection request initiated by the code requester, so that the trusted program: scans the pending Check the code to generate a code inspection report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code inspection report, so that the code requester can obtain the code inspection report, and use
  • the identity public key of the trusted program verifies the digital signature, and when it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, the code inspection report is used to
  • a device for credible checking of code security is proposed, which is applied to the code requester, including: an initiating unit, used to initiate a remote verification challenge and a code inspection request, so that the code provider responds Generating a remote verification report for a trusted program based on the remote verification challenge, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider; and, making the code provider
  • the party loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself to generate a The digital signature of the code inspection report;
  • the confirmation unit is configured to obtain the remote verification report and the code inspection report, confirm whether the operating environment of the trusted program is credible based on the remote verification report, and use the The identity public key of the trusted program verifies the digital signature, and when it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification, the code inspection report confirms that the code
  • a device for authenticity checking of code security is proposed, which is applied to the code provider, including: a first generation unit, configured to generate a target for the remote verification challenge initiated by the code requester A remote verification report of a trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester can obtain the remote verification report , and confirm whether the operating environment of the trusted program is credible based on the remote verification report; the second generation unit is configured to load the trusted program in response to a code inspection request initiated by the code requester, so that the Trusted program: scan the code to be checked to generate a code check report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code check report, so that the code requester can obtain the code inspection report, and use the identity public key of the trusted program to verify the digital signature, and if it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification, according to the The code inspection
  • an electronic device including: a processor; a memory for storing processor-executable instructions; wherein, the processor implements the above-mentioned first aspect by running the executable instructions The method described in the examples.
  • a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the above-mentioned embodiments of the first aspect are implemented.
  • Fig. 1 is a flowchart of a method for authentically checking code security provided by an exemplary embodiment.
  • Fig. 2 is a flow chart of a second method for authentically checking code security provided by an exemplary embodiment.
  • Fig. 3 is a flow chart of a third method for authentically checking code security provided by an exemplary embodiment.
  • Fig. 4 is a multi-party interaction diagram of a method for authentically checking code security provided by an exemplary embodiment.
  • Fig. 5 is a schematic structural diagram of a device for implementing credible checking of code security provided by an exemplary embodiment.
  • Fig. 6 is a block diagram of an apparatus for authentically checking code security provided by an exemplary embodiment.
  • Fig. 7 is a block diagram of another apparatus for authentically checking code security provided by an exemplary embodiment.
  • the steps of the corresponding methods may not necessarily be performed in the order shown and described in this specification.
  • the method may include more or less steps than those described in this specification.
  • a single step described in this specification may be decomposed into multiple steps for description in other embodiments; multiple steps described in this specification may also be combined into a single step in other embodiments describe.
  • TEE Trusted Execution Environment
  • TEE can function as a black box in the hardware, and the code and data operating system layer executed in the TEE cannot be peeked at, and only the predefined interface in the code can operate on it.
  • plaintext data is used for operations in TEE, rather than complex cryptographic operations in homomorphic encryption, and there is no loss in the efficiency of the calculation process.
  • the security and privacy of the blockchain are greatly improved.
  • the industry is very concerned about TEE solutions. Almost all mainstream chip and software alliances have their own TEE solutions, including TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (Trust Zone) and AMD PSP (Platform Security Processor, Platform Security Processor).
  • the programs executed in the TEE can be called trusted programs or enclave programs.
  • the trusted programs in the TEE can be customized and developed by relevant technical personnel, and then put into the TEE for execution.
  • the data output by the letter program can be output to an untrusted environment outside the TEE through a specific output port.
  • Trusted programs can be placed and run on relevant technical personnel's local electronic devices that support Intel SGX hardware, or they can be installed on non-local electronic devices for execution.
  • the trusted program is provided by the code requester and runs on the electronic device of the code provider. Since the above-mentioned trusted program runs in an electronic device not local to the code requester, the code requester needs to confirm that the operating environment of the above-mentioned trusted program meets the requirements.
  • the code requester can complete the verification of the above aspects through a complete remote verification process: in the remote verification process, the code requester is called a challenger, and the code requester initiates a remote verification challenge to the code provider.
  • the remote verification process involves another special enclave at the code provider, that is, quoting enclave (QE for short).
  • QE is an architectural Enclave (Architectural Enclave) provided and signed by Intel.
  • the above-mentioned trusted program first needs to generate a REPORT (report) structure for local authentication.
  • the above-mentioned REPORT contains at least a summary of the above-mentioned trusted program, and the QE verifies whether the trusted program is on the same platform as itself based on the REPORT structure , and then the QE encapsulates the REPORT structure into a structure, and signs it with an EPID (Enhanced Privacy Identification) private key to generate a remote verification report, that is, QUOTE (self-recommendation information).
  • EPID Enhanced Privacy Identification
  • the EPID private key not only represents the code provider, but also represents the credibility of the underlying hardware of the code provider, and can also bind information such as the version of the processor firmware, and only the QE can access the EPID private key for the above-mentioned Structure is signed to generate QUOTE.
  • the code requester can send the remote verification report to the authentication server after obtaining the remote verification report of the above-mentioned trusted program.
  • the above-mentioned authentication server can be an IAS (Intel Attestation Service) server provided by Intel Corporation, and send a remote verification report to the IAS server, so that the IAS server can use the EPID public key to verify the signature and return the verification result to The code requester, and the above verification result is signed by the authentication server using its identity private key.
  • IAS Intelligent Attestation Service
  • the code requester uses the identity public key of the remote verification server to successfully verify the above-mentioned signed verification result, and the above-mentioned verification result is passed, then the program summary contained in the remote verification report can be further compared with the code requester's own maintenance. If the comparison results are consistent, it can be confirmed that the operating environment of the above-mentioned trusted program is safe and credible, and a complete remote verification process has been completed so far.
  • Fig. 1 is a flowchart of a method for authentically checking code security provided by an exemplary embodiment.
  • the above method may include the following steps: Step 102: The code requester initiates a remote verification challenge and a code inspection request.
  • the code provider can be understood as the party who writes the source code.
  • the code provider writes the source code and delivers it to the code requester, the code requester needs to check the source code to determine the security of the source code. To avoid various risks.
  • This specification provides a solution that enables the agent provider to directly detect the source code and deliver the code inspection report to the code requester, and the code requester only needs to view the code inspection report to obtain credible code inspection results. Improve the efficiency of code providers to confirm code security.
  • the code provider needs to load a trusted program in its own trusted execution environment, and the above-mentioned trusted program is authenticated and confirmed by the code requester, or directly provided by the code requester to the code provider.
  • the code requester needs to initiate a remote verification challenge and code inspection request to the code provider.
  • the above remote verification challenge is to verify whether the running environment of the above-mentioned trusted program is safe and reliable, and the code inspection request is to make the above-mentioned trusted program check the verification code.
  • the source code written by the provider has no security risks is independent of each other and does not affect each other; there is no logical dependence on the follow-up process corresponding to the remote verification challenge and code inspection request, so this manual does not limit the The sequence in which remote verification challenges and code inspection requests are initiated.
  • Step 104 The code provider generates a remote verification report for the trusted program in response to the remote verification challenge, and the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider and, the code provider loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself A digital signature anchoring the code inspection report is generated.
  • the code provider generates a remote verification report for the above-mentioned trusted program in response to the above-mentioned remote verification challenge.
  • the remote verification report here can be understood as the above QUOTE mentioned in the article.
  • the code provider loads the above-mentioned trusted program in response to the code inspection request. After the initialization of the trusted program is completed, the code to be checked written by the code provider can be scanned.
  • the trusted program can also directly scan the code to be checked written by the code provider without the step of loading the above trusted program. In practical applications, a time threshold can be set.
  • the trusted program can generate a code inspection report after scanning the above-mentioned code to be inspected.
  • the above-mentioned code inspection report reflects the security of the code to be inspected.
  • the above-mentioned trusted program can be generated based on an asymmetric encryption algorithm Its own public-private key pair, and use its own identity and private key to sign the above-mentioned code inspection report, so as to prove that the above-mentioned code inspection report is indeed generated by the above-mentioned trusted program, and at the same time, it can ensure that the above-mentioned code inspection report is not tampered with.
  • Step 106 The code requester obtains the remote verification report and the code inspection report, confirms whether the operating environment of the trusted program is credible based on the remote verification report, and uses the identity public key pair of the trusted program to The digital signature is verified, and if it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, it is confirmed whether the code to be checked is safe according to the code inspection report.
  • the code requester obtains the above-mentioned remote verification report, and confirms whether the operating environment of the above-mentioned trusted program is safe according to the above-mentioned remote verification report;
  • the identity public key of the above-mentioned trusted program can be obtained by the code demander in various ways.
  • the identity public key of the above-mentioned trusted program can be included in the remote verification report.
  • the party can obtain the public key from it for the subsequent signature verification process, or the above-mentioned trusted program can directly send its own identity public key to the code requester, or the code requester is in Before providing the above-mentioned trusted program to the code provider, the identity public key of the above-mentioned trusted program is stored in advance, and this specification does not limit the way to obtain the identity public key of the trusted program. If the signature verification by the code requester is successful, it can be shown that the above-mentioned code inspection report is indeed generated by the above-mentioned trusted program and has not been tampered with. Since the operating environment of the above-mentioned trusted program can be confirmed to be safe and trusted through the remote verification report, the code inspection report generated by the trusted program placed in the safe and trusted environment should also be credible if it has not been tampered with.
  • the signature object when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the code inspection report and/or the hash value of the code inspection report.
  • the above-mentioned trusted program can use its identity private key to directly sign the code inspection report.
  • the generated digital signature contains the code inspection report and the corresponding signature data.
  • the code inspection report is extracted from the digital signature, and the code provider does not need to provide an additional code inspection report, thereby reducing the amount of data transmission.
  • the above-mentioned trusted program can perform hash calculation on the above-mentioned code inspection report to generate a standard hash value of the code inspection report, and then use its identity private key to sign the standard hash value of the code inspection report, and the generated digital signature at this time Contains the standard hash value of the code inspection report and the corresponding signature data.
  • the code requester can send the code inspection report to the code requester. After obtaining the above code inspection report, the code requester needs to verify the Perform hash calculation and compare the calculated hash value with the standard hash value of the code inspection report in the digital signature. If the comparison is consistent, it means that the above code inspection report has not been tampered with, so as to further improve the code inspection report. Credibility.
  • the code provider does not need to provide the source code to be checked to the code demander, which ensures that the source code is not leaked.
  • the code demander can obtain the inspection results of the source code from the credible code inspection report, and This confirms whether the source code is a security risk. Since the above-mentioned code inspection report is generated by a trusted program, the code provider will not affect the credibility of the above-mentioned code inspection report.
  • the above-mentioned remote verification process may specifically be: the remote verification report includes the program summary of the trusted program deployed at the code provider, and the code requester will not be able to automatically verify the above-mentioned remote verification report (QUOTE) after obtaining the above-mentioned remote verification report (QUOTE). To verify it, it is necessary to send the above-mentioned remote verification report to the remote verification server (IAS). sign. If the code requester uses the identity public key of the remote verification server to successfully verify the above-mentioned signed verification result, and the above-mentioned verification result is passed, then the program summary contained in the remote verification report can be further compared with the code requester's own maintenance. If the comparison results are consistent, it can be confirmed that the operating environment of the above-mentioned trusted program is credible. The specific details of the above-mentioned process can refer to the detailed description of the remote verification process above, and will not be repeated here. .
  • the source code to be checked can be compiled by the above-mentioned trusted program to generate an executable file, and the above-mentioned executable file can be a file with a file extension of exe format.
  • the code demander can obtain the above-mentioned executable file, and deploy the above-mentioned executable file after confirming that the code to be checked is safe.
  • whether the code provider directly provides the source code to the code requester will not affect the verification of the source code by the code requester. Even if the code provider only provides executable files to the code requester, the code provider can also Confirm the security of the source code written by the code provider to resolve the conflict between the code requester and the code provider.
  • the above-mentioned digital signature can also be used to anchor the executable file.
  • the signature object includes the executable file and/or the hash value of the executable file.
  • the above-mentioned trusted program can directly sign the code inspection report and executable file by using its identity private key.
  • the generated digital signature includes the code inspection report, executable file and corresponding signature data.
  • the code requester can extract the code inspection report from the above-mentioned digital signature, and the code provider does not need to provide additional code inspection reports or executable files, thereby reducing the amount of data transmission; when the trusted program is confirmed to run on a safe and trusted
  • the code inspection report shows that the source code to be inspected has no security issues, and the above-mentioned three aspects are all met, the above-mentioned executable files can be deployed.
  • the above-mentioned trusted program can perform hash calculation on the code inspection report and the executable file respectively to generate a standard hash value of the code inspection report and a standard hash value of the executable file, and then use its identity private key pair
  • the standard hash value of the code inspection report and the standard hash value of the executable file are signed, and the generated digital signature contains the standard hash value of the code inspection report, the standard hash value of the executable file, and the corresponding signature data , in this signature mode
  • the code requester can send the code inspection report and executable file to the code requester, and the code requester needs to perform hash calculation on the two after obtaining the above code inspection report and executable file, And compare the calculated hash value with the corresponding standard hash value in the digital signature.
  • the above code inspection report and the executable file have not been tampered with, so as to further improve the code inspection report and reliability.
  • the credibility of the execution file when the above-mentioned trusted program is confirmed to run in a safe and trusted environment, the above-mentioned digital signature is verified, and the code inspection report shows that there is no security problem in the source code to be inspected, the conditions in the above three aspects are equal. When satisfied, the above executable can be deployed.
  • This manual can complete the inspection and compilation of the source code to be checked provided by the code provider by installing the trusted program provided or certified by the code requester in the trusted execution environment of the code provider; and, the above remote verification report And digital signatures can form a complete evidence chain, so that the code demander can ensure the credibility of the code inspection report and executable files through the verification of the above-mentioned trusted program operating environment and the verification of the credibility of the code inspection report; based on Due to the characteristics of the trusted execution environment and the trusted program itself, the code provider does not need to submit the source code to the code requester for inspection, which avoids the leakage of the source code.
  • the code requester can obtain the trusted code inspection results, and When the code inspection result shows that there is no security problem in the source code to be inspected, deploy the executable file compiled from the above source code. While cleverly solving the contradiction between the code provider and the code demander, this manual enables both parties to achieve the corresponding goals, ensures the legal compliance of the source code, and avoids unnecessary risks.
  • FIG. 2 is a flow chart of a method for authenticity checking of code security according to an exemplary embodiment of this specification.
  • the above method is applied to the code requester and may include the following steps: Step 202: Initiate a remote verification challenge and a code inspection request, so that the code provider generates a remote verification report for the trusted program in response to the remote verification challenge, and the trusted program is pre-provided by the code requester and runs on the trusted program at the code provider.
  • the trusted program In the execution environment; and, causing the code provider to load the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the trusted program itself
  • the identity private key generates a digital signature for anchoring the code inspection report.
  • Step 204 Obtain the remote verification report and the code inspection report, confirm whether the operating environment of the trusted program is credible based on the remote verification report, and use the identity public key of the trusted program to verify the digital The signature is verified, and if it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, it is confirmed whether the code to be checked is safe according to the code inspection report.
  • Fig. 3 is a flow chart of a method for authenticity checking of code security according to an exemplary embodiment of this specification, which is applied to the code demander and may include the following steps: Step 302: Responding to the code request initiated by the code demander The remote verification challenge generates a remote verification report for the trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester can obtain The remote verification report, and confirming whether the running environment of the trusted program is credible based on the remote verification report.
  • Step 304 Load the trusted program in response to the code inspection request initiated by the code requester, so that the trusted program: scans the code to be checked to generate a code inspection report, and utilizes the identity privacy of the trusted program itself key to generate a digital signature for anchoring the code inspection report, so that the code requester obtains the code inspection report, and uses the identity public key of the trusted program to verify the digital signature.
  • the trusted program scans the code to be checked to generate a code inspection report, and utilizes the identity privacy of the trusted program itself key to generate a digital signature for anchoring the code inspection report, so that the code requester obtains the code inspection report, and uses the identity public key of the trusted program to verify the digital signature.
  • Fig. 4 is a multi-party interaction diagram showing a method for credible checking of code security according to an exemplary embodiment of this specification, which includes a software demander 41, an Enclave program 42, a QE 43, and an IAS server 44, wherein the Enclave Program (trusted program) 42 and QE (Quoting Enclave) 43 are deployed at the software provider who writes the source code to be checked, and Enclave program 42 and QE43 run in the trusted execution environment of the software provider, Enclave program 42 is provided by the software
  • the demander 41 provides or verifies in advance
  • the IAS server 44 is a remote verification server provided by the CPU provider.
  • the above-mentioned method may include the following steps: Step 402: the software demander 41 initiates a remote verification challenge and a code inspection request; the above-mentioned remote verification challenge It is to verify whether the operating environment of the Enclave program 42 is safe and reliable, and the code inspection request is to enable the Enclave program 42 to check whether the source code written by the verification code provider has security risks.
  • Step 402 the software demander 41 initiates a remote verification challenge and a code inspection request
  • the above-mentioned remote verification challenge It is to verify whether the operating environment of the Enclave program 42 is safe and reliable, and the code inspection request is to enable the Enclave program 42 to check whether the source code written by the verification code provider has security risks.
  • the two are independent of each other and do not affect each other.
  • Step 404 Enclave program 42 generates a program digest
  • Step 406 Enclave program 42 generates an identity public key TA_PK and an identity private key TA_SK based on an asymmetric encryption algorithm.
  • Step 408 Enclave program 42 generates a REPORT, which at least includes the program summary generated in step 404 and the identity public key TA_PK generated in step 406, and executes step 410 to send the REPORT to QE43.
  • the software provider loads the Enclave program 42 in response to the remote verification challenge, and the Enclave program 42 generates a program summary and its own public-private key pair in steps 404-406, where the public key is represented by TA_PK and the private key is represented by TA_SK. Further, as shown in steps 408-410, a REPORT is generated, which at least includes TA_PK and a program summary, and the REPORT is returned to QE43 after the generation is completed. It should be noted that the time when the Enclave program 42 in this embodiment generates a public-private key pair is only one of many possibilities. The public key TA_PK in the key pair.
  • Step 412 QE43 uses the EPID private key to sign REPORT to generate QUOTE, and QE43 places another special enclave for the code provider, that is, quoting enclave (QE for short). QE43 verifies whether the Enclave program 42 is on the same platform as itself based on REPORT, and then encapsulates the REPORT structure into a structure by QE43, and uses the EPID (Enhanced Privacy Identification) private key to sign to generate QUOTE.
  • QE43 uses the EPID private key to sign REPORT to generate QUOTE, and QE43 places another special enclave for the code provider, that is, quoting enclave (QE for short).
  • QE43 verifies whether the Enclave program 42 is on the same platform as itself based on REPORT, and then encapsulates the REPORT structure into a structure by QE43, and uses the EPID (Enhanced Privacy Identification) private key to sign to generate QUOTE.
  • EPID Enhanced Privacy Identification
  • the EPID private key not only represents the code provider, but also represents the credibility of the underlying hardware of the code provider, and can also bind information such as the version of the processor firmware, and only QE43 can access the EPID private key, while the EPID public key is provided by IAS Server 44 manages maintenance.
  • Step 414 The Enclave program 42 can statically scan the source code to be checked written by the software provider to generate a code checking report R.
  • Step 416 The Enclave program 42 may perform hash calculation on the code inspection report R generated in step 414 to generate a standard hash value of the code inspection report R, represented by HR.
  • Step 418 The Enclave program 42 can also compile the source code to be checked written by the software provider to generate an executable file E.
  • Step 420 The Enclave program 42 may perform hash calculation on the executable file E generated in step 418 to generate a standard hash value of the executable file E, represented by HE.
  • Step 422 Enclave program 42 can use its own identity private key TA_SK to sign HR and HE to generate a digital signature S.
  • the above-mentioned signature S HR, HE, sign(HR, HE), where HR represents a code inspection report
  • HR represents a code inspection report
  • HE represents the original file of the executable file E
  • sign(HR,HE) represents the signature data.
  • Step 424 Enclave program 42 returns digital signature S, REPORT, code inspection report R and executable file E to software requester 41.
  • Step 426 QE43 returns the QUOTE to the software demander 41.
  • Step 428 After obtaining the QUOTE, the code requester 41 needs to send the above QUOTE to the IAS server 44 because it cannot obtain the EPID public key and cannot verify it by itself.
  • Step 430 After the IAS server 44 uses the EPID public key to verify the above QUOTE, it returns the remote verification result to the code requester 41, that is, step 432. And, the above-mentioned verification result is signed by the IAS server 44 using its identity private key, if the code requester 41 uses the identity public key of the remote verification server to successfully verify the above-mentioned signed verification result, and the above-mentioned verification result is passed, then you can Further compare the program summary contained in the remote verification report with the standard program summary of the trusted program maintained by the code demander itself. If the comparison results are consistent, it can be confirmed that the operating environment of the above-mentioned trusted program is credible.
  • the specific details of the above-mentioned process For details, refer to the detailed description of the remote verification process above, and details will not be repeated here.
  • Step 434 The code requester 41 extracts TA_PK from the obtained REPORT, and performs a signature verification operation on S. If the signature verification is successful, it means that HR and HE are indeed generated by the Enclave program 42 and have not been tampered with.
  • Step 436 The code requester 41 performs hash calculations on R and E respectively, and compares the obtained results with HE and HR extracted from the digital signature S, and if the comparison is consistent, it indicates the code inspection report R and Executable E has not been tampered with.
  • Step 438 If the above-mentioned remote verification is passed and the hash value check is passed, it means that the running environment of the Enclave program 42 is safe and credible, and the code inspection report R and the executable file E are indeed generated by running in a safe and credible environment and It has not been tampered with, so it can be considered that the code inspection report R credibly reflects the security situation of the source code to be inspected.
  • Step 440 In the case where the above-mentioned code inspection report R is considered credible, if the result in the code inspection report R considers that the source code to be inspected has no security issues, it means that the executable file E compiled by the Enclave program 42 does not have a security risk , ready to deploy.
  • Fig. 5 is a schematic structural diagram of a device provided by an exemplary embodiment.
  • the device includes a processor 502 , an internal bus 504 , a network interface 506 , a memory 508 and a non-volatile memory 510 , and of course it may also include hardware required by other services.
  • the processor 502 reads a corresponding computer program from the non-volatile memory 510 into the memory 508 and executes it.
  • one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc., that is to say, the execution subject of the following processing flow is not limited to each A logic unit, which can also be a hardware or logic device.
  • the device for implementing trusted scheduling can be applied to the device shown in FIG. 5 to implement the technical solution of this specification.
  • the device for authentically checking the code security is applied to the code requester, and includes: an initiating unit 602, configured to initiate a remote verification challenge and a code inspection request, so that the code provider responds to the remote verification challenge to generate an a remote verification report of a trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider; and the code provider loads the code in response to the code inspection request
  • the trusted program makes the trusted program: scan the code to be checked to generate a code inspection report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code inspection report; confirm Unit 604, configured to acquire the remote verification report and the code inspection report, confirm whether the operating environment of the trusted program is credible based on the remote verification report, and use the identity public key of the trusted program to verify the Verifying the digital signature, and confirming whether the code to be inspected is safe or not according to the code inspection report when it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification.
  • the above apparatus may further include: a deploying unit 606, configured to obtain an executable file generated by compiling the code to be checked by the trusted program, and deploy the executable file when it is confirmed that the code to be checked is safe. executable file.
  • a deploying unit 606 configured to obtain an executable file generated by compiling the code to be checked by the trusted program, and deploy the executable file when it is confirmed that the code to be checked is safe. executable file.
  • the digital signature is also used to anchor the executable file.
  • the identity public key of the trusted program is included in the remote verification report.
  • the confirming unit 604 is specifically configured to: the remote verification report includes a program summary of the trusted program deployed at the code provider; Whether the operating environment is credible, including: sending the remote verification report to the remote verification server, and receiving the verification result returned by the remote verification server, the verification result being signed by the identity private key of the remote verification server; If the signature verification is successful based on the identity public key of the remote verification server and the verification result is verified, combine the program summary contained in the remote verification report with the trusted program maintained by the code requester itself compare the summary of the standard program, and confirm that the operating environment of the trusted program is credible if the comparison result is consistent.
  • the device for implementing trusted scheduling can be applied to the device shown in FIG. 5 to implement the technical solution of this specification.
  • the device for authentically checking code security is applied to the code provider, including: a first generating unit 702, configured to generate a remote verification report for a trusted program in response to a remote verification challenge initiated by the code requester, so The trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester obtains the remote verification report and confirms based on the remote verification report Whether the operating environment of the trusted program is credible; the second generating unit 704 is configured to load the trusted program in response to the code inspection request initiated by the code requester, so that the trusted program: scans the code to be checked to generate a code inspection report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code inspection report, so that the code requester can obtain the code inspection report and use the The identity public key of the trusted program verifies the digital signature, and when it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, the code inspection report confirms that the Check that the code is
  • the signature object when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the code inspection report and/or a hash value of the code inspection report.
  • the above-mentioned apparatus may further include: a compilation unit 706, used by the trusted program to compile the code to be checked to generate an executable file; Deploy when the code to be checked is safe.
  • the digital signature is also used to anchor the executable file.
  • the signature object when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the executable file and/or the hash value of the executable file.
  • the identity public key of the trusted program is included in the remote verification report.
  • a typical implementing device is a computer, which may take the form of a personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media player, navigation device, e-mail device, game control device, etc. desktops, tablets, wearables, or any combination of these.
  • a computer includes one or more processors (CPUs), input/output interfaces, network interfaces and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • Memory may include non-permanent storage in computer-readable media, in the form of random access memory (RAM) and/or nonvolatile memory such as read-only memory (ROM) or flash RAM. Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash random access memory
  • Computer-readable media including both permanent and non-permanent, removable and non-removable media, can be implemented by any method or technology for storage of information.
  • Information may be computer readable instructions, data structures, modules of a program, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by computing devices.
  • computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
  • first, second, third, etc. may be used in one or more embodiments of the present specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of one or more embodiments of this specification, first information may also be called second information, and similarly, second information may also be called first information. Depending on the context, the word “if” as used herein may be interpreted as “at” or "when” or "in response to a determination.”

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

Provided in one or more embodiments of the present description are a method and apparatus for performing a trust check on code security. According to one example of the method, in response to a remote verification challenge initiated by a code demander, a code provider generates a remote verification report with respect to a trusted program, and in response to a code check request initiated by the code demander, the code provider loads the trusted program, such that the trusted program scans a code to be checked, so as to generate a code check report, and generates, by using an identity private key of the trusted program itself, a digital signature for anchoring the code check report; and the code demander determines, on the basis of the remote verification report, whether a running environment of the trusted program can be trusted, and performs signature verification on the digital signature by using an identity public key of the trusted program, and then determines, according to the code check report, whether said code is secure.

Description

对代码安全性进行可信检查的方法及装置Method and device for credible checking of code security 技术领域technical field
本说明书一个或多个实施例涉及代码安全领域,尤其涉及一种对代码安全性进行可信检查的方法及装置。One or more embodiments of this specification relate to the field of code security, and in particular, to a method and device for authenticity checking of code security.
背景技术Background technique
企业在数字化改革进程中,会招募大量的软件外包公司开发应用及信息系统。为了保持公司的竞争力,部分外包软件公司会在向采购方出售应用的同时,对出售应用的源代码进行保密管理。这导致采购方无法对外包公司的源代码进行质量监督和风险管理,甚至会出现外包公司迎检时使用合规代码,上交应用时注入非法代码的情况,为采购方埋下了巨大的安全风险。In the process of digital reform, enterprises will recruit a large number of software outsourcing companies to develop applications and information systems. In order to maintain the competitiveness of the company, some outsourcing software companies will keep the source code of the sold application confidential while selling the application to the purchaser. As a result, the purchaser cannot conduct quality supervision and risk management on the source code of the outsourcing company, and even the outsourcing company may use compliant code when receiving inspections, and inject illegal code when submitting the application, which has buried a huge security risk for the purchaser. risk.
发明内容Contents of the invention
有鉴于此,本说明书一个或多个实施例提供一种实现可信调度的方法及装置。In view of this, one or more embodiments of this specification provide a method and device for implementing trusted scheduling.
为实现上述目的,根据本说明书一个或多个实施例的第一方面,提出了一种对代码安全性进行可信检查的方法,包括:代码需求方发起远程验证挑战以及代码检查请求;代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名;代码需求方获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。In order to achieve the above purpose, according to the first aspect of one or more embodiments of this specification, a method for authenticity checking of code security is proposed, including: the code requester initiates a remote verification challenge and a code inspection request; the code provider The party generates a remote verification report for the trusted program in response to the remote verification challenge, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider; and, the code The provider loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself to generate an anchor The digital signature of the code inspection report; the code requester obtains the remote verification report and the code inspection report, confirms whether the operating environment of the trusted program is credible based on the remote verification report, and uses the credible The identity public key of the program verifies the digital signature, and when it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, the code to be inspected is confirmed according to the code inspection report Is it safe.
根据本说明书一个或多个实施例的第二方面,提出了一种对代码安全性进行可信检查的方法,应用于代码需求方,包括:发起远程验证挑战以及代码检查请求,使代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,使代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生 成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名;获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。According to the second aspect of one or more embodiments of this specification, a method for authenticity checking of code security is proposed, which is applied to the code requester, including: initiating a remote verification challenge and a code inspection request, so that the code provider generating a remote verification report for a trusted program in response to the remote verification challenge, the trusted program being pre-provided by the code requester and running in a trusted execution environment at the code provider; and, making the code The provider loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself to generate an anchor A digital signature of the code inspection report; obtaining the remote verification report and the code inspection report, confirming whether the operating environment of the trusted program is credible based on the remote verification report, and using the identity of the trusted program The public key verifies the digital signature, and if it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification, it is confirmed whether the code to be checked is safe according to the code inspection report.
根据本说明书一个或多个实施例的第三方面,提出了一种对代码安全性进行可信检查的方法,应用于代码提供方,包括:响应于代码需求方发起的远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中,进而使所述代码需求方获取所述远程验证报告,并基于所述远程验证报告确认所述可信程序的运行环境是否可信;以及,响应于所述代码需求方发起的代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名,进而使所述代码需求方获取所述代码检查报告,并使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。According to a third aspect of one or more embodiments of the present specification, a method for authenticity checking of code security is proposed, which is applied to a code provider, including: generating a target for authenticity in response to a remote verification challenge initiated by a code requester A remote verification report of a trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester obtains the remote verification report, And confirm whether the operating environment of the trusted program is credible based on the remote verification report; and load the trusted program in response to the code inspection request initiated by the code requester, so that the trusted program: scans the pending Check the code to generate a code inspection report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code inspection report, so that the code requester can obtain the code inspection report, and use The identity public key of the trusted program verifies the digital signature, and when it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, the code inspection report is used to confirm that the The code to be checked is safe.
根据本说明书的第四方面,提出了一种对代码安全性进行可信检查的装置,应用于代码需求方,包括:发起单元,用于发起远程验证挑战以及代码检查请求,使代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,使代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名;确认单元,用于获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。According to the fourth aspect of this specification, a device for credible checking of code security is proposed, which is applied to the code requester, including: an initiating unit, used to initiate a remote verification challenge and a code inspection request, so that the code provider responds Generating a remote verification report for a trusted program based on the remote verification challenge, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider; and, making the code provider The party loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself to generate a The digital signature of the code inspection report; the confirmation unit is configured to obtain the remote verification report and the code inspection report, confirm whether the operating environment of the trusted program is credible based on the remote verification report, and use the The identity public key of the trusted program verifies the digital signature, and when it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification, the code inspection report confirms that the code to be inspected Is the code safe.
根据本说明书的第五方面,提出了一种对代码安全性进行可信检查的装置,应用于代码提供方,包括:第一生成单元,用于响应于代码需求方发起的远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中,进而使所述代码需求方获取所述远程验证报告,并基于所述远程验证报告确认所述可信程序的运行环境是否可信;第二生成单元,用于响应于 所述代码需求方发起的代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名,进而使所述代码需求方获取所述代码检查报告,并使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。According to the fifth aspect of this specification, a device for authenticity checking of code security is proposed, which is applied to the code provider, including: a first generation unit, configured to generate a target for the remote verification challenge initiated by the code requester A remote verification report of a trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester can obtain the remote verification report , and confirm whether the operating environment of the trusted program is credible based on the remote verification report; the second generation unit is configured to load the trusted program in response to a code inspection request initiated by the code requester, so that the Trusted program: scan the code to be checked to generate a code check report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code check report, so that the code requester can obtain the code inspection report, and use the identity public key of the trusted program to verify the digital signature, and if it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification, according to the The code inspection report confirms whether the code to be inspected is safe.
根据本说明书的第六方面,提供一种电子设备,包括:处理器;用于存储处理器可执行指令的存储器;其中,所述处理器通过运行所述可执行指令以实现如上述第一方面的实施例中所述的方法。According to a sixth aspect of the present specification, there is provided an electronic device, including: a processor; a memory for storing processor-executable instructions; wherein, the processor implements the above-mentioned first aspect by running the executable instructions The method described in the examples.
根据本说明书实施例的第七方面,提供一种计算机可读存储介质,其上存储有计算机指令,该指令被处理器执行时实现如上述第一方面的实施例中所述方法的步骤。According to a seventh aspect of the embodiments of the present specification, there is provided a computer-readable storage medium, on which computer instructions are stored, and when the instructions are executed by a processor, the steps of the method described in the above-mentioned embodiments of the first aspect are implemented.
附图说明Description of drawings
图1是一示例性实施例提供的一种对代码安全性进行可信检查方法的流程图。Fig. 1 is a flowchart of a method for authentically checking code security provided by an exemplary embodiment.
图2是一示例性实施例提供的第二种对代码安全性进行可信检查方法的流程图。Fig. 2 is a flow chart of a second method for authentically checking code security provided by an exemplary embodiment.
图3是一示例性实施例提供的第三种对代码安全性进行可信检查方法的流程图。Fig. 3 is a flow chart of a third method for authentically checking code security provided by an exemplary embodiment.
图4是一示例性实施例提供的一种对代码安全性进行可信检查方法的多方交互图。Fig. 4 is a multi-party interaction diagram of a method for authentically checking code security provided by an exemplary embodiment.
图5是一示例性实施例提供的一种实现对代码安全性进行可信检查的设备的结构示意图。Fig. 5 is a schematic structural diagram of a device for implementing credible checking of code security provided by an exemplary embodiment.
图6是一示例性实施例提供的一种对代码安全性进行可信检查装置框图。Fig. 6 is a block diagram of an apparatus for authentically checking code security provided by an exemplary embodiment.
图7是一示例性实施例提供的另一种对代码安全性进行可信检查装置框图。Fig. 7 is a block diagram of another apparatus for authentically checking code security provided by an exemplary embodiment.
具体实施方式Detailed ways
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本说明书一个或多个实施例相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本说明书一个或多个实施例的一些方面相一致的装置和方法的例子。Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numerals in different drawings refer to the same or similar elements unless otherwise indicated. Implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of this specification. Rather, they are merely examples of apparatuses and methods consistent with aspects of one or more embodiments of the present specification as recited in the appended claims.
需要说明的是:在其他实施例中并不一定按照本说明书示出和描述的顺序来执行相 应方法的步骤。在一些其他实施例中,其方法所包括的步骤可以比本说明书所描述的更多或更少。此外,本说明书中所描述的单个步骤,在其他实施例中可能被分解为多个步骤进行描述;而本说明书中所描述的多个步骤,在其他实施例中也可能被合并为单个步骤进行描述。It should be noted that in other embodiments, the steps of the corresponding methods may not necessarily be performed in the order shown and described in this specification. In some other embodiments, the method may include more or less steps than those described in this specification. In addition, a single step described in this specification may be decomposed into multiple steps for description in other embodiments; multiple steps described in this specification may also be combined into a single step in other embodiments describe.
可信执行环境(Trusted Execution Environment,TEE)是一种解决隐私问题的方式。TEE可以起到硬件中的黑箱作用,在TEE中执行的代码和数据操作系统层都无法偷窥,只有代码中预先定义的接口才能对其进行操作。在效率方面,由于TEE的黑箱性质,在TEE中进行运算的是明文数据,而不是同态加密中的复杂密码学运算,计算过程效率没有损失,因此与TEE相结合可以在性能损失较小的前提下很大程度上提升区块链的安全性和隐私性。目前工业界十分关注TEE的方案,几乎所有主流的芯片和软件联盟都有自己的TEE解决方案,包括软件方面的TPM(Trusted Platform Module,可信赖平台模块)以及硬件方面的Intel SGX(Software Guard Extensions,软件保护扩展)、ARM Trustzone(信任区)和AMD PSP(Platform Security Processor,平台安全处理器)。Trusted Execution Environment (TEE) is a way to solve the privacy problem. TEE can function as a black box in the hardware, and the code and data operating system layer executed in the TEE cannot be peeked at, and only the predefined interface in the code can operate on it. In terms of efficiency, due to the black-box nature of TEE, plaintext data is used for operations in TEE, rather than complex cryptographic operations in homomorphic encryption, and there is no loss in the efficiency of the calculation process. Under the premise, the security and privacy of the blockchain are greatly improved. At present, the industry is very concerned about TEE solutions. Almost all mainstream chip and software alliances have their own TEE solutions, including TPM (Trusted Platform Module) in software and Intel SGX (Software Guard Extensions) in hardware. , Software Protection Extension), ARM Trustzone (Trust Zone) and AMD PSP (Platform Security Processor, Platform Security Processor).
基于Intel SGX(以下简称SGX)技术,在TEE中执行的程序可以被称为可信程序或者enclave程序,TEE中的可信程序可以由相关技术人员自定义开发,然后放到TEE中执行,可信程序输出的数据可以通过特定的输出口输出至TEE之外非可信的环境。可信程序可以被放置于相关技术人员的本地且支持Intel SGX硬件的电子设备上运行,也可以被安装于非本地的电子设备上执行。Based on Intel SGX (hereinafter referred to as SGX) technology, the programs executed in the TEE can be called trusted programs or enclave programs. The trusted programs in the TEE can be customized and developed by relevant technical personnel, and then put into the TEE for execution. The data output by the letter program can be output to an untrusted environment outside the TEE through a specific output port. Trusted programs can be placed and run on relevant technical personnel's local electronic devices that support Intel SGX hardware, or they can be installed on non-local electronic devices for execution.
在本说明书中,可信程序由代码需求方提供,并且运行于代码提供方的电子设备中。由于上述可信程序运行于非代码需求方本地的电子设备中时,因此代码需求方需要确认上述可信程序的运行环境符合要求。根据SGX技术,代码需求方可以通过一次完整的远程验证过程完成对上述几个方面的验证:在远程验证过程中,代码需求方被称作挑战者,代码需求方向代码提供方发起远程验证挑战,而远程验证过程涉及到代码提供方处另一个特殊的enclave,即quoting enclave(简称QE),QE是由英特尔提供并签名的架构型Enclave(Architectural Enclave)。上述可信程序首先需要生成一用于本地认证的REPORT(报告)结构,上述REPORT中至少包含上述可信程序的摘要,并由QE基于该REPORT结构验证该可信程序是否与自身处于同一平台上,而后由QE将该REPORT结构封装为一结构体,并使用EPID(Enhanced Privacy Identification)私钥进行签名,以生成远程验证报告,即QUOTE(自荐信息)。EPID私钥不仅代表代码提供方,还代表代码提供方的底层硬件的可信度,还可以绑定处理器固件的版本等信息,并且只有QE 才能访问到EPID私钥,以用于对上述的结构体进行签名以生成QUOTE。In this specification, the trusted program is provided by the code requester and runs on the electronic device of the code provider. Since the above-mentioned trusted program runs in an electronic device not local to the code requester, the code requester needs to confirm that the operating environment of the above-mentioned trusted program meets the requirements. According to SGX technology, the code requester can complete the verification of the above aspects through a complete remote verification process: in the remote verification process, the code requester is called a challenger, and the code requester initiates a remote verification challenge to the code provider. The remote verification process involves another special enclave at the code provider, that is, quoting enclave (QE for short). QE is an architectural Enclave (Architectural Enclave) provided and signed by Intel. The above-mentioned trusted program first needs to generate a REPORT (report) structure for local authentication. The above-mentioned REPORT contains at least a summary of the above-mentioned trusted program, and the QE verifies whether the trusted program is on the same platform as itself based on the REPORT structure , and then the QE encapsulates the REPORT structure into a structure, and signs it with an EPID (Enhanced Privacy Identification) private key to generate a remote verification report, that is, QUOTE (self-recommendation information). The EPID private key not only represents the code provider, but also represents the credibility of the underlying hardware of the code provider, and can also bind information such as the version of the processor firmware, and only the QE can access the EPID private key for the above-mentioned Structure is signed to generate QUOTE.
由于EPID公钥由认证服务器维护管理,而代码需求方无法获得EPID公钥,因此,代码需求方在获得上述可信程序的远程验证报告之后,可以将远程验证报告发送至认证服务器处。在SGX技术中,上述认证服务器可以为英特尔公司提供的IAS(Intel Attestation Service)服务器,向IAS服务器发送远程验证报告,使得IAS服务器可以利用EPID公钥对其中的签名进行验证,并返回验证结果至代码需求方,并且,上述验证结果被认证服务器采用其身份私钥进行签名。如果代码需求方使用远程验证服务器的身份公钥对上述被签名的验证结果验签成功,并且上述验证结果为通过,则可以进一步将所述远程验证报告中包含的程序摘要与代码需求方自身维护的可信程序的标准程序摘要进行比较,如果比较结果一致,可以确认上述可信程序的运行环境安全可信,至此完成一次完整的远程验证过程。Since the EPID public key is maintained and managed by the authentication server, and the code requester cannot obtain the EPID public key, the code requester can send the remote verification report to the authentication server after obtaining the remote verification report of the above-mentioned trusted program. In SGX technology, the above-mentioned authentication server can be an IAS (Intel Attestation Service) server provided by Intel Corporation, and send a remote verification report to the IAS server, so that the IAS server can use the EPID public key to verify the signature and return the verification result to The code requester, and the above verification result is signed by the authentication server using its identity private key. If the code requester uses the identity public key of the remote verification server to successfully verify the above-mentioned signed verification result, and the above-mentioned verification result is passed, then the program summary contained in the remote verification report can be further compared with the code requester's own maintenance. If the comparison results are consistent, it can be confirmed that the operating environment of the above-mentioned trusted program is safe and credible, and a complete remote verification process has been completed so far.
图1是一示例性实施例提供的一种对代码安全性进行可信检查方法的流程图。结合上文有关于远程验证过程的详细描述,上述方法可以包括以下步骤:步骤102:代码需求方发起远程验证挑战以及代码检查请求。Fig. 1 is a flowchart of a method for authentically checking code security provided by an exemplary embodiment. In combination with the above detailed description of the remote verification process, the above method may include the following steps: Step 102: The code requester initiates a remote verification challenge and a code inspection request.
在一实施例中,代码提供方可以被理解为撰写源代码的一方,代码提供方撰写源代码完成交付给代码需求方时,代码需求方需要对源代码进行检测以确定源代码的安全性,进而规避各类风险。本说明书提供一种解决方案,使代提供方可以直接对源代码进行检测并将代码检查报告交付给代码需求方,而代码需求方仅需要查看代码检查报告便可以获取可信的代码检查结果,提升代码提供方确认代码安全性的效率。在本说明书中,代码提供方需要在自身的可信执行环境中加载一个可信程序,上述可信程序经由代码需求方认证并确认,或者直接由代码需求方提供至代码提供方。代码需求方需要向代码提供方发起远程验证挑战和代码检查请求,上述远程验证挑战是为了验证上述可信程序的运行环境是否安全可信,而代码检查请求是为了使上述可信程序检查验证代码提供方撰写的源代码是否没有安全风险,两者相互独立,互不影响;对应于远程验证挑战和代码检查请求的后续流程也并不存在逻辑上的依存关系,因此本说明书不限制代码需求方发起远程验证挑战和代码检查请求的顺序。而只有在确认上述可信程序的运行环境安全可信的前提下,上述可信程序对上述源代码的检查才具有可信性,因此,在后续的验证过程中,确认上述可信程序的运行环境安全可信,以及确认上述源代码没有安全风险两者缺一不可。In one embodiment, the code provider can be understood as the party who writes the source code. When the code provider writes the source code and delivers it to the code requester, the code requester needs to check the source code to determine the security of the source code. To avoid various risks. This specification provides a solution that enables the agent provider to directly detect the source code and deliver the code inspection report to the code requester, and the code requester only needs to view the code inspection report to obtain credible code inspection results. Improve the efficiency of code providers to confirm code security. In this specification, the code provider needs to load a trusted program in its own trusted execution environment, and the above-mentioned trusted program is authenticated and confirmed by the code requester, or directly provided by the code requester to the code provider. The code requester needs to initiate a remote verification challenge and code inspection request to the code provider. The above remote verification challenge is to verify whether the running environment of the above-mentioned trusted program is safe and reliable, and the code inspection request is to make the above-mentioned trusted program check the verification code. Whether the source code written by the provider has no security risks is independent of each other and does not affect each other; there is no logical dependence on the follow-up process corresponding to the remote verification challenge and code inspection request, so this manual does not limit the The sequence in which remote verification challenges and code inspection requests are initiated. Only under the premise of confirming that the operating environment of the above-mentioned trusted program is safe and credible, can the inspection of the above-mentioned source code by the above-mentioned trusted program be credible. Therefore, in the subsequent verification process, the operation of the above-mentioned trusted program is confirmed The environment is safe and trustworthy, and it is necessary to confirm that the above source code has no security risks.
步骤104:代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告, 所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名。Step 104: The code provider generates a remote verification report for the trusted program in response to the remote verification challenge, and the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider and, the code provider loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself A digital signature anchoring the code inspection report is generated.
在一实施例中,代码提供方响应于上述远程验证挑战生成针对上述可信程序的远程验证报告,基于上文中有关于远程验证的过程的详细解释,此处的远程验证报告可以被理解为上文中提到的QUOTE。以及,代码提供方响应于代码检查请求加载上述可信程序,可信程序初始化完成后可以对代码提供方撰写的待检查代码进行扫描,当然,如果上述可信程序已经安装于代码提供方并加载完成,可信程序也可以直接对代码提供方撰写的待检查代码进行扫描,而不进行加载上述可信程序的步骤,在实际应用中,可以设定时长阈值,当两次使用上述可信程序的时间间隔超过上述时长阈值,则需要重新对上述可信程序进行加载,以保证可信程序可以实时更新并保证其安全性。可信程序对上述待检查代码扫描后可以生成代码检查报告,上述代码检查报告反映了待检查代码的安全性,为了保证上述代码检查报告不被篡改,上述可信程序可以基于非对称加密算法生成自身的公私钥对,并利用自身的身份私钥对上述代码检查报告进行签名,以此可以证明上述代码检查报告的确由上述可信程序生成,并且同时可以保证上述代码检查报告不被篡改。In one embodiment, the code provider generates a remote verification report for the above-mentioned trusted program in response to the above-mentioned remote verification challenge. Based on the detailed explanation of the remote verification process above, the remote verification report here can be understood as the above QUOTE mentioned in the article. And, the code provider loads the above-mentioned trusted program in response to the code inspection request. After the initialization of the trusted program is completed, the code to be checked written by the code provider can be scanned. Of course, if the above-mentioned trusted program has been installed on the code provider and loaded Complete, the trusted program can also directly scan the code to be checked written by the code provider without the step of loading the above trusted program. In practical applications, a time threshold can be set. When the above trusted program is used twice If the time interval exceeds the above-mentioned duration threshold, the above-mentioned trusted program needs to be reloaded, so as to ensure that the trusted program can be updated in real time and ensure its security. The trusted program can generate a code inspection report after scanning the above-mentioned code to be inspected. The above-mentioned code inspection report reflects the security of the code to be inspected. In order to ensure that the above-mentioned code inspection report is not tampered with, the above-mentioned trusted program can be generated based on an asymmetric encryption algorithm Its own public-private key pair, and use its own identity and private key to sign the above-mentioned code inspection report, so as to prove that the above-mentioned code inspection report is indeed generated by the above-mentioned trusted program, and at the same time, it can ensure that the above-mentioned code inspection report is not tampered with.
步骤106:代码需求方获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。Step 106: The code requester obtains the remote verification report and the code inspection report, confirms whether the operating environment of the trusted program is credible based on the remote verification report, and uses the identity public key pair of the trusted program to The digital signature is verified, and if it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, it is confirmed whether the code to be checked is safe according to the code inspection report.
在一实施例中,代码需求方获取上述远程验证报告,并根据上述远程验证报告确认上述可信程序的运行环境是否安全颗星;以及,利用上述可信程序的身份公钥对上述代码检查报告中的数字签名进行验签,上述可信程序的身份公钥可以由代码需求方以多种方式获取,例如,上述可信程序的身份公钥可以被包含于所述远程验证报告中,代码需求方获取上述远程验证报告后,可以从其中获取到公钥以用于后续的验签过程,或者上述可以信程序可以直接将自身的身份公钥发送至代码需求方,又或者,代码需求方在将上述可信程序提供给代码提供方之前,预先保存上述可信程序的身份公钥,本说明书不对可信程序的身份公钥的获取方式进行限制。如果代码需求方验签成功,可以说明上述代码检查报告的确由上述可信程序生成并且没有被篡改,在此情况下,可以根据上述代 码检查报告反映的检查结果确认上述待检查代码是否安全。由于通过远程验证报告可以确认上述可信程序的运行环境安全可信,因此置于安全可信环境中的可信程序所生成的代码检查报告在未被篡改的情况下也应当具有可信性。In one embodiment, the code requester obtains the above-mentioned remote verification report, and confirms whether the operating environment of the above-mentioned trusted program is safe according to the above-mentioned remote verification report; The identity public key of the above-mentioned trusted program can be obtained by the code demander in various ways. For example, the identity public key of the above-mentioned trusted program can be included in the remote verification report. The code requirement After obtaining the above remote verification report, the party can obtain the public key from it for the subsequent signature verification process, or the above-mentioned trusted program can directly send its own identity public key to the code requester, or the code requester is in Before providing the above-mentioned trusted program to the code provider, the identity public key of the above-mentioned trusted program is stored in advance, and this specification does not limit the way to obtain the identity public key of the trusted program. If the signature verification by the code requester is successful, it can be shown that the above-mentioned code inspection report is indeed generated by the above-mentioned trusted program and has not been tampered with. Since the operating environment of the above-mentioned trusted program can be confirmed to be safe and trusted through the remote verification report, the code inspection report generated by the trusted program placed in the safe and trusted environment should also be credible if it has not been tampered with.
在一实施例中,通过上述可信程序的身份私钥进行签名生成所述数字签名时,签名对象包括所述代码检查报告和/或所述代码检查报告的哈希值。上述可信程序使用其身份私钥可以直接对代码检查报告进行签名,此时生成的数字签名中包含代码检查报告以及相应的签名数据,因此,在此种签名方式下,代码需求方可以从上述数字签名中提取代码检查报告,而代码提供方无需另外提供代码检查报告,以此减少数据的传输量。或者,上述可信程序可以对上述代码检查报告进行哈希计算生成代码检查报告的标准哈希值,再使用其身份私钥对代码检查报告的标准哈希值进行签名,此时生成的数字签名中包含代码检查报告的标准哈希值以及相应的签名数据,在此种签名方式下,代码需求方可以将代码检查报告发送至代码需求方处,代码需求方获取上述代码检查报告后需要对其进行哈希计算,并将计算得出的哈希值与数字签名中代码检查报告的标准哈希值比较,如果比对一致,说明上述代码检查报告未被篡改,以此进一步提升代码检查报告的可信性。In an embodiment, when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the code inspection report and/or the hash value of the code inspection report. The above-mentioned trusted program can use its identity private key to directly sign the code inspection report. At this time, the generated digital signature contains the code inspection report and the corresponding signature data. The code inspection report is extracted from the digital signature, and the code provider does not need to provide an additional code inspection report, thereby reducing the amount of data transmission. Alternatively, the above-mentioned trusted program can perform hash calculation on the above-mentioned code inspection report to generate a standard hash value of the code inspection report, and then use its identity private key to sign the standard hash value of the code inspection report, and the generated digital signature at this time Contains the standard hash value of the code inspection report and the corresponding signature data. In this signature method, the code requester can send the code inspection report to the code requester. After obtaining the above code inspection report, the code requester needs to verify the Perform hash calculation and compare the calculated hash value with the standard hash value of the code inspection report in the digital signature. If the comparison is consistent, it means that the above code inspection report has not been tampered with, so as to further improve the code inspection report. Credibility.
通过上述方式,代码提供方无需将待检查的源代码提供给代码需求方,保证了源代码不被泄露,同时,代码需求方可以从可信的代码检查报告中获取源代码的检查结果,以此确认源代码是否具有安全风险。由于上述代码检查报告被可信程序生成,因此代码提供方也不会对上述代码检查报告的可信性造成影响。Through the above method, the code provider does not need to provide the source code to be checked to the code demander, which ensures that the source code is not leaked. At the same time, the code demander can obtain the inspection results of the source code from the credible code inspection report, and This confirms whether the source code is a security risk. Since the above-mentioned code inspection report is generated by a trusted program, the code provider will not affect the credibility of the above-mentioned code inspection report.
在一实施例中,上述远程验证过程可以具体为:远程验证报告中包含所述代码提供方处部署的可信程序的程序摘要,代码需求方将获取上述远程验证报告(QUOTE)后,无法自行对其验证,因此需要将上述远程验证报告发送至远程验证服务器(IAS),远程验证服务器对其验证后,返回验证结果至代码需求方,并且,上述验证结果被认证服务器采用其身份私钥进行签名。如果代码需求方使用远程验证服务器的身份公钥对上述被签名的验证结果验签成功,并且上述验证结果为通过,则可以进一步将所述远程验证报告中包含的程序摘要与代码需求方自身维护的可信程序的标准程序摘要进行比较,如果比较结果一致,可以确认上述可信程序的运行环境可信,上述过程的具体细节可以参照上文中对远程验证过程的详细描述,在此不再赘述。In an embodiment, the above-mentioned remote verification process may specifically be: the remote verification report includes the program summary of the trusted program deployed at the code provider, and the code requester will not be able to automatically verify the above-mentioned remote verification report (QUOTE) after obtaining the above-mentioned remote verification report (QUOTE). To verify it, it is necessary to send the above-mentioned remote verification report to the remote verification server (IAS). sign. If the code requester uses the identity public key of the remote verification server to successfully verify the above-mentioned signed verification result, and the above-mentioned verification result is passed, then the program summary contained in the remote verification report can be further compared with the code requester's own maintenance. If the comparison results are consistent, it can be confirmed that the operating environment of the above-mentioned trusted program is credible. The specific details of the above-mentioned process can refer to the detailed description of the remote verification process above, and will not be repeated here. .
在一实施例中,如果出现代码提供方基于隐私保护等多方面的原因,拒绝向代码需求方提供源代码,但是,代码需求方又需要对源代码进行检测以确认源代码的安全性的情况,可以使上述可信程序对待检查的源代码进行编译以生成可执行文件,上述可执行 文件可以为文件扩展名为exe格式的文件,当然,本说明书对可执行文件的具体格式不进行限制。代码需求方可以获取上述可执行文件,在确认所述待检查代码安全的情况下部署上述可执行文件。在上述实施例中,代码提供方是否向代码需求方直接提供源代码将不会影响代码需求方对源代码的验证,即使代码提供方仅向代码需求方提供可执行文件,代码提供方也可以确认代码提供方撰写的源代码的安全性,以解决代码需求方与代码提供方两者之间的冲突。In one embodiment, if the code provider refuses to provide the source code to the code requester for various reasons such as privacy protection, but the code requester needs to detect the source code to confirm the security of the source code , the source code to be checked can be compiled by the above-mentioned trusted program to generate an executable file, and the above-mentioned executable file can be a file with a file extension of exe format. Of course, this specification does not limit the specific format of the executable file. The code demander can obtain the above-mentioned executable file, and deploy the above-mentioned executable file after confirming that the code to be checked is safe. In the above embodiment, whether the code provider directly provides the source code to the code requester will not affect the verification of the source code by the code requester. Even if the code provider only provides executable files to the code requester, the code provider can also Confirm the security of the source code written by the code provider to resolve the conflict between the code requester and the code provider.
在一实施例中,上述数字签名还可以用于锚定所述可执行文件。In an embodiment, the above-mentioned digital signature can also be used to anchor the executable file.
可选的,上述可信程序通过其自身的的身份私钥进行签名生成所述数字签名时,签名对象包括所述可执行文件和/或所述可执行文件的哈希值。上述可信程序使用其身份私钥可以直接对代码检查报告以及可执行文件进行签名,此时生成的数字签名中包含代码检查报告、可执行文件以及相应的签名数据,因此,在此种签名方式下,代码需求方可以从上述数字签名中提取代码检查报告,而代码提供方无需另外提供代码检查报告或者可执行文件,以此减少数据的传输量;当可信程序被确认运行于安全可信的环境中、上述数字签名通过验证、代码检查报告显示待检查的源代码不存在安全问题,上述三个方面的条件均被满足时,可以部署上述可执行文件。Optionally, when the trusted program generates the digital signature by signing with its own identity private key, the signature object includes the executable file and/or the hash value of the executable file. The above-mentioned trusted program can directly sign the code inspection report and executable file by using its identity private key. At this time, the generated digital signature includes the code inspection report, executable file and corresponding signature data. Therefore, in this signature method Under this circumstance, the code requester can extract the code inspection report from the above-mentioned digital signature, and the code provider does not need to provide additional code inspection reports or executable files, thereby reducing the amount of data transmission; when the trusted program is confirmed to run on a safe and trusted In an environment where the above-mentioned digital signatures are verified, the code inspection report shows that the source code to be inspected has no security issues, and the above-mentioned three aspects are all met, the above-mentioned executable files can be deployed.
可选的,上述可信程序可以分别对上述代码检查报告和可执行文件进行哈希计算以生成代码检查报告的标准哈希值和可执行文件的标准哈希值,再使用其身份私钥对代码检查报告的标准哈希值和可执行文件的标准哈希值进行签名,此时生成的数字签名中包含代码检查报告的标准哈希值、可执行文件的标准哈希值以及相应的签名数据,在此种签名方式下,代码需求方可以将代码检查报告和可执行文件发送至代码需求方处,代码需求方获取上述代码检查报告和可执行文件后需要分别对两者进行哈希计算,并将计算得出的哈希值与数字签名中相应的标准哈希值比较,如果均比对一致,说明上述代码检查报告和可执行文件均未被篡改,以此进一步提升代码检查报告和可执行文件的可信性;当上述可信程序被确认运行于安全可信的环境中、上述数字签名通过验证、代码检查报告显示待检查的源代码不存在安全问题,上述三个方面的条件均被满足时,可以部署上述可执行文件。Optionally, the above-mentioned trusted program can perform hash calculation on the code inspection report and the executable file respectively to generate a standard hash value of the code inspection report and a standard hash value of the executable file, and then use its identity private key pair The standard hash value of the code inspection report and the standard hash value of the executable file are signed, and the generated digital signature contains the standard hash value of the code inspection report, the standard hash value of the executable file, and the corresponding signature data , in this signature mode, the code requester can send the code inspection report and executable file to the code requester, and the code requester needs to perform hash calculation on the two after obtaining the above code inspection report and executable file, And compare the calculated hash value with the corresponding standard hash value in the digital signature. If they are consistent, it means that the above code inspection report and the executable file have not been tampered with, so as to further improve the code inspection report and reliability. The credibility of the execution file; when the above-mentioned trusted program is confirmed to run in a safe and trusted environment, the above-mentioned digital signature is verified, and the code inspection report shows that there is no security problem in the source code to be inspected, the conditions in the above three aspects are equal. When satisfied, the above executable can be deployed.
在上述实施例中,不仅可以在代码提供方仅向代码需求方提供可执行文件的情况下,使代码需求方获取到可信的代码检查结果,并且,代码需求方获取的可执行文件也通过数字签名锚定,保证了上述可执行文件由上述可信程序编译生成且并未被篡改。In the above embodiment, not only can the code requester obtain credible code inspection results when the code provider only provides executable files to the code requester, but also the executable file obtained by the code requester can also pass Digital signature anchoring ensures that the above-mentioned executable file is compiled and generated by the above-mentioned trusted program and has not been tampered with.
本说明书通过在代码提供方的可信执行环境中安装由代码需求方提供或者认证的可 信程序,可以完成对代码提供方提供的待检查源代码的检查以及编译工作;并且,上述远程验证报告以及数字签名,可以形成完整的证据链条,使代码需求方可以通过对上述可信程序运行环境的验证以及代码检查报告可信性的验证,确保代码检查报告以及可执行文件的可信性;基于可信执行环境以及可信程序本身的特性,代码提供方无需将源代码交由代码需求方检查,避免了源代码的泄露,同时,代码需求方又可以获取可信的代码检查结果,并且在代码检查结果反映待检查的源代码不存在安全问题时,部署确由上述源代码编译而成的可执行文件。本说明书在巧妙的解决了代码提供方与代码需求方之间的矛盾的同时,使双方均达到了相应的目的,保证了源代码的合法合规,规避了不必要的风险。This manual can complete the inspection and compilation of the source code to be checked provided by the code provider by installing the trusted program provided or certified by the code requester in the trusted execution environment of the code provider; and, the above remote verification report And digital signatures can form a complete evidence chain, so that the code demander can ensure the credibility of the code inspection report and executable files through the verification of the above-mentioned trusted program operating environment and the verification of the credibility of the code inspection report; based on Due to the characteristics of the trusted execution environment and the trusted program itself, the code provider does not need to submit the source code to the code requester for inspection, which avoids the leakage of the source code. At the same time, the code requester can obtain the trusted code inspection results, and When the code inspection result shows that there is no security problem in the source code to be inspected, deploy the executable file compiled from the above source code. While cleverly solving the contradiction between the code provider and the code demander, this manual enables both parties to achieve the corresponding goals, ensures the legal compliance of the source code, and avoids unnecessary risks.
图2为根据本说明书一示例性实施例示出的一种对代码安全性进行可信检查的方法的流程图,上述方法应用于代码需求方,可以包括以下步骤:步骤202:发起远程验证挑战以及代码检查请求,使代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,使代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名。FIG. 2 is a flow chart of a method for authenticity checking of code security according to an exemplary embodiment of this specification. The above method is applied to the code requester and may include the following steps: Step 202: Initiate a remote verification challenge and a code inspection request, so that the code provider generates a remote verification report for the trusted program in response to the remote verification challenge, and the trusted program is pre-provided by the code requester and runs on the trusted program at the code provider. In the execution environment; and, causing the code provider to load the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the trusted program itself The identity private key generates a digital signature for anchoring the code inspection report.
步骤204:获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。Step 204: Obtain the remote verification report and the code inspection report, confirm whether the operating environment of the trusted program is credible based on the remote verification report, and use the identity public key of the trusted program to verify the digital The signature is verified, and if it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, it is confirmed whether the code to be checked is safe according to the code inspection report.
具体的实施方式、扩展实施例以及相关的解释说明参见上文,本说明书在此不再赘述。For specific implementation manners, extended embodiments and related explanations, refer to the above, and this specification will not repeat them here.
图3为根据本说明书一示例性实施例示出的一种对代码安全性进行可信检查的方法的流程图,应用于代码需求方,可以包括以下步骤:步骤302:响应于代码需求方发起的远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中,进而使所述代码需求方获取所述远程验证报告,并基于所述远程验证报告确认所述可信程序的运行环境是否可信。Fig. 3 is a flow chart of a method for authenticity checking of code security according to an exemplary embodiment of this specification, which is applied to the code demander and may include the following steps: Step 302: Responding to the code request initiated by the code demander The remote verification challenge generates a remote verification report for the trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester can obtain The remote verification report, and confirming whether the running environment of the trusted program is credible based on the remote verification report.
步骤304:响应于所述代码需求方发起的代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名,进而使所述代码需求方获取所述代码检查 报告,并使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。Step 304: Load the trusted program in response to the code inspection request initiated by the code requester, so that the trusted program: scans the code to be checked to generate a code inspection report, and utilizes the identity privacy of the trusted program itself key to generate a digital signature for anchoring the code inspection report, so that the code requester obtains the code inspection report, and uses the identity public key of the trusted program to verify the digital signature. When it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, it is confirmed according to the code inspection report whether the code to be inspected is safe.
具体的实施方式、扩展实施例以及相关的解释说明参见上文,本说明书在此不再赘述。For specific implementation manners, extended embodiments and related explanations, refer to the above, and this specification will not repeat them here.
图4为根据本说明书一示例性实施例示出的一种对代码安全性进行可信检查的方法的多方交互图,其中包含软件需求方41、Enclave程序42、QE43以及IAS服务器44,其中,Enclave程序(可信程序)42和QE(Quoting Enclave)43部署于撰写待检查源代码的软件提供方处,且Enclave程序42和QE43运行于软件提供方的可信执行环境中,Enclave程序42由软件需求方41预先提供或者验证,IAS服务器44为CPU提供商提供的远程验证服务器,上述方法可以包括以下步骤:步骤402:软件需求方41封面别发起远程验证挑战和代码检查请求;上述远程验证挑战是为了验证Enclave程序42的运行环境是否安全可信,而代码检查请求是为了使Enclave程序42检查验证代码提供方撰写的源代码是否存在安全风险,两者相互独立,互不影响。Fig. 4 is a multi-party interaction diagram showing a method for credible checking of code security according to an exemplary embodiment of this specification, which includes a software demander 41, an Enclave program 42, a QE 43, and an IAS server 44, wherein the Enclave Program (trusted program) 42 and QE (Quoting Enclave) 43 are deployed at the software provider who writes the source code to be checked, and Enclave program 42 and QE43 run in the trusted execution environment of the software provider, Enclave program 42 is provided by the software The demander 41 provides or verifies in advance, and the IAS server 44 is a remote verification server provided by the CPU provider. The above-mentioned method may include the following steps: Step 402: the software demander 41 initiates a remote verification challenge and a code inspection request; the above-mentioned remote verification challenge It is to verify whether the operating environment of the Enclave program 42 is safe and reliable, and the code inspection request is to enable the Enclave program 42 to check whether the source code written by the verification code provider has security risks. The two are independent of each other and do not affect each other.
步骤404:Enclave程序42生成程序摘要;步骤406:Enclave程序42基于非对称加密算法生成身份公钥TA_PK和身份私钥TA_SK。Step 404: Enclave program 42 generates a program digest; Step 406: Enclave program 42 generates an identity public key TA_PK and an identity private key TA_SK based on an asymmetric encryption algorithm.
步骤408:Enclave程序42生成REPORT,REPORT中至少包含步骤404中生成的程序摘要以及步骤406中生成的身份公钥TA_PK,并执行步骤410将REPORT发送至QE43处。Step 408: Enclave program 42 generates a REPORT, which at least includes the program summary generated in step 404 and the identity public key TA_PK generated in step 406, and executes step 410 to send the REPORT to QE43.
软件提供方响应于远程验证挑战加载Enclave程序42,Enclave程序42如步骤404~406生成程序摘要以及自身的公私钥对,其中公钥用TA_PK表示,私钥用TA_SK表示。进而如步骤408~410所示,生成REPORT,REPORT中至少包含TA_PK和程序摘要,生成完成后将REPORT返回至QE43处。需要说明的是,本实施例所示的Enclave程序42生成公私钥对的时机仅为多种可能中的一种,本说明书并不限制上述何时生成公私钥对以及软件需求方41如何获取公私钥对中的公钥TA_PK。The software provider loads the Enclave program 42 in response to the remote verification challenge, and the Enclave program 42 generates a program summary and its own public-private key pair in steps 404-406, where the public key is represented by TA_PK and the private key is represented by TA_SK. Further, as shown in steps 408-410, a REPORT is generated, which at least includes TA_PK and a program summary, and the REPORT is returned to QE43 after the generation is completed. It should be noted that the time when the Enclave program 42 in this embodiment generates a public-private key pair is only one of many possibilities. The public key TA_PK in the key pair.
步骤412:QE43使用EPID私钥对REPORT签名生成QUOTE,QE43为代码提供方处另一个特殊的enclave,即quoting enclave(简称QE)。QE43基于REPORT验证Enclave程序42是否与自身处于同一平台上,而后由QE43将该REPORT结构封装为一结构体,并使用EPID(Enhanced Privacy Identification)私钥进行签名,以生成QUOTE。EPID私 钥不仅代表代码提供方,还代表代码提供方的底层硬件的可信度,还可以绑定处理器固件的版本等信息,并且只有QE43才能访问到EPID私钥,而EPID公钥由IAS服务器44管理维护。Step 412: QE43 uses the EPID private key to sign REPORT to generate QUOTE, and QE43 places another special enclave for the code provider, that is, quoting enclave (QE for short). QE43 verifies whether the Enclave program 42 is on the same platform as itself based on REPORT, and then encapsulates the REPORT structure into a structure by QE43, and uses the EPID (Enhanced Privacy Identification) private key to sign to generate QUOTE. The EPID private key not only represents the code provider, but also represents the credibility of the underlying hardware of the code provider, and can also bind information such as the version of the processor firmware, and only QE43 can access the EPID private key, while the EPID public key is provided by IAS Server 44 manages maintenance.
步骤414:Enclave程序42可以对软件提供方撰写的待检查源代码进行静态扫描以生成代码检查报告R。Step 414: The Enclave program 42 can statically scan the source code to be checked written by the software provider to generate a code checking report R.
步骤416:Enclave程序42可以对步骤414中生成的代码检查报告R进行哈希计算生成代码检查报告R的标准哈希值,用HR表示。Step 416: The Enclave program 42 may perform hash calculation on the code inspection report R generated in step 414 to generate a standard hash value of the code inspection report R, represented by HR.
步骤418:Enclave程序42还可以对软件提供方撰写的待检查源代码进行编译以生成可执行文件E。Step 418: The Enclave program 42 can also compile the source code to be checked written by the software provider to generate an executable file E.
步骤420:Enclave程序42可以对步骤418中生成的可执行文件E进行哈希计算生成可执行文件E的标准哈希值,用HE表示。Step 420: The Enclave program 42 may perform hash calculation on the executable file E generated in step 418 to generate a standard hash value of the executable file E, represented by HE.
步骤422:Enclave程序42可以使用自身的身份私钥TA_SK对HR和HE签名以生成数字签名S,根据相关技术,上述签名S=HR,HE,sign(HR,HE),其中HR代表代码检查报告R的标准哈希值的原文件,HE代表可执行文件E的原文件,sign(HR,HE)代表签名数据。Step 422: Enclave program 42 can use its own identity private key TA_SK to sign HR and HE to generate a digital signature S. According to related technologies, the above-mentioned signature S=HR, HE, sign(HR, HE), where HR represents a code inspection report The original file of the standard hash value of R, HE represents the original file of the executable file E, and sign(HR,HE) represents the signature data.
步骤424:Enclave程序42将数字签名S、REPORT、代码检查报告R以及可执行文件E返回至软件需求方41处。Step 424: Enclave program 42 returns digital signature S, REPORT, code inspection report R and executable file E to software requester 41.
步骤426:QE43将QUOTE返回至软件需求方41处。Step 426: QE43 returns the QUOTE to the software demander 41.
步骤428:代码需求方41将获取QUOTE后,由于其无法获得EPID公钥,无法自行对其验证,需要将上述QUOTE发送至IAS服务器44处。Step 428: After obtaining the QUOTE, the code requester 41 needs to send the above QUOTE to the IAS server 44 because it cannot obtain the EPID public key and cannot verify it by itself.
步骤430:IAS服务器44使用EPID公钥对上述QUOTE验证后,返回远程验证结果至代码需求方41处,即步骤432。并且,上述验证结果被IAS服务器44采用其身份私钥进行签名,如果代码需求方41使用远程验证服务器的身份公钥对上述被签名的验证结果验签成功,并且上述验证结果为通过,则可以进一步将所述远程验证报告中包含的程序摘要与代码需求方自身维护的可信程序的标准程序摘要进行比较,如果比较结果一致,可以确认上述可信程序的运行环境可信,上述过程的具体细节可以参照上文中对远程验证过程的详细描述,在此不再赘述。Step 430: After the IAS server 44 uses the EPID public key to verify the above QUOTE, it returns the remote verification result to the code requester 41, that is, step 432. And, the above-mentioned verification result is signed by the IAS server 44 using its identity private key, if the code requester 41 uses the identity public key of the remote verification server to successfully verify the above-mentioned signed verification result, and the above-mentioned verification result is passed, then you can Further compare the program summary contained in the remote verification report with the standard program summary of the trusted program maintained by the code demander itself. If the comparison results are consistent, it can be confirmed that the operating environment of the above-mentioned trusted program is credible. The specific details of the above-mentioned process For details, refer to the detailed description of the remote verification process above, and details will not be repeated here.
步骤434:代码需求方41从获取的REPORT中提取TA_PK,并对S进行验签操作, 如果验签成功,说明HR、HE的确由Enclave程序42生成,并且未被篡改。Step 434: The code requester 41 extracts TA_PK from the obtained REPORT, and performs a signature verification operation on S. If the signature verification is successful, it means that HR and HE are indeed generated by the Enclave program 42 and have not been tampered with.
步骤436:代码需求方41分别对R与E进行哈希计算,并且将得出的结果分别与从数字签名S中提取HE与HR进行比对,如果比对一致,则说明代码检查报告R以及可执行文件E未被篡改。Step 436: The code requester 41 performs hash calculations on R and E respectively, and compares the obtained results with HE and HR extracted from the digital signature S, and if the comparison is consistent, it indicates the code inspection report R and Executable E has not been tampered with.
步骤438:如果上述远程验证通过且哈希值检验均通过,说明Enclave程序42的运行环境安全可信,并且代码检查报告R以及可执行文件E的确由运行于安全可信环境中的生成且并未被篡改,因此可以认为代码检查报告R可信地反应了待检查源代码的安全情况。Step 438: If the above-mentioned remote verification is passed and the hash value check is passed, it means that the running environment of the Enclave program 42 is safe and credible, and the code inspection report R and the executable file E are indeed generated by running in a safe and credible environment and It has not been tampered with, so it can be considered that the code inspection report R credibly reflects the security situation of the source code to be inspected.
步骤440:在上述代码检查报告R被认为可信的情况下,如果代码检查报告R中的结果认为待检查源代码没有安全问题,则说明Enclave程序42编译生成的可执行文件E不存在安全风险,可以部署。Step 440: In the case where the above-mentioned code inspection report R is considered credible, if the result in the code inspection report R considers that the source code to be inspected has no security issues, it means that the executable file E compiled by the Enclave program 42 does not have a security risk , ready to deploy.
图5是一示例性实施例提供的一种设备的示意结构图。请参考图5,在硬件层面,该设备包括处理器502、内部总线504、网络接口506、内存508以及非易失性存储器510,当然还可能包括其他业务所需要的硬件。本说明书一个或多个实施例可以基于软件方式来实现,比如由处理器502从非易失性存储器510中读取对应的计算机程序到内存508中然后运行。当然,除了软件实现方式之外,本说明书一个或多个实施例并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。Fig. 5 is a schematic structural diagram of a device provided by an exemplary embodiment. Please refer to FIG. 5 , at the hardware level, the device includes a processor 502 , an internal bus 504 , a network interface 506 , a memory 508 and a non-volatile memory 510 , and of course it may also include hardware required by other services. One or more embodiments of this specification may be implemented based on software, for example, the processor 502 reads a corresponding computer program from the non-volatile memory 510 into the memory 508 and executes it. Of course, in addition to software implementations, one or more embodiments of this specification do not exclude other implementations, such as logic devices or a combination of software and hardware, etc., that is to say, the execution subject of the following processing flow is not limited to each A logic unit, which can also be a hardware or logic device.
请参考图6,实现可信调度的装置可以应用于如图5所示的设备中,以实现本说明书的技术方案。Please refer to FIG. 6 , the device for implementing trusted scheduling can be applied to the device shown in FIG. 5 to implement the technical solution of this specification.
其中,对代码安全性进行可信检查的装置,应用于代码需求方,包括:发起单元602,用于发起远程验证挑战以及代码检查请求,使代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,使代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名;确认单元604,用于获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检 查报告确认所述待检查代码是否安全。Wherein, the device for authentically checking the code security is applied to the code requester, and includes: an initiating unit 602, configured to initiate a remote verification challenge and a code inspection request, so that the code provider responds to the remote verification challenge to generate an a remote verification report of a trusted program, the trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider; and the code provider loads the code in response to the code inspection request The trusted program makes the trusted program: scan the code to be checked to generate a code inspection report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code inspection report; confirm Unit 604, configured to acquire the remote verification report and the code inspection report, confirm whether the operating environment of the trusted program is credible based on the remote verification report, and use the identity public key of the trusted program to verify the Verifying the digital signature, and confirming whether the code to be inspected is safe or not according to the code inspection report when it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification.
可选的,上述装置还可以包括:部署单元606,用于获取所述可信程序编译所述待检查代码以生成的可执行文件,在确认所述待检查代码安全的情况下部署所述可执行文件。Optionally, the above apparatus may further include: a deploying unit 606, configured to obtain an executable file generated by compiling the code to be checked by the trusted program, and deploy the executable file when it is confirmed that the code to be checked is safe. executable file.
可选的,所述数字签名还用于锚定所述可执行文件。Optionally, the digital signature is also used to anchor the executable file.
可选的,所述可信程序的身份公钥被包含于所述远程验证报告中。Optionally, the identity public key of the trusted program is included in the remote verification report.
可选的,所述确认单元604具体用于:所述远程验证报告中包含所述代码提供方处部署的可信程序的程序摘要;所述基于所述远程验证报告确认所述可信程序的运行环境是否可信,包括:将所述远程验证报告发送至远程验证服务器,并接收所述远程验证服务器返回的验证结果,所述验证结果有所述远程验证服务器的身份私钥进行的签名;在根据所述远程验证服务器的身份公钥进行验签成功且所述验证结果为通过验证的情况下,将所述远程验证报告中包含的程序摘要与所述代码需求方自身维护的可信程序的标准程序摘要进行比较,并在比较结果为一致的情况下确认所述可信程序的运行环境可信。Optionally, the confirming unit 604 is specifically configured to: the remote verification report includes a program summary of the trusted program deployed at the code provider; Whether the operating environment is credible, including: sending the remote verification report to the remote verification server, and receiving the verification result returned by the remote verification server, the verification result being signed by the identity private key of the remote verification server; If the signature verification is successful based on the identity public key of the remote verification server and the verification result is verified, combine the program summary contained in the remote verification report with the trusted program maintained by the code requester itself compare the summary of the standard program, and confirm that the operating environment of the trusted program is credible if the comparison result is consistent.
请参考图7,实现可信调度的装置可以应用于如图5所示的设备中,以实现本说明书的技术方案。Please refer to FIG. 7 , the device for implementing trusted scheduling can be applied to the device shown in FIG. 5 to implement the technical solution of this specification.
其中,对代码安全性进行可信检查的装置,应用于代码提供方,包括:第一生成单元702,用于响应于代码需求方发起的远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中,进而使所述代码需求方获取所述远程验证报告,并基于所述远程验证报告确认所述可信程序的运行环境是否可信;第二生成单元704,用于响应于所述代码需求方发起的代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名,进而使所述代码需求方获取所述代码检查报告,并使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。Wherein, the device for authentically checking code security is applied to the code provider, including: a first generating unit 702, configured to generate a remote verification report for a trusted program in response to a remote verification challenge initiated by the code requester, so The trusted program is pre-provided by the code requester and runs in the trusted execution environment of the code provider, so that the code requester obtains the remote verification report and confirms based on the remote verification report Whether the operating environment of the trusted program is credible; the second generating unit 704 is configured to load the trusted program in response to the code inspection request initiated by the code requester, so that the trusted program: scans the code to be checked to generate a code inspection report, and use the identity private key of the trusted program itself to generate a digital signature for anchoring the code inspection report, so that the code requester can obtain the code inspection report and use the The identity public key of the trusted program verifies the digital signature, and when it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, the code inspection report confirms that the Check that the code is safe.
可选的,通过所述可信程序的身份私钥进行签名生成所述数字签名时,签名对象包括所述代码检查报告和/或所述代码检查报告的哈希值。Optionally, when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the code inspection report and/or a hash value of the code inspection report.
可选的,上述装置还可以包括:编译单元706,被所述可信程序用于编译所述待检查代码以生成可执行文件;所述可执行文件被所述代码需求方获取,并且在确认所述 待检查代码安全的情况下部署。Optionally, the above-mentioned apparatus may further include: a compilation unit 706, used by the trusted program to compile the code to be checked to generate an executable file; Deploy when the code to be checked is safe.
可选的,所述数字签名还用于锚定所述可执行文件。Optionally, the digital signature is also used to anchor the executable file.
可选的,通过所述可信程序的身份私钥进行签名生成所述数字签名时,签名对象包括所述可执行文件和/或所述可执行文件的哈希值。Optionally, when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the executable file and/or the hash value of the executable file.
可选的,所述可信程序的身份公钥被包含于所述远程验证报告中。Optionally, the identity public key of the trusted program is included in the remote verification report.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机,计算机的具体形式可以是个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件收发设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任意几种设备的组合。The systems, devices, modules, or units described in the above embodiments can be specifically implemented by computer chips or entities, or by products with certain functions. A typical implementing device is a computer, which may take the form of a personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media player, navigation device, e-mail device, game control device, etc. desktops, tablets, wearables, or any combination of these.
在一个典型的配置中,计算机包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in computer-readable media, in the form of random access memory (RAM) and/or nonvolatile memory such as read-only memory (ROM) or flash RAM. Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带、磁盘存储、量子存储器、基于石墨烯的存储介质或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media, including both permanent and non-permanent, removable and non-removable media, can be implemented by any method or technology for storage of information. Information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic cassettes, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by computing devices. As defined herein, computer-readable media excludes transitory computer-readable media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes Other elements not expressly listed, or elements inherent in the process, method, commodity, or apparatus are also included. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or apparatus comprising said element.
上述对本说明书特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作或步骤可以按照不同于实施例中的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序才能实现期望的结果。在某些实施方式中,多任务处理和并行处理也是可以的或者可能是有利的。The foregoing describes specific embodiments of this specification. Other implementations are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in an order different from that in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. Multitasking and parallel processing are also possible or may be advantageous in certain embodiments.
在本说明书一个或多个实施例使用的术语是仅仅出于描述特定实施例的目的,而非旨在限制本说明书一个或多个实施例。在本说明书一个或多个实施例和所附权利要求书中所使用的单数形式的“一种”、“所述”和“该”也旨在包括多数形式,除非上下文清楚地表示其他含义。还应当理解,本文中使用的术语“和/或”是指并包含一个或多个相关联的列出项目的任何或所有可能组合。Terms used in one or more embodiments of the present specification are for the purpose of describing specific embodiments only, and are not intended to limit the one or more embodiments of the present specification. As used in one or more embodiments of this specification and the appended claims, the singular forms "a", "the", and "the" are also intended to include the plural forms unless the context clearly dictates otherwise. It should also be understood that the term "and/or" as used herein refers to and includes any and all possible combinations of one or more of the associated listed items.
应当理解,尽管在本说明书一个或多个实施例可能采用术语第一、第二、第三等来描述各种信息,但这些信息不应限于这些术语。这些术语仅用来将同一类型的信息彼此区分开。例如,在不脱离本说明书一个或多个实施例范围的情况下,第一信息也可以被称为第二信息,类似地,第二信息也可以被称为第一信息。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”或“响应于确定”。It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of one or more embodiments of this specification, first information may also be called second information, and similarly, second information may also be called first information. Depending on the context, the word "if" as used herein may be interpreted as "at" or "when" or "in response to a determination."
以上所述仅为本说明书一个或多个实施例的较佳实施例而已,并不用以限制本说明书一个或多个实施例,凡在本说明书一个或多个实施例的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本说明书一个或多个实施例保护的范围之内。The above descriptions are only preferred embodiments of one or more embodiments of this specification, and are not intended to limit one or more embodiments of this specification. Within the spirit and principles of one or more embodiments of this specification, Any modification, equivalent replacement, improvement, etc. should be included in the scope of protection of one or more embodiments of this specification.

Claims (22)

  1. 一种对代码安全性进行可信检查的方法,包括:A method of trusted checking of code security comprising:
    代码需求方发起远程验证挑战以及代码检查请求;The code requester initiates a remote verification challenge and code inspection request;
    代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名;The code provider generates a remote verification report for the trusted program in response to the remote verification challenge, the trusted program is pre-provided by the code requester and runs in a trusted execution environment at the code provider; and , the code provider loads the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself to generate a A digital signature anchoring said code inspection report;
    代码需求方获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。The code demander obtains the remote verification report and the code inspection report, confirms whether the operating environment of the trusted program is credible based on the remote verification report, and uses the identity public key of the trusted program to verify the digital The signature is verified, and if it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, it is confirmed whether the code to be checked is safe according to the code inspection report.
  2. 根据权利要求1所述的方法,通过所述可信程序的身份私钥进行签名生成所述数字签名时,签名对象包括所述代码检查报告和/或所述代码检查报告的哈希值。According to the method according to claim 1, when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the code inspection report and/or the hash value of the code inspection report.
  3. 根据权利要求1所述的方法,所述可信程序还用于编译所述待检查代码以生成可执行文件;所述方法还包括:According to the method according to claim 1, the trusted program is also used to compile the code to be checked to generate an executable file; the method also includes:
    代码需求方获取所述可执行文件,在确认所述待检查代码安全的情况下部署所述可执行文件。The code demander obtains the executable file, and deploys the executable file after confirming that the code to be checked is safe.
  4. 根据权利要求3所述的方法,所述数字签名还用于锚定所述可执行文件。The method of claim 3, said digital signature is also used to anchor said executable file.
  5. 根据权利要求4所述的方法,通过所述可信程序的身份私钥进行签名生成所述数字签名时,签名对象包括所述可执行文件和/或所述可执行文件的哈希值。According to the method of claim 4, when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the executable file and/or the hash value of the executable file.
  6. 根据权利要求1所述的方法,所述可信程序的身份公钥被包含于所述远程验证报告中。The method of claim 1, the trusted program's identity public key is included in the remote verification report.
  7. 根据权利要求1所述的方法,所述远程验证报告中包含所述代码提供方处部署的可信程序的程序摘要;所述基于所述远程验证报告确认所述可信程序的运行环境是否可信,包括:The method according to claim 1, wherein the remote verification report includes a program summary of the trusted program deployed at the code provider; letter, including:
    所述代码需求方将所述远程验证报告发送至远程验证服务器,并接收所述远程验证服务器返回的验证结果,所述验证结果有所述远程验证服务器的身份私钥进行的签名;The code requesting party sends the remote verification report to the remote verification server, and receives the verification result returned by the remote verification server, and the verification result is signed by the identity private key of the remote verification server;
    所述代码需求方在根据所述远程验证服务器的身份公钥进行验签成功且所述验证结果为通过验证的情况下,将所述远程验证报告中包含的程序摘要与所述代码需求方自身维护的可信程序的标准程序摘要进行比较,并在比较结果为一致的情况下确认所述可 信程序的运行环境可信。In the case that the code requesting party successfully performs signature verification according to the identity public key of the remote verification server and the verification result is verified, the code requesting party compares the program summary contained in the remote verification report with the code requesting party itself Compare the standard program summaries of the trusted programs maintained, and confirm that the operating environment of the trusted program is trusted if the comparison results are consistent.
  8. 一种对代码安全性进行可信检查的方法,应用于代码需求方,包括:A method for credible checking of code security, applied to the code demand side, including:
    发起远程验证挑战以及代码检查请求,使代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,使代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名;Initiate a remote verification challenge and a code inspection request, so that the code provider generates a remote verification report for the trusted program in response to the remote verification challenge. The trusted program is pre-provided by the code requester and runs on the code provider and, causing the code provider to load the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report, and utilizes the The identity private key of the trusted program itself generates a digital signature for anchoring the code inspection report;
    获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。Obtaining the remote verification report and the code inspection report, confirming whether the operating environment of the trusted program is credible based on the remote verification report, and verifying the digital signature using the identity public key of the trusted program If it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the verification, according to the code inspection report, it is confirmed whether the code to be inspected is safe.
  9. 根据权利要求8所述的方法,还包括:The method of claim 8, further comprising:
    获取所述可信程序编译所述待检查代码以生成的可执行文件,在确认所述待检查代码安全的情况下部署所述可执行文件。Obtaining an executable file generated by compiling the code to be checked by the trusted program, and deploying the executable file when it is confirmed that the code to be checked is safe.
  10. 根据权利要求9所述的方法,所述数字签名还用于锚定所述可执行文件。The method of claim 9, the digital signature is also used to anchor the executable file.
  11. 根据权利要求8所述的方法,所述可信程序的身份公钥被包含于所述远程验证报告中。The method of claim 8, the trusted program's identity public key is included in the remote verification report.
  12. 根据权利要求8所述的方法,所述远程验证报告中包含所述代码提供方处部署的可信程序的程序摘要;所述基于所述远程验证报告确认所述可信程序的运行环境是否可信,包括:The method according to claim 8, wherein the remote verification report includes a program summary of the trusted program deployed at the code provider; letter, including:
    将所述远程验证报告发送至远程验证服务器,并接收所述远程验证服务器返回的验证结果,所述验证结果有所述远程验证服务器的身份私钥进行的签名;Sending the remote verification report to a remote verification server, and receiving a verification result returned by the remote verification server, the verification result being signed by the identity private key of the remote verification server;
    在根据所述远程验证服务器的身份公钥进行验签成功且所述验证结果为通过验证的情况下,将所述远程验证报告中包含的程序摘要与所述代码需求方自身维护的可信程序的标准程序摘要进行比较,并在比较结果为一致的情况下确认所述可信程序的运行环境可信。If the signature verification is successful based on the identity public key of the remote verification server and the verification result is verified, combine the program summary contained in the remote verification report with the trusted program maintained by the code requester itself compare the summary of the standard program, and confirm that the running environment of the trusted program is credible if the comparison result is consistent.
  13. 一种对代码安全性进行可信检查的方法,应用于代码提供方,包括:A method for credible checking of code security, applied to code providers, including:
    响应于代码需求方发起的远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中,进而使所述代码需求方获取所述远程验证报告,并基于所述远程验证报告确认所述可信程序的运行环境是否可信;Generating a remote verification report for a trusted program in response to a remote verification challenge initiated by a code requester, the trusted program being pre-provided by the code requester and running in a trusted execution environment at the code provider, and then enabling the code requester to obtain the remote verification report, and confirm whether the operating environment of the trusted program is credible based on the remote verification report;
    以及,响应于所述代码需求方发起的代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名,进而使所述代码需求方获取所述代码检查报告,并使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。And, load the trusted program in response to the code inspection request initiated by the code demander, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the identity private key of the trusted program itself Generate a digital signature for anchoring the code inspection report, and then enable the code requester to obtain the code inspection report, and use the identity public key of the trusted program to verify the digital signature, and confirm If the running environment of the trusted program is credible and the digital signature passes the verification, confirm whether the code to be checked is safe according to the code checking report.
  14. 根据权利要求13所述的方法,通过所述可信程序的身份私钥进行签名生成所述数字签名时,签名对象包括所述代码检查报告和/或所述代码检查报告的哈希值。According to the method of claim 13, when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the code inspection report and/or the hash value of the code inspection report.
  15. 根据权利要求13所述的方法,所述可信程序还用于编译所述待检查代码以生成可执行文件;所述可执行文件被所述代码需求方获取,并且在确认所述待检查代码安全的情况下部署。According to the method according to claim 13, the trusted program is also used to compile the code to be checked to generate an executable file; the executable file is obtained by the code requester, and after confirming the code to be checked Deploy when safe.
  16. 根据权利要求15所述的方法,所述数字签名还用于锚定所述可执行文件。The method of claim 15, the digital signature is also used to anchor the executable.
  17. 根据权利要求16所述的方法,通过所述可信程序的身份私钥进行签名生成所述数字签名时,签名对象包括所述可执行文件和/或所述可执行文件的哈希值。According to the method of claim 16, when the digital signature is generated by signing with the identity private key of the trusted program, the signature object includes the executable file and/or the hash value of the executable file.
  18. 根据权利要求13所述的方法,所述可信程序的身份公钥被包含于所述远程验证报告中。The method of claim 13, the trusted program's identity public key is included in the remote verification report.
  19. 一种对代码安全性进行可信检查的装置,应用于代码需求方,包括:A device for credible checking of code security, applied to the code demand side, including:
    发起单元,用于发起远程验证挑战以及代码检查请求,使代码提供方响应于所述远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中;以及,使代码提供方响应于所述代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名;An initiating unit, configured to initiate a remote verification challenge and a code inspection request, so that the code provider generates a remote verification report for a trusted program in response to the remote verification challenge, and the trusted program is pre-provided and run by the code requester In the trusted execution environment at the code provider; and, causing the code provider to load the trusted program in response to the code inspection request, so that the trusted program: scans the code to be checked to generate a code inspection report , and using the trusted program's own identity private key to generate a digital signature for anchoring the code inspection report;
    确认单元,用于获取所述远程验证报告和所述代码检查报告,基于所述远程验证报告确认所述可信程序的运行环境是否可信,以及使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。A confirmation unit, configured to obtain the remote verification report and the code inspection report, confirm whether the operating environment of the trusted program is credible based on the remote verification report, and use the identity public key of the trusted program to verify the Verifying the digital signature, and confirming whether the code to be inspected is safe or not according to the code inspection report when it is confirmed that the running environment of the trusted program is credible and the digital signature passes the verification.
  20. 一种对代码安全性进行可信检查的装置,应用于代码提供方,包括:A device for credible checking of code security, applied to code providers, including:
    第一生成单元,用于响应于代码需求方发起的远程验证挑战生成针对可信程序的远程验证报告,所述可信程序由所述代码需求方预先提供并运行于所述代码提供方处的可信执行环境中,进而使所述代码需求方获取所述远程验证报告,并基于所述远程验证报告确认所述可信程序的运行环境是否可信;A first generating unit, configured to generate a remote verification report for a trusted program in response to a remote verification challenge initiated by a code requester, the trusted program being pre-provided by the code requester and running on the code provider's In a trusted execution environment, further enabling the code requester to obtain the remote verification report, and confirm whether the operating environment of the trusted program is credible based on the remote verification report;
    第二生成单元,用于响应于所述代码需求方发起的代码检查请求加载所述可信程序,使所述可信程序:扫描待检查代码以生成代码检查报告,并利用所述可信程序自身的身份私钥生成用于锚定所述代码检查报告的数字签名,进而使所述代码需求方获取所述代码检查报告,并使用所述可信程序的身份公钥对所述数字签名进行验签,在确认所述可信程序的运行环境可信且所述数字签名通过验签的情况下,根据所述代码检查报告确认所述待检查代码是否安全。The second generation unit is configured to load the trusted program in response to the code inspection request initiated by the code requester, so that the trusted program: scans the code to be checked to generate a code inspection report, and uses the trusted program Its own identity private key generates a digital signature for anchoring the code inspection report, so that the code requester obtains the code inspection report, and uses the identity public key of the trusted program to verify the digital signature Signature verification. When it is confirmed that the operating environment of the trusted program is credible and the digital signature passes the signature verification, according to the code inspection report, it is confirmed whether the code to be inspected is safe.
  21. 一种电子设备,包括:An electronic device comprising:
    处理器;processor;
    用于存储处理器可执行指令的存储器;memory for storing processor-executable instructions;
    其中,所述处理器通过运行所述可执行指令以实现如权利要求1-18中任一项所述的方法。Wherein, the processor implements the method according to any one of claims 1-18 by running the executable instructions.
  22. 一种计算机可读存储介质,其上存储有计算机指令,该指令被处理器执行时实现如权利要求1-18中任一项所述方法的步骤。A computer-readable storage medium, on which computer instructions are stored, and the steps of the method according to any one of claims 1-18 are implemented when the instructions are executed by a processor.
PCT/CN2022/093834 2021-06-10 2022-05-19 Method and apparatus for performing trust check on code security WO2022257722A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110648867.8A CN113343234B (en) 2021-06-10 2021-06-10 Method and device for carrying out credible check on code security
CN202110648867.8 2021-06-10

Publications (1)

Publication Number Publication Date
WO2022257722A1 true WO2022257722A1 (en) 2022-12-15

Family

ID=77476408

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/093834 WO2022257722A1 (en) 2021-06-10 2022-05-19 Method and apparatus for performing trust check on code security

Country Status (2)

Country Link
CN (1) CN113343234B (en)
WO (1) WO2022257722A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343234B (en) * 2021-06-10 2023-01-20 支付宝(杭州)信息技术有限公司 Method and device for carrying out credible check on code security
CN114036527B (en) * 2021-11-04 2023-01-31 云海链控股股份有限公司 Code injection method, code running end, code injection end and related equipment
CN115051810B (en) * 2022-06-20 2023-07-25 北京大学 Interface type digital object authenticity verification method and device based on remote proof
CN117992963A (en) * 2022-11-07 2024-05-07 华为技术有限公司 Security verification method, data processing system, storage medium, and program product
CN116151827B (en) * 2023-04-04 2023-07-14 北京银联金卡科技有限公司 Digital wallet security system and double off-line transaction method based on security system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108399329A (en) * 2018-01-23 2018-08-14 晶晨半导体(上海)股份有限公司 A method of improving trusted application safety
CN108462689A (en) * 2017-02-22 2018-08-28 英特尔公司 Technology for the certification of the long-range enclaves SGX
CN109726588A (en) * 2018-12-21 2019-05-07 上海邑游网络科技有限公司 Method for secret protection and system based on Information hiding
CN110011801A (en) * 2018-11-16 2019-07-12 阿里巴巴集团控股有限公司 Remote certification method and device, the electronic equipment of trusted application
US20200327230A1 (en) * 2017-11-03 2020-10-15 Nokia Technologies Oy Method and apparatus for trusted computing
CN112818327A (en) * 2021-02-26 2021-05-18 中国人民解放军国防科技大学 TrustZone-based user-level code and data security credibility protection method and device
CN113343234A (en) * 2021-06-10 2021-09-03 支付宝(杭州)信息技术有限公司 Method and device for carrying out credible check on code security

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997004394A1 (en) * 1995-07-14 1997-02-06 Christopher Nathan Drake Computer software authentication, protection, and security system
US8375221B1 (en) * 2011-07-29 2013-02-12 Microsoft Corporation Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
CN111090865B (en) * 2019-12-17 2022-01-25 支付宝(杭州)信息技术有限公司 Secret key authorization method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108462689A (en) * 2017-02-22 2018-08-28 英特尔公司 Technology for the certification of the long-range enclaves SGX
US20200327230A1 (en) * 2017-11-03 2020-10-15 Nokia Technologies Oy Method and apparatus for trusted computing
CN108399329A (en) * 2018-01-23 2018-08-14 晶晨半导体(上海)股份有限公司 A method of improving trusted application safety
CN110011801A (en) * 2018-11-16 2019-07-12 阿里巴巴集团控股有限公司 Remote certification method and device, the electronic equipment of trusted application
CN109726588A (en) * 2018-12-21 2019-05-07 上海邑游网络科技有限公司 Method for secret protection and system based on Information hiding
CN112818327A (en) * 2021-02-26 2021-05-18 中国人民解放军国防科技大学 TrustZone-based user-level code and data security credibility protection method and device
CN113343234A (en) * 2021-06-10 2021-09-03 支付宝(杭州)信息技术有限公司 Method and device for carrying out credible check on code security

Also Published As

Publication number Publication date
CN113343234A (en) 2021-09-03
CN113343234B (en) 2023-01-20

Similar Documents

Publication Publication Date Title
WO2022257722A1 (en) Method and apparatus for performing trust check on code security
Conte de Leon et al. Blockchain: properties and misconceptions
WO2021184963A1 (en) Contract calling method and apparatus
US11637707B2 (en) System and method for managing installation of an application package requiring high-risk permission access
CN111049825B (en) Secure multi-party computing method and system based on trusted execution environment
JP7426475B2 (en) Decentralized data authentication
Anati et al. Innovative technology for CPU based attestation and sealing
US11012241B2 (en) Information handling system entitlement validation
US20150347768A1 (en) Policy-Based Trusted Inspection of Rights Managed Content
CA2903376C (en) Configuration and verification by trusted provider
WO2017124960A1 (en) Method and device for application program to access interface, and method and device for application program to request authorization
JP2014526101A (en) The origin of software runtime
US20210256113A1 (en) Blockchain Validation of Software
US10554663B2 (en) Self-destructing smart data container
TWI745629B (en) Computer system and method for initializing computer system
US20140282834A1 (en) Managing exchanges of sensitive data
WO2022252897A1 (en) Method and apparatus for implementing trusted scheduling
Ahamed et al. Security audit of docker container images in cloud architecture
CN113704211B (en) Data query method and device, electronic equipment and storage medium
CN114651253A (en) Virtual environment type verification for policy enforcement
Cooper et al. Security considerations for code signing
NL2033980A (en) New method for trusted data decryption based on privacy-preserving computation
US11997215B2 (en) Secret protection during software development life cycle
KR102403014B1 (en) Method for preventing forgery of clould container image and checking vulnerability diagnosis
CN114547656A (en) Intel SGX-based two-stage remote certification method in cloud environment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22819320

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE