WO2023099895A1 - Procédé et système de partage sécurisé de données - Google Patents

Procédé et système de partage sécurisé de données Download PDF

Info

Publication number
WO2023099895A1
WO2023099895A1 PCT/GB2022/053042 GB2022053042W WO2023099895A1 WO 2023099895 A1 WO2023099895 A1 WO 2023099895A1 GB 2022053042 W GB2022053042 W GB 2022053042W WO 2023099895 A1 WO2023099895 A1 WO 2023099895A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
data
tee
users
server
Prior art date
Application number
PCT/GB2022/053042
Other languages
English (en)
Inventor
Carlton SHEPHERD
Konstantinos MARKANTONAKIS
Original Assignee
Royal Holloway University Of London
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB2118023.7A external-priority patent/GB2616245A/en
Application filed by Royal Holloway University Of London filed Critical Royal Holloway University Of London
Publication of WO2023099895A1 publication Critical patent/WO2023099895A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present invention relates to a method and system for sharing data in a secure manner.
  • the method and system relate to sharing data between trusted execution environments.
  • Trusted execution environments are well known in the art and typically comprise a secure area of a computer processor, such as the central processing unit, in which data can be securely received and operated on. Encrypted data may be loaded, decrypted, processed and re-encrypted within a TEE, thereby providing a secure area of a computer which is less susceptible to malicious attacks.
  • a computing device may comprise a standard execution environment implemented with, for example, an operating system such as Windows or Linux, and a trusted execution environment within a processor in which only specific operations or applications may be executed.
  • TEE secure computing
  • the encrypted data leaves the TEE, it is exposed to security risks present outside of the TEE.
  • a user may process data within a TEE and output that data to a third party, there is presently no way of determining whether the encrypted data remains secure and untampered with.
  • the use of TEE alone is no longer sufficient.
  • the present invention provides a computer implemented method for sharing data according to the appended claims.
  • the present invention provides a system for carrying out a method for sharing data according to the appended claims.
  • the present disclosure provides a computer implemented method for sharing data between a plurality of users, comprising: receiving, at a first user device, encrypted operation data from a trusted execution environment, TEE, of a second user device; executing one or more operations on the encrypted data within a TEE of the first user; and, transmitting metadata relating to the one or more executed operations to a hashing module for updating a hash chain with the metadata.
  • Exchanging encrypted data directly between TEEs of respective user devices allows operations carried out on the data to be secure. Recording the operations carried out by the TEEs and recording this in a digital ledger, such as a hash chain, allows a tamperproof record of the operations to be created for future purposes.
  • a digital ledger such as a hash chain
  • the hash chain module may be provided within a session server. Hence, the hash chain module may be provided by a computing entity which is separate to the user devices and which has had no access to the operation data which has been operated on by the user devices.
  • the metadata may be encrypted by the user device TEE.
  • the metadata may be certified and/or signed by the respective TEE.
  • the metadata may comprise: operation metadata; the user device ID; the user device TEE ID; the operation data; a timestamp; a session ID; a user ID; and a user IP address.
  • the one or more executed operations may comprise: decrypting the data to provide decrypted data, processing the decrypted data to provide processed data, and encrypting the processed data.
  • the method may further comprise transmitting the encrypted processed data to the TEE of the second user.
  • the first and second user devices may be configured to request a data sharing session from the session server.
  • the data sharing session request may comprise a digital certificate authenticating the TEEs of the user devices.
  • the data sharing session request may be generated and encrypted by the TEE of the respective user device.
  • the method may further comprise exchanging cryptographic keys between the TEE of the first user and the TEE of the second user.
  • the method may further comprise each of the first and second TEEs generating a private/public key for encrypting and decrypting the operation data and transmitting the public keys to the other users in the plurality of users.
  • the first and second user devices may communicate with each other using a secure channel protocol.
  • the secure channel protocol may be a standard secure channel protocol such as, for example, TSL/SSL.
  • the private/public keys may be generated within the respective user device TEE.
  • the private/public keys may be encrypted with a long-term key prior to being transmitted to the other users.
  • the private keys of the respective users may be used with the public keys received from another user to generate a group key.
  • the group key may be used to derive a derivative key.
  • the group key may be generated using a multi-party elliptic-curve-based Diffie-Hellmann key exchange, ECDH.
  • the present disclosure may provide a computer implemented method for sharing data between a plurality of users, comprising: receiving, at a server, a data sharing session request from a plurality of users; determining, at the server, whether the plurality of users are authorised to partake in the data sharing session; when the users are authorised, sending an authorisation to a first user TEE and a second user TEE, wherein the respective TEEs are configured to exchange encrypted data with one another and at least one of the first and second TEEs is configured to carry out at least one operation on the encrypted data; and, receiving, at the server, metadata relating to the at least one operation executed by a user device TEE; updating, by the server, a hash chain to include the metadata.
  • Determining whether the plurality of users are authorised may comprise executing a remote attestation process to validate the user device and/or TEE and/or software.
  • the authorisation sent to the first and second users which may be referred to as a notification, may comprise a common key for encrypting public keys to be generated by the user device TEEs.
  • Either or both of the request or authorisation may comprises a pre-defined list of permitted operations which are permitted by the user TEEs.
  • the session request may be terminated and the hash chain may be updated with the termination.
  • the termination may be signed by a TEE of the server.
  • the present disclosure may provide a computer implemented method of sharing secure data between the trusted execution environments, TEEs, of a plurality of users comprising: receiving, at a server, a data sharing session request from each of the plurality of users; determining if each of the plurality of users are authorised to partake in the data sharing session and, where each of the plurality of users are authorised, confirming that the data sharing session is authorised with each of the plurality of users; exchanging cryptographic keys between the TEE of a first user device and the TEE of a second user device; exchanging encrypted data between the TEEs of the first and second user devices and decrypting the encrypted data using the cryptographic keys or a derivative thereof.
  • the method may further comprise each of the first and second user devices generating the cryptographic key in the respective TEE.
  • the method may further comprise the first and second users generating a public/private key pair in which the respective public keys are exchanged and wherein each user generates a group session key using the received public key.
  • the method may further comprise encrypting the public keys using a common key.
  • the server may be accessed via the internet.
  • the present disclosure may provide a computer system comprising a first user device comprising a first user TEE, a second user device comprising a second user TEE, and a server, wherein first user TEE and second user TEE are communicably connected via a communication network, wherein the server is configured to authorise a data sharing session between the first and second user TEEs and record operations carried out by TEEs of the user devices.
  • the TEEs of the first and second user devices are configured to receive data directly from the TEE of the other user.
  • the present disclosure may provide a computing device of a user configured to carry out the method as described herein.
  • the present disclosure may provide a server configured to carry out the method as described herein.
  • the present disclosure may provide a computer program that, when read by a computer, causes performance of the method as described herein.
  • the present disclosure may provide a non-transitory computer readable storage medium comprising computer readable instructions that, when read by a computer, cause performance of the method as claimed in any of claims.
  • Figure 1 shows a schematic representation of a method of sharing data from the perspective a user device according to the present disclosure
  • Figure 2 shows a schematic representation of a system which may be utilised to carry out the method of the present disclosure
  • Figure 3 shows a schematic representation of a method sharing data from the perspective of a server
  • Figure 4 shows a schematic representation of a user device which may be utilised to carry out the method according to the present disclosure.
  • Figure 5 shows a schematic representation of a server which may be utilised to carry out the method according to the present disclosure.
  • Figure 6 shows a flow diagram illustrating an embodiment of sharing data according to the present disclosure.
  • the present disclosure provides a method and system for sharing and operating on data more securely.
  • the method and system allow shared data to be secure and confidential prior to, during and after an operation has been performed.
  • the method and system allow the enforcement of certain, permitted operations that can be conducted on that data.
  • the method and system allow for the creation of a secure ledger in which operations carried out by one or more users are recorded, thereby further increasing the security of the data.
  • the present disclosure provides a method and system for preserving the integrity of operations carried out in TEEs.
  • the present disclosure uses TEEs to provide a tamper-resistant area in which to receive and process confidential data without exposing it in unencrypted/unprotected form.
  • the present disclosure provides a method of sharing data directly between TEEs whilst providing a central server to manage a data sharing session.
  • the server may be operable to manage the data sharing session and record the activity of the data sharing session without requiring access to the secure data and without knowledge of the operations carried out by the user device TEEs.
  • the method and system of the present disclosure may find application in any field of endeavour in which the secure processing of shared data is required.
  • Typical industries which may find the method and system of use would be the financial industry, in which secure data may need to shared and processed for the purpose of fraud analytics or anti-money laundering purposes, for example.
  • Another example may include the pharmaceutical industry where, for example, it would be advantageous to share scientific and medical data as part of a cross-organizal or open innovation environment for product development such as medicaments or vaccines.
  • Other instances of data sharing could be in relation to machine learning and artificial intelligence where training data sets or data for processing in a machine learning algorithm are required.
  • Other examples will of course exist.
  • the present disclosure provides a system and a computer implemented method for sharing data.
  • the data may be shared between trusted execution environments, TEEs, of a plurality of user devices.
  • the method may comprise receiving 1, at a first user device, encrypted operation data from a trusted execution environment, TEE, of a second user device; executing 2 one or more operations on the encrypted data within a TEE of the first user; and, transmitting 3 a record of the one or more executed operations to a server for updating a secure ledger.
  • the ledger may be hash chain and the record of the one or more executed operations may comprise operation metadata.
  • the system may comprise a plurality of users such as User A 21, User B 22 and User C 23, each of which comprising a computing device, i.e. a user device, with a trusted execution environment, TEE.
  • a TEE is typically a secure area of a computer processor with added memory protection (e.g. encryption) and access control, which prevents sophisticated software attacks and malware from accessing confidential code and data.
  • the trusted execution environment may be provided in other ways known in the art.
  • Such alternative TEEs may comprise any computing device which is configured to receive and process encrypted data in memory whilst minimising the risk of exposing the data to the rest of the computer or computer system.
  • the users 21-23 may be any user which has a computing device to which the present disclosure may apply.
  • a user device may be any personal computer, desktop computer, workstation, a portable device such as a laptop, mobile phone or tablet computer, or a server. Other computing devices as may exist in the art may also be used.
  • the user device may be part of a system or network of computing devices.
  • the user may be an individual, organisation or other entity and may be referred to as a client.
  • the terms “first” and “second” user within this disclosure are used arbitrarily and interchangeably.
  • the plurality of users 21-23 are connected to each other and to a server 24 via a communications network 25.
  • the communications network 25 may comprise one or more wired and/or wireless networks using one or more known communication protocols (e.g. IEEE802.3 or 802.11 variations, WiFi (RTM), Bluetooth (RTM), TCP/IP, Ethernet, etc).
  • the communications network 25 may be a public communications network such as the internet or a mobile data network (e.g. 4G/5G).
  • the communication network 25 may include a private communications network comprising a local or wide area network.
  • the communication network 25 may comprise the “cloud”.
  • the server 24 is described herein as a “session server” which is configured to carry out one or more tasks in relation to the methods described herein.
  • the server 24 may comprise any computer or computer program in the communication network 25 and be configured to provide a central management function for the data sharing methods described herein and/or the methods of providing a secure ledger.
  • the server 24 may be accessed via the communication network 25, for example using the world wide web, and may comprise one or more suitable applications or application programme interfaces with which a user device can interface.
  • the server 24 may be configured to receive data from, and transmit data to, each user in the plurality of users.
  • the server may be operated by a third party, i.e. not one of the users.
  • the server may be configured to provide a third-party service which users can access or subscribe to for the purpose of allowing secure data sharing.
  • the server may comprise a TEE.
  • the server TEE and the user device TEE may be configured to communicate directly with one another such that the server may receive encrypted data from the user device TEE and operate on or use the encrypted data in a secure environment.
  • the communication network 25 may be configured to provide one or more secure channels connecting any two user devices and, additionally or alternatively, any user and the session server 24.
  • the plurality of users 21-23 may be connected directly to each other so as to communicate and exchange encrypted data directly without passing through the session server 24.
  • the first and second user devices may be configured to transmit and receive encrypted data therebetween, in which the user devices are the only device in possession of the necessary key for decrypting the encrypted data.
  • data may refer to any digital information which is used by or transmitted between the various entities described herein, such as the user devices and session server 24.
  • Data may include, amongst others: metadata, user IDs, IP addresses, cryptographic keys, timestamps, notifications, statuses and digital certificates or signatures, for example.
  • operation data may refer to data shared between the TEEs which is to be subjected to one or more operations within the TEE, the security of which is the main focus of the present disclosure. Hence, operation data may be data encrypted by a first TEE and transmitted to a second TEE before being decrypted and subjected to an operation within the second TEE. Other data may be transmitted between the TEEs but not necessarily subjected to an operation within the TEE and/or processed by the TEE.
  • operation used herein may refer to any computer operation such as: inputting; encrypting; decrypting; processing; outputting; storing; and, controlling, amongst others.
  • the server 24 may be configured to receive 31 one or more requests for a data sharing session from the users 21-23.
  • the server 24 may be configured to authorise 32 the data sharing session.
  • the server 24 may also be configured to send an authorisation to the TEEs of the requesting users.
  • the server 24 may be configured to receive 33 information, such as metadata, relating to the operation and update an associated digital secure ledger, such as a hash chain.
  • the server 24 may be configured to carry out additional or alternative tasks within the method of the present disclosure.
  • the predetermined users 21-23 of the session may be required to initiate a session.
  • the users 21-23 may initiate a data sharing session via the session server 24.
  • the data sharing session may be initiated by each user 21-23 contacting the server 24 to request a session.
  • the session request may include sufficient data for the users 21-23 to be verified.
  • the session request may include a user ID, IP address or password, which has been previously registered with the server 24 in order for the server 24 to determine whether they are eligible for partaking in a data sharing session with the other users.
  • a data sharing session request may require a remote attestation process to be carried out to validate the user device and/or TEE and/or software operating on the user device.
  • the user devices may be configured to generate a certificate which is be transmitted to the server 24 during a data sharing session request.
  • the certificate may include information relating to the user device and be signed by the user device and/or TEE of the user device 21-23.
  • the server 24 may validate that the user 21-23 is genuine and is not, or has not been corrupted by, a malicious actor.
  • the signature may comprise any suitable signature scheme as known in the art, such as those using public key cryptography. Possible known signature schemes include, for example, RSA digital signatures or those produced using the elliptic curve digital signature algorithm (ECDS A).
  • the data sharing session request may specify the one or more operations or software which are required for the session.
  • an authorisation module 56 of the server 24 may validate each of the users 21-23 and determine whether the data sharing session may proceed. If the data sharing session is authorised, the server 24 may be configured to notify each of the users 21-23 in the session such that they can proceed to encrypt and share data. If the session is not authorised, for example, if the certificate is not deemed to be authentic, or for some other reason, then the session may be terminated.
  • the users 21-23 may be notified and the ledger updated to record the termination and any other information considered pertinent for the application in question.
  • the ledger may be updated to include, for example, the user identifications, a timestamp, and an error code for the terminated session, amongst others.
  • the termination may be encrypted and certified by the server 24 and may be issued by a TEE of the server 24.
  • the termination may be a binary “go/no-go” decision.
  • the session server 24 may notify each of the users devices such that they can communicate with the other user device TEEs in the session and take the necessary steps for the secure data sharing and executions. This may include generating the necessary cryptographic keys used to encrypt and decode the exchange data.
  • the notification from the session server 24 may be issued by the session server’s TEE and may be encrypted.
  • the notification may also include one or more cryptographic keys for the user devices to employ for certain transactions, such as exchanging public keys or other data which is desirable to keep confidential, but not as critical as the operation data being shared between the TEEs.
  • the notification may contain some access control details relating to what operations can be conducted on the data by the TEE.
  • User A and User B may determine during the session creation stage that only descriptive statistics (e.g. computer mean, median, standard deviation, etc.) may be used and not other mathematical operations (e.g. searching for particular records).
  • descriptive statistics e.g. computer mean, median, standard deviation, etc.
  • Other examples of possible access control limitations and authorised operations will exist.
  • Each of the user devices included in the session may obtain cryptographic keys for encrypting operation data being outputted from the TEE and decrypting data received by a TEE.
  • the cryptographic keys may be public/private key-pairs and may be generated in the TEE.
  • the key generation may be achieved using hardware security modules, HSMs, embedded Secure Elements, eSEs, or a secure smart card in place of the TEEs, for example.
  • HSMs, eSEs and smart cards are known in the art and comprise dedicated hardware modules for performing cryptographic operations with increased levels of security.
  • the public-private keys may be ephemeral keys generated for each user session. Although ephemeral, the public-private keys may be used multiple times in the session for multiple operations and updates to the ledger. Hence, each user TEE may generate a single private/public key pair following the authorisation of the data sharing session, and discard those keys when the session terminates.
  • the public keys may be transmitted between the users 21-23 in the session.
  • the transmission may be over a secure one-to-one channel and may be encrypted.
  • the encryption of the public keys may be carried out using a long-term key.
  • the long-term key may be generated when a user device is first registered with the session server 24 or as part of the authentication process.
  • the notification transmitted by the session server 24 following a successful data sharing session request may include the key for encrypting the public keys which are to follow.
  • the long-time key may be transmitted to the user device TEEs separately.
  • the key used for encrypting the public keys may be a symmetrical key such that each user can use the same key to encrypt their own public key and decrypt a received public key.
  • the user device TEEs may be configured to obtain or generate group keys using the received public keys and their own private keys, thereby providing a session group key for all user device TEEs within the session group.
  • the group key may be generated using any suitable technique, for example, using multi-party elliptic-curve-based Diffie-Hellmann key exchange, ECDH.
  • the system may use a standard secure channel protocol (e.g. TLS/SSL) over which to transmit the data between each party.
  • the system may employ any suitable protocol from the group key agreement (GKA) family could be used that allows a set of untrusted participants to securely establish a common secret.
  • GKA group key agreement
  • Other examples of secure distribution means may include: classical Diffie-Hellman (DH) key agreement, or those disclosed in, for example, M. Burmester and Y. Desmedt, "A secure and efficient conference key distribution system," Workshop on the Theory and Application of of Cryptographic Techniques. Springer, Berlin, Heidelberg, 1994; C. Boyd, and Juan Nieto.
  • the group key may be used directly or may be used to generate a derivative key using, for example, a key derivative function, as known in the art.
  • a user device is in a position to exchange their confidential operation data, from TEE-to-TEE.
  • the group key or its derivative can be used to decrypt the operation data prior to the operation being carried out.
  • the operations carried out on the operation data will be application specific. However, as noted, in some embodiments, the types of operation and interfaces used to carry out the operations may be pre-defined prior to the transmission of the data. The pre-defined operations and interfaces may form part of the authorisation process. Each user may be able to request specific operations and interfaces with the session server prior to the initiation of a session.
  • the system may be configured to establish and maintain a secure record such as a digital ledger.
  • the secure digital ledger may be any digital ledger which can record the operations carried out by the respective TEEs.
  • the ledger may be provided by a hash chain.
  • a centralised hash chain advantageously provides a time-ordered tamperresistance record in a very efficient manner.
  • Other examples of a centralised ledger may include, for example: storing the records of operations in a centralised server-side database which is readily implemented without knowledge of cryptographic implementations; and storing the records in a decentralised database, such as a blockchain in which the users are participants.
  • the hash chain (or other form of digital record) may be stored and updated within the session server 24 or elsewhere.
  • the hash chain may be updated on the basis of information e.g. metadata, relating to any operations carried out by a user device TEE.
  • the metadata may comprise two or more of: operation metadata, e.g. the type of operation carried out and/or the interface used to carry out the operation; a session ID, a user ID and/or IP address for each user within the session group; the user ID and/or IP address for the user providing the data and/or the user which carried out the operation, e.g. a serial number or other unique identifier; the operation data provided in the session; a timestamp indicating when the operation was carried out and/or when the operation data was provided, amongst others.
  • the information relating to the operation may be included within the metadata.
  • the operation metadata may comprise the data used, the operation carried out, and the hardware or software used to carry out the operation.
  • the information for updating the ledger may be provided from the TEE which has carried out the operation and/or the TEE which provided the operation data and/or the TEE which receives data that has been operated on.
  • the session server may also input to the ledger independently of the users, for example, when a session is authorised or terminated.
  • the hash chain may be initiated upon receiving a data sharing session request from one or more user devices.
  • a hash chain may be used for multiple sessions, for example, where the sessions are linked by common parties, operational data or a given project which spans multiple sessions.
  • a ledger module (which may be referred to as a hash module) of the session server 24 may be configured to update the hash chain by hashing the previous session together with the new information relating to the operation.
  • the user devices as described herein may comprise a computing device, which may be referred to as a data processing apparatus or system, which is configured to provide or incorporates a TEE.
  • Figure 4 shows a schematic diagram of a basic hardware structure of a user device 41 according to an embodiment of the present disclosure.
  • the user device 41 may include a processor 42, a memory 43, an input/output interface 44, a communications module 45, and a bus 46.
  • the processor 42, memory 43, input/output interface 44, and communications module 45 are communicatively connected through the bus 46.
  • the processor 42 may be any suitable processor and may be a general-purpose central processing unit (CPU), a microprocessor, an application specific integrated circuit (ASIC), one or more integrated circuits, etc., and is configured to execute a specific task and/or a program to carry out the one or more of the methods as described herein.
  • the processor 42 may be a dedicated processor provided solely for the implementation of a TEE within the computing device 41.
  • the processor 42 may include dedicated hardware and/or logic and may run dedicate firmware or other code.
  • the processor 42 may comprise a unique identifier which cannot be altered by reprogramming. Such an identifier may be introduced to the processor during manufacture, for example, and may be used to validate the TEE and/or user device during the authentication process described herein.
  • the processor 42 may comprise respective encryption and decryption modules 42E, 42D of the input and output of data. Further, the processor 42 may be provided with a key generator module 42G for generating the cryptographic keys for encryption and decryption as described herein. Hence, the key generator module 42G may be configured to generate and/or store one or more private/public key pairs and/or one or more common keys and/or one or more long-time keys and/or one or more group keys.
  • the memory 43 may comprise a computer-readable medium comprising instructions which, when executed by the processor 42 (or computing device more generally), cause the computer to carry out the methods as described herein.
  • the memory 43 may be implemented in a form of a phase change random access memory (PRAM), a static RAM (SRAM), a dynamic RAM (DRAM), a RAM of another type, a read-only memory (ROM), an electrically erasable programmable ROM (EEPROM), a flash memory or another memory technology, a compact disc ROM (CD-ROM), a digital versatile disc (DVD) or another optical storage, a cassette, a cassette magnetic disk storage, or another magnetic storage device or any other non-transmission medium.
  • PRAM phase change random access memory
  • SRAM static RAM
  • DRAM dynamic RAM
  • ROM read-only memory
  • EEPROM electrically erasable programmable ROM
  • flash memory or another memory technology
  • CD-ROM compact disc ROM
  • DVD digital versatile disc
  • the memory 43 can store an operating system and/or any other application program required to be run by the computing device 41.
  • the memory 43 may receive and store encrypted data and software applications which are required for use within and/or outputted from the processor 42.
  • the processor 42 may be configured to call the data and/or applications from the memory 43 for processing or execution on the processor.
  • the processor 42 may comprise memory 43, such as a cache memory (not shown) which forms part of the TEE.
  • the operation data and/or keys may be stored within the TEE and communicated directly to the TEE of the another user device or the server 24 without being stored in the main memory 43, of the user device 41.
  • the input/output interface 44 is configured to connect one or more input/output devices (not shown) for the purpose of presenting information or receiving instructions from a user.
  • the input/output devices may be disposed as a component in the user device 41, or can be externally connected.
  • An input device may include a keyboard, a mouse, a touchscreen, or a microphone for example.
  • An output device may include a display or a speaker, for example.
  • the communications module 45 is configured to connect to the communication network 25 such that the user device 41 can communicate with the other users 45/or server 24 or some other device.
  • the communications module 25 may comprise a hardwired connection, such as a USB or a network cable, or may comprise a wireless connection, such as a mobile network, Wi-Fi, or Bluetooth.
  • the bus 46 includes a communication channel for transmitting information between components, e.g. the processor 42, the memory 43, the input/output interface 44, and the communications module 45 of the device 41.
  • FIG. 5 An embodiment of a server 24 is shown in Figure 5 and may comprise a computing device 51 similar to that described for Figure 4 in which similar features have the same reference numerals incremented by 10.
  • the server computing device 51 is shown as comprising: a processor 52 comprising a key generator module 52G, an encryption module 52E and a decryption module 52D; a memory 53; an VO interface 54 and a communication module 55. As each of these features are described above, the description is not repeated further here.
  • the server computing device 51 may further comprise an authentication module 56 for receiving and validating a data exchanging session request, as described above, and may also include a ledger 56 which is used to record the operations in a desired format, such as a hash chain.
  • the ledger 57 may be stored within the memory 53 of the server and created and updated using the processor 42.
  • the ledger 57 may be provided in an alternative computing device which may be located remotely from the server 24, for example, in another server.
  • the authentication module 56 may be provided within the TEE of the processor 52.
  • Figure 6 shows a flow chart indicating some of the steps for sharing data securely according to a specific embodiment of the present disclosure.
  • the system elements shown in Figure 6 include a first user 21, a second user 22 and a session server 24.
  • the users and session server may correspond to the users and servers described herein and will not be described further here.
  • the various steps described below may correspond to those described above and include any previously described variations and alternatives.
  • a first step 61 upon determining that a session is required, users 21, 22 request a data sharing session with the server 24.
  • the determination that a session is required may be achieved between the users 21, 22 by any means of communication or scheduling and will not be described further here.
  • the request for the session includes data sufficient for the requesting user 21, 22 to be recognised and validated as a permitted user.
  • the user request may comprise one or more of: a user ID; an IP address; and/or a confirmation of the hardware configuration and/or software within the user device and/or TEE.
  • the user request may comprise a certificate or other representation of the required information and is signed by the TEE using a pre- agreed digital signature.
  • the server 24 receives the data sharing session requests and determines whether the user devices and/or TEEs and/or software are valid and authorised using the transmitted information to join the session using an authorisation process.
  • the authorisation module 56 of the server 24 implements a remote attestation protocol 62 in which the user information is used to authenticate the hardware, in particular, the TEE, and software configuration, with the server 24.
  • Remote attestation protocols which can generally be considered to be a family of cryptographic security protocols for evaluating the trustworthiness of a target machine. That is, whether the software program has an up- to-date software version, that the computer processor/hardware is genuine and is otherwise not a malicious actor are also well known in the art and not described further here.
  • the data sharing session request may be encrypted and may be received and processed within a TEE of the server 24.
  • the type of encryption used for the request are not central to the present disclosure and not described further here.
  • the server 24 is configured to confirm the failure to authorise the data sharing session request with the user devices and record the failed session request in the ledger, which, in the case of the described embodiment is a hash chain.
  • the recordal of the failed session may include any data necessary for auditing purposes, including the user IDs, a time stamp and one or more error codes for the refusal. Other information may also be recorded, such as the information transmitted by the users in the data sharing session request.
  • each of the user devices When a session is authorised following a successful remote attestation protocol, the server 24 transmits a notification of the authorisation to the users at step 64.
  • the authorisation may also be recorded in the server ledger at this time or later following any operations carried out by the users.
  • each of the user devices Upon receiving the authorisation of the data sharing session, each of the user devices generates cryptographic keys for encrypting and decrypting the operation data at step 65.
  • the cryptographic keys are generated by the key generation modules 42G within the TEE and comprise one or more ephemeral public/private key pairs for encrypting and decrypting the shared data.
  • the public key is encrypted using a longterm key which is common to the users within the authorised user group and sent to the other users in the group (step 66).
  • the common key may be issued by the session server 24 prior to or with the session authorisation.
  • the users Upon receipt of the respective public keys, the users each generate a group key at step 67 using their private key and the received public key.
  • the group key may be generated using a multi-party elliptic-curve-based Diffie-Hellmann key exchange, ECDH.
  • a distributing user Following the creation of the group key, a distributing user, User B, 22, sends the required or requested operation data to the receiving user, User A, 21 (step 68) having encrypted the operation data using the private key which was generated in step 65.
  • User A’s TEE upon receiving the operation data, User A’s TEE decrypts the operation data and processes the data using the secure processor 42.
  • Metadata associated with the operation is encrypted and stored in the memory 43 ready for sending to the session server 24 for updating the ledger, step 72.
  • the metadata may comprise the operation metadata from each of the operations carried out and other information as required to identify the operation, session, users, operation data used and a time stamp, as required.
  • the metadata may be certified and/or signed by the transmitting TEE so as to authenticate the metadata.
  • the metadata can be transmitted to the session server 24 at step 70 and, optionally, to the distributing user and other users, if required.
  • the processed data which results from the processing and/or the operation data which has been processed is encrypted and outputted from the processor 42 and placed in memory 43 for future use, or deleted, if required by the distributing user, user B. If deleted, the operation metadata may record this. Similarly, the operation data and/or processed data 71 may be sent to the distributing user B. Following the completion of the operations on the operating data, the session may be terminated 72 and the ephemeral keys deleted.
  • steps 68 to 71 or 72 may be repeated a plurality of times, with either User A or User B operating on the data.

Abstract

Est divulgué un procédé mis en œuvre par ordinateur de partage de données sécurisées entre des environnements d'exécution de confiance (TEE) d'une pluralité d'utilisateurs, le procédé consistant : à recevoir, au niveau d'un serveur, une demande de session de partage de données en provenance de chaque utilisateur de la pluralité d'utilisateurs ; à déterminer si chaque utilisateur de la pluralité d'utilisateurs est autorisé à participer à la session de partage de données et, si chaque utilisateur de la pluralité d'utilisateurs est autorisé, à confirmer que la session de partage de données est autorisée avec chaque utilisateur de la pluralité d'utilisateurs ; à échanger des clés cryptographiques entre le TEE d'un premier dispositif d'utilisateur et le TEE d'un second dispositif d'utilisateur ; à échanger des données chiffrées entre les TEE des premier et second dispositifs d'utilisateur et à déchiffrer les données chiffrées au moyen des clés cryptographiques ou d'un dérivé de ces dernières.
PCT/GB2022/053042 2021-12-02 2022-12-01 Procédé et système de partage sécurisé de données WO2023099895A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GR20210100839 2021-12-02
GR20210100839 2021-12-02
GB2118023.7A GB2616245A (en) 2021-12-02 2021-12-13 A method and system for securely sharing data
GB2118023.7 2021-12-13

Publications (1)

Publication Number Publication Date
WO2023099895A1 true WO2023099895A1 (fr) 2023-06-08

Family

ID=84463180

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2022/053042 WO2023099895A1 (fr) 2021-12-02 2022-12-01 Procédé et système de partage sécurisé de données

Country Status (1)

Country Link
WO (1) WO2023099895A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180247063A1 (en) * 2017-02-24 2018-08-30 Alibaba Group Holding Limited Secure data transactions
US20190349426A1 (en) * 2016-12-30 2019-11-14 Intel Corporation The internet of things
US20200304319A1 (en) * 2019-04-26 2020-09-24 Alibaba Group Holding Limited Distributed key management for trusted execution environments
US20210328769A1 (en) * 2020-08-24 2021-10-21 Alipay (Hangzhou) Information Technology Co., Ltd. Service processing methods, apparatuses, devices and systems

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190349426A1 (en) * 2016-12-30 2019-11-14 Intel Corporation The internet of things
US20180247063A1 (en) * 2017-02-24 2018-08-30 Alibaba Group Holding Limited Secure data transactions
US20200304319A1 (en) * 2019-04-26 2020-09-24 Alibaba Group Holding Limited Distributed key management for trusted execution environments
US20210328769A1 (en) * 2020-08-24 2021-10-21 Alipay (Hangzhou) Information Technology Co., Ltd. Service processing methods, apparatuses, devices and systems

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
D. APON ET AL.: "Constant-round group key exchange from the ring-LWE assumption.'' International Conference on Post-Quantum Cryptography", 2019, SPRINGER
E. BRESSON AND D. CATALANO.: "International Workshop on Public Key Cryptography", 2004, SPRINGER, article "Constant round authenticated group key agreement via distributed computation."
M. BURMESTERY. DESMEDT: "Workshop on the Theory and Application of of Cryptographic Techniques.", 1994, SPRINGER, article "A secure and efficient conference key distribution system"

Similar Documents

Publication Publication Date Title
US20230155821A1 (en) Secure shared key establishment for peer to peer communications
US11711219B1 (en) PKI-based user authentication for web services using blockchain
EP3610624B1 (fr) Récupération de données d'accès pour des réseaux de chaînes de blocs au moyen d'environnements d'exécution sécurisés hautement disponibles
EP3673617B1 (fr) Récupération de données publiques pour réseaux de chaînes de blocs au moyen d'environnements d'exécution sécurisés
EP4120114A1 (fr) Procédé et appareil de traitement de données, dispositif intelligent, et support d'enregistrement
US11159307B2 (en) Ad-hoc trusted groups on a blockchain
CN110537346B (zh) 安全去中心化域名系统
RU2718689C2 (ru) Управление конфиденциальной связью
US20190074968A1 (en) Method, apparatus and system for data encryption and decryption
USRE49673E1 (en) Systems and methods for secure data exchange
US9137017B2 (en) Key recovery mechanism
JP2019531630A (ja) 量子通信及びトラステッドコンピューティングに基づくデータセキュリティのための方法及びシステム
US10680805B2 (en) Data encryption control using multiple controlling authorities
US20120294445A1 (en) Credential storage structure with encrypted password
WO2019110018A1 (fr) Procédé d'authentification de messages pour système de réseau de communication, procédé de communication et système de réseau de communication
US11930110B2 (en) System and method for key recovery and verification in blockchain based networks
US20210241270A1 (en) System and method of blockchain transaction verification
JP2017112604A (ja) 対称鍵暗号化と非対称鍵二重暗号化を複合的に適用した暗/復号化速度改善方法
CN111464295B (zh) 银行卡制卡方法及装置
CN112966287A (zh) 获取用户数据的方法、系统、设备和计算机可读介质
CN111914270A (zh) 基于区块链技术的可编程认证服务方法和系统
WO2022227799A1 (fr) Procédé et appareil d'enregistrement de dispositifs, dispositif informatique et support de stockage
CN112003690A (zh) 密码服务系统、方法及装置
WO2023099895A1 (fr) Procédé et système de partage sécurisé de données
GB2616245A (en) A method and system for securely sharing data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22821598

Country of ref document: EP

Kind code of ref document: A1