WO2023151479A1 - Data processing method, and device - Google Patents
Data processing method, and device Download PDFInfo
- Publication number
- WO2023151479A1 WO2023151479A1 PCT/CN2023/073927 CN2023073927W WO2023151479A1 WO 2023151479 A1 WO2023151479 A1 WO 2023151479A1 CN 2023073927 W CN2023073927 W CN 2023073927W WO 2023151479 A1 WO2023151479 A1 WO 2023151479A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- count value
- ciphertext
- data
- exchange data
- execution environment
- Prior art date
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 31
- 238000012795 verification Methods 0.000 claims abstract description 194
- 238000012545 processing Methods 0.000 claims abstract description 130
- 238000000034 method Methods 0.000 claims abstract description 47
- 238000012790 confirmation Methods 0.000 claims description 39
- 244000035744 Hura crepitans Species 0.000 claims description 9
- 238000013459 approach Methods 0.000 claims 2
- 230000006855 networking Effects 0.000 claims 1
- 230000008569 process Effects 0.000 description 16
- 238000004422 calculation algorithm Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 10
- 238000004364 calculation method Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000009795 derivation Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000009365 direct transmission Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 238000000844 transformation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Definitions
- the embodiments of the present application relate to the technical field of data processing, and in particular, to a data processing method and device.
- IoT devices have been widely used in various fields.
- Embodiments of the present application provide a data processing method and device, which are used to solve the problem of potential security risks in data in the prior art.
- an embodiment of the present application provides a data processing method, including:
- the first IoT device determines a shared key generated through negotiation with the second IoT device in the first trusted execution environment
- an embodiment of the present application provides a data processing method, including:
- the second IoT device determines the shared key generated through negotiation with the first IoT device
- the first IoT device is configured to verify the shared key based on the shared key in the first trusted execution environment
- the second verification message of the second ciphertext is verified, and after the verification is successful, the second exchange data is obtained by decrypting the second ciphertext.
- an embodiment of the present application provides an Internet of Things device, including a storage component and a processing component; the storage component stores one or more computer instructions;
- the processing component creates a trusted execution environment through its configured security unit or creates a sandbox and uses the sandbox as a trusted execution environment;
- the one or more computer instructions are called and executed by the processing component to implement the data processing method as described in the first aspect above, or to implement the data processing method as described in the second aspect above.
- an embodiment of the present application provides an Internet of Things device, including a storage component, a processing component, and a secure element; the storage component stores one or more computer instructions;
- the secure element is used to create a trusted execution environment called by the processing component
- the one or more computer instructions are called and executed by the processing component to implement the data processing method as described in the first aspect above, or to implement the data processing method as described in the second aspect above.
- the first IoT device negotiates with the second IoT device in its first trusted execution environment to generate a shared key, and receives the second ciphertext and the second verification message sent by the second IoT device; and verifying the second verification message based on the shared key in the first trusted execution environment, and decrypting the second ciphertext to obtain a second exchange after the verification of the second verification message is successful.
- data after determining to obtain at least one second exchange data corresponding to the second Internet of Things device in the first trusted execution environment, performing a first processing operation based on the at least one second exchange data to obtain first processing result, and export the first processing result to an external execution environment.
- the data is transmitted encrypted and processed in a trusted execution environment to generate processing results, and only the processing results are exported to the external execution environment, thereby achieving the purpose of secure computing and effectively ensuring data security.
- Figure 1a shows a schematic structural diagram of an embodiment of a data processing system provided by the present application
- Figure 1b shows a schematic structural diagram of another embodiment of a data processing system provided by the present application.
- FIG. 2 shows a flowchart of an embodiment of a data processing method provided by the present application
- FIG. 3 shows a flowchart of another embodiment of a data processing method provided by the present application
- FIG. 4 shows a schematic structural diagram of an embodiment of a data processing device provided by the present application
- Fig. 5 shows a schematic structural diagram of another embodiment of a data processing device provided by the present application.
- FIG. 6 shows a schematic structural diagram of an embodiment of an Internet of Things device provided by the present application.
- Fig. 7 shows a schematic structural diagram of another embodiment of an Internet of Things device provided by the present application.
- Fig. 8 shows a schematic structural diagram of another embodiment of an Internet of Things device provided by the present application.
- IOT Internet of Things
- practical applications often involve the use of data from multiple IoT devices to participate in calculations. Therefore, there is an IoT device that provides its own data to other IoT devices.
- the data of different IoT devices is usually private data, and the plain text form will lead to data leakage and low data security.
- different IoT devices participating in the calculation belong to different data parties.
- the data party can be an enterprise party, and resource data can be shared and transferred between different data parties with the help of IoT technology.
- the data party’s own resource data is usually It belongs to private data and does not want the other party to know, so how to realize the processing of data while protecting data privacy has become a technical problem that needs to be solved.
- the embodiment of the present application is not only applicable to the Internet of Things scenario, any two devices involving data transmission and calculation can be implemented according to the technical solution of the embodiment of the present application to ensure data security.
- FIG. 1 a shows a schematic diagram of a system architecture of a data processing system to which the technical solution of the embodiment of the present application can be applied; the system may include a first device 101 and a second device 102 .
- the first device 101 and the second device 102 may be any two devices that require data transmission and processing.
- the first device 101 and the second device 102 may both be IoT devices, and in other application scenarios, the first device 101 and the second device 102 may also be, for example, client devices and server devices respectively.
- a communication connection may be directly established between the first device 101 and the second device 102, so as to realize data transmission.
- the first device 101 and the second device 102 when the first device 101 and the second device 102 belong to different data parties, the first device 101 and the second device 102 may be located in different networks and cannot directly Communication, at this time, the first proxy system 103 of the first device 101 corresponding to the first data party and the second proxy system 104 of the second device 102 corresponding to the second data party can perform data forwarding, so as to realize the first device 101 and the second Communication between devices 102 .
- a Trusted Execution Environment (TEE, Trusted Execution Environment) can be created in the first device 101, which is named the first Trusted Execution Environment for convenience of description; it can also be created in the second device 102. There is a trusted execution environment, which is named the second trusted execution environment for convenience of description.
- the first device and the second device may combine device types and/or security requirements to create a corresponding type of trusted execution environment.
- the trusted execution environment can be a sandbox created in the device system; or the trusted execution environment can be created based on the built-in security unit of the CPU (central processing unit, central processing unit), such as based on Intel (a processor ) SGS (Software Guard Extension, software protection extension), ARM (a processor) Trustzone (trust zone) or AMD (a processor) PSP (Platform Security Processor, platform security processor), etc.; Or it may be created by an external secure element (SE, Secure Element) configured in the device, etc.
- SE Secure Element
- the trusted execution environment can be an operating environment that coexists with the operating system, which can run independently in the device, can ensure the security of data and codes in the trusted execution environment, and achieve the purpose of isolation from the external execution environment.
- the referenced external execution environment may refer to the operating system of the device.
- the first device 101 or the second device 102 may be, for example, a sensor-type detection device, or a gateway device providing a gateway function, and any other Internet of Things device that requires multi-party data for calculation.
- the first device 101 can negotiate with the second device 102 in its first trusted execution environment to generate a shared key; the second device 102 can generate the second exchange data based on the shared key. ciphertext to and the second verification message of the second ciphertext, and send the second ciphertext and the second verification message to the first device 101; the second device 102 can perform the second verification based on the shared key in the first trusted execution environment The message is verified, and after the second verification message is verified successfully, it is decrypted from the second ciphertext to obtain the second exchange data; the first device 101 determines to obtain at least one second exchange data corresponding to the second device 102 in the first trusted execution environment After data, a first processing operation may be performed based on at least the at least one second exchanged data to obtain a first processing result, and the first processing result may be exported to an external execution environment.
- Encrypted data transmission is performed between the first device 101 and the second device 102, and the first device 101 performs decryption and data processing in a trusted execution environment, and only the first processing result is brought out of the external execution environment, which cannot be known by the external execution environment
- the second is to exchange data, so that data security can be guaranteed and data processing can be realized.
- Fig. 2 is a flowchart of an embodiment of a data processing method provided by the embodiment of the present application.
- the technical solution of this embodiment is executed by the first Internet of Things device, and the method may include the following steps:
- the first IoT device may combine the device type and/or security requirements to create a corresponding type of first trusted execution environment.
- the first trusted execution environment may be a sandbox; or it may be created based on a CPU built-in security unit or based on a configured external security unit.
- the second IoT device A second trusted execution environment can also be created, and the second IoT device can negotiate with the first IoT device in the second trusted execution environment to generate the shared key; the type of the second trusted execution environment can be sand box, or based on the built-in security unit of the CPU or based on the configuration of an external security unit, etc.
- the shared key may be generated through pre-negotiation between the first IoT device and the second IoT device, and of course, may also be generated in real time during each data transmission. Therefore, optionally, the method may also include: A trusted execution environment negotiates with the second IoT device to generate a shared key.
- the shared key can be obtained through negotiation as follows:
- the first IoT device generates the first private key and the first public key in the first trusted execution environment; wherein, the first private key can be stored in the first trusted execution environment; similarly, the second IoT device A second private key and a second public key may also be generated, optionally, the second IoT device may generate the second private key and the second public key in its second trusted execution environment;
- the first IoT device exports the first public key to the external execution environment, and authenticates the first public key in the external execution environment to obtain the first public key certificate, and sends the first public key certificate to the second IoT device device; wherein, in the external execution environment, the digital signature technology can request the certificate authority (CA, Certificate Authority) to sign the first public key to obtain the first public key certificate of the first public key; similarly, the second Internet of Things device You can also enter the second public key Perform authentication to obtain the second public key certificate.
- CA Certificate Authority
- the second public key is generated in the second optional execution environment, it can first be exported to the external execution environment of the second Internet of Things device. Key for authentication to obtain the first public key certificate;
- the first IoT device obtains the second public key certificate sent by the second IoT device; the first IoT device also sends the first public key certificate to the second IoT device;
- the first IoT device extracts the second public key from the second public key certificate; the first IoT device can verify the validity of the second public key certificate, and extract the second public key from it after the verification is valid; Similarly, the second Internet of Things device can also verify the validity of the first public key certificate, and extract the first public key from it after the verification is valid.
- the process of extracting the public key can be performed in a trusted environment;
- the first IoT device generates a shared key by using a key agreement algorithm based on the first private key and the second public key in the first trusted execution environment.
- the second IoT device can also use the key agreement algorithm to generate the same shared key based on the second private key and the first public key.
- the second IoT device can also be in the second trusted execution environment , based on the second private key and the first public key, a key agreement algorithm is used to generate the same shared key;
- the key agreement algorithm can for example adopt ECDH (Elliptic-Curve Diffie-Hellman, elliptic curve Diffie-Hellman) algorithm, certainly also can adopt other algorithm such as RSA (a kind of public key encryption algorithm), DHKA (Differ-Hellman). Hellman Key Exchange, Diffie-Hellman key exchange) algorithm, etc., this application does not specifically limit this.
- ECDH Elliptic-Curve Diffie-Hellman, elliptic curve Diffie-Hellman
- RSA a kind of public key encryption algorithm
- DHKA Hellman Key Exchange
- Diffie-Hellman key exchange Diffie-Hellman key exchange
- the shared key can also be realized by other negotiation methods, such as being generated by the first IoT device, encrypted and sent to the second IoT device, and decrypted by the second IoT device, or generated by the second IoT device and sent to the second IoT device.
- the encrypted data is sent to the first IoT device and decrypted by the first IoT device, etc., or both the first IoT device and the second IoT device are generated according to the agreed algorithm, etc. This application does not impose specific restrictions on this.
- the shared key is obtained through negotiation between the first IoT device and the second IoT device, and the second IoT device will also generate the shared key. Based on the shared key, the second exchange data to be sent can be encrypted etc. to obtain the second ciphertext and the second verification message of the second ciphertext.
- the second exchange data to be sent may refer to at least part of the second data in the second IoT device to be transmitted to the first IoT device for participating in calculations.
- the second data has a large amount of data
- the second data may also be divided into multiple second exchange data, the second exchange data to be sent may refer to any unsent second exchange data, etc.
- the second IoT device for each second exchange data For exchanging data, a corresponding second ciphertext and a second verification message can be generated based on the shared key, so as to be sent to the first IoT device in the form of the second ciphertext and the second verification message.
- the encryption processing of the second exchange data may be realized by using any symmetric encryption algorithm, which is not specifically limited in this application.
- the second verification message can be used to realize the integrity protection of the second ciphertext, etc., and it can be an information digest of the second ciphertext, and the information digest can be, for example, MAC (Message Authentication Codes, information authentication code) algorithm to the second ciphertext generated MAC label and the like.
- MAC Message Authentication Codes, information authentication code
- the first IoT device can first verify the second verification message, and if the verification is successful, it can decrypt the second exchange data from the second ciphertext. If the verification is successful, it can indicate that the second ciphertext is complete and has not been tampered with, so as to ensure data security. If the verification fails, it can be considered that there is a potential safety hazard, and the second ciphertext can be rejected. In addition, if the verification fails, the first resend request can be sent to the second Internet of Things device to request the second Internet of Things device to resend The erroneous second exchange data and so on.
- the first IoT device and the second IoT device can derive the first session key and the second session key based on the shared key, such as KDF (key Derivation function, key derivation function) for derivation.
- KDF key Derivation function, key derivation function
- it can also be obtained by deriving the specified method agreed upon with the second IoT device, such as performing different specified transformations on the shared key to obtain the first session key and the second session key, etc., which are not discussed in this application Specific limits.
- the first IoT device may derive the first session key and the second session key from the shared key in its first trusted execution environment.
- the second Internet of Things device may use the first session key to encrypt the second exchange data to generate a second ciphertext, and use the second session key to generate a second verification message for the second exchange data, etc., so that step 203 may be:
- the second verification message is verified based on the second session key, and after the second verification message is successfully verified, the second exchange data is obtained by decrypting the second ciphertext based on the first session key.
- the verification message of the second ciphertext may be generated by using the second session key. If the generated verification message is the same as the second verification message, it indicates that the second ciphertext is complete and has not been tampered with. If it succeeds, the integrity protection of the second exchange data is realized, and then the second exchange data can be decrypted from the second ciphertext based on the first session key.
- the second data involved in the calculation in the second IoT device may be divided into at least one second exchange data and sent to the first IoT device respectively, and the first IoT device can follow the operation of step 203 Obtaining each second exchange data, the first IoT device can determine whether the reception is completed according to the quantity of the obtained second exchange data.
- the second Internet of Things device sends the last second exchange data, it can Carrying the end identifier, the first IoT device may determine whether to obtain all the second exchange data according to whether the decrypted second exchange data carries the end identifier.
- the first Internet of Things device may perform a corresponding processing operation based on the at least one second exchanged data, which is named as a first processing operation for convenience of description, so as to obtain a first processing result.
- the at least one second exchanged data may also first be combined to obtain the second data of the second Internet of Things device, and then perform the first processing operation.
- the first IoT device may acquire multiple different IoT devices According to the data requirements in the Internet of Things, each Internet of Things device can be used as a second Internet of Things device to implement data transmission with the first Internet of Things device using the technical solution of the embodiment of the application.
- the first Internet of Things device can be based on at least one
- the at least one second exchange data sent by the IoT device is used to execute the first processing operation, thereby obtaining the first processing result.
- the present application does not specifically limit the data involved in the first processing operation, and the first IoT device may execute it based at least on at least one second exchange data sent by the second IoT device.
- the first processing result is exported to the external execution environment, and the first IoT device can use the first processing result to perform subsequent operations, etc. . Since the data is encrypted and transmitted, and the data decryption operation is performed in a trusted execution environment, the external execution environment cannot be obtained, and only the first processing result is exported to the external execution environment, which not only realizes the data processing operation to obtain the processing result, but also ensures that the data Privacy and Security.
- the first processing operation is specifically It can be to count the shared user data of the user data of the second IoT device and the user data of the first IoT device, the first processing result can be the shared user data, and only the shared user data is exported to the external execution environment, which can ensure Data security, and realize the requirement of shared user data determination.
- the first IoT device may perform further processing on the first processing result in the external execution environment, or may resend the first processing result from the external execution environment to other processing systems for processing, etc., for example, the first processing result is shared
- personalized recommendations can be made for the shared user data.
- the above is just an example to illustrate the data processing scenarios that the technical solution of the present application can be applied to, and the present application is not limited to this.
- the second IoT device may maintain a second count value, which matches the number of times data is sent.
- the second ciphertext can be obtained by encrypting the second exchange data and the current second count value of the second IoT device; in the case of obtaining the first session key and the second session key by deriving the shared key, it can first Combining the second exchange data and the current second count value to generate concatenated data, and then encrypting the concatenated data by using the first session key to obtain the second ciphertext.
- the combination format of the second exchange data and the second count value may be, for example, a TLV (tag, length, and value) format, etc., and of course it is not limited thereto.
- the decryption from the second ciphertext to obtain the second exchange data after the second verification message is successfully verified may include: decrypting from the second ciphertext to obtain the second exchange data and the second count value after the second verification message is successfully verified; Check whether the second count value is correct; if the second count value is verified successfully, save the second exchange data, and send the first confirmation request to the second Internet of Things device; wherein, the first confirmation request can be used to notify The second IoT device sends the next second exchange data, or ends the sending process, and so on.
- the second exchange data has an error and may be attacked by a third party. This can reject the second exchange data.
- the first IoT device may also send a first resend request to the second IoT device, so as to notify the second IoT device to resend the second exchanged data that has an error wait.
- the first IoT device may also delete the received second exchanged data to end the receiving process, or request the second IoT device to resend all the second exchanged data, etc.
- the first IoT device checks whether the second count value is correct.
- the second count value matches the number of times the second exchange data is sent by the second physical network device. If the verification of the second count value is successful, the number of verification times can be accumulated.
- the verification of the second count value can be to check whether the second count value matches the number of verification times, etc., wherein the number of times of verification can be less than the second count value, and can be compared with the second count value
- the value difference is 1; as another example, the second count value matches the number of times the second exchange data is sent by the second physical network device, and the first IoT device can save the second count value every time it successfully verifies the second count value , the verification of the second count value may be compared with the saved second count value, and if the difference is 1, it may be considered that the verification is successful.
- the first IoT device may also maintain the first count value.
- checking whether the second count value is correct may include:
- the method can also include:
- sending the first confirmation request to the second Internet of Things device includes:
- the first count value in updates the second count value.
- the first IoT device may set a first counter to generate a first count value
- the second physical network device may set a second counter to generate a second count value, and so on.
- the first count value may be encrypted using the first session key to obtain the first encrypted value, and then the second session key may be used to generate A third verification message of the first encrypted value.
- the first encrypted value and the third verification message may be combined in TLV format, for example, and then sent to the second IoT device.
- the method may further include: in the first trusted execution environment, generating the first exchanging data The first ciphertext and the first verification message of the first ciphertext; the first ciphertext and the first verification message are sent to the second Internet of Things device; wherein, the first verification message is used by the second Internet of Things device in the second available In the letter execution environment, verification is performed based on the shared key, and the first exchange data is obtained by decrypting the first ciphertext after the verification is successful.
- the first IoT device may perform the above operation of sending the first exchanged data after determining to obtain at least one second exchanged data corresponding to the second IoT device, and may restore the first count value to initial value etc.
- the second IoT device may restore the second count value to an initial value and the like after at least one second exchange data is completely sent.
- the second Internet of Things device may also send the second exchange data and the like after determining to obtain at least one piece of first exchange data corresponding to the first Internet of Things device. After the second Internet of Things device determines to obtain at least one first exchange data corresponding to the first Internet of Things device, the second count value can be restored to the initial value. Similarly, the first Internet of Things device completes sending at least one first exchange data Afterwards, the first count value may be restored to an initial value, etc.
- the first exchange data can be at least part of the first data that the first IoT device needs to send to the second IoT device to participate in the calculation, and the first data can be divided when the data volume is large A plurality of first exchanged data are obtained and sent respectively, so the method may further include:
- generating the first ciphertext of the first exchange data and the first verification message of the first ciphertext based on the shared key may be: for the first exchange data currently to be sent, based on the shared key A first ciphertext of the first exchange data and a first verification message of the first ciphertext are generated.
- the first exchange data currently to be sent may refer to any first exchange data not sent by the first IoT device, or it may be based on the second resend request of the second IoT device, and the most recently sent first exchange data The data is again used as the first exchanged data to be sent currently.
- the second exchange data to be sent may refer to any unsent second exchange data, etc.
- the first IoT device may generate the corresponding first ciphertext and first ciphertext based on the shared key.
- the verification message is sent to the second IoT device in the form of the first ciphertext and the first verification message.
- the second IoT device may execute a second processing operation based on the at least one first exchange data to obtain a second processing result, and Export the second processing result to an external execution environment.
- the second IoT device decrypts and performs data processing in the trusted execution environment, and the external execution environment cannot obtain it. Only the second processing result is exported to the external execution environment, which not only realizes the data processing operation to obtain the processing result, but also guarantees the first - Data privacy and security of exchanged data.
- the first ciphertext and the first ciphertext of the first exchange data are generated based on the shared key
- the first verification message of can be: in the first trusted execution environment, the first exchange data is encrypted into the first ciphertext by using the first session key, and the first verification message of the first ciphertext is generated by using the second session key .
- the first IoT device may exchange the first The data and the current first count value are encrypted to generate the first ciphertext, and the first verification message of the first ciphertext is generated.
- the second IoT device After the second IoT device successfully verifies the first verification message, it decrypts the first ciphertext to obtain the first exchange Data and the first count value, first check whether the first count value is correct, after the verification is successful, the first exchange data can be saved, and a second confirmation request can be sent to the first IoT device, otherwise the first exchange can be rejected data, and may also send a second retransmission request to the first IoT device.
- the specific verification method can be to verify whether the first count value is the same as the current second count value, if they are the same, increment the second count value, and use the shared key to encrypt the second count value to generate a second encrypted value and Generate a fourth verification message of the second encrypted value.
- the second confirmation request may include the second encrypted value and the fourth verification message.
- the first IoT device After the first IoT device successfully verifies the fourth verification message, it may obtain the second encrypted value
- the second count value is obtained by decrypting in the middle, and the current first count value can be updated by using the second count value. Afterwards, the first IoT device may continue to send the next first exchange data or end the sending process.
- the first IoT device may add an end identifier to the first exchange data before encrypting, so that the second Internet of Things device can determine whether the reception is complete based on the end identifier, and then execute the first processing operation etc.
- Figure 3 is a flow chart of another embodiment of a data processing method provided by the embodiment of this application.
- the technical solution of this embodiment is provided by the second Internet of Things device To execute, the method may include the following steps:
- the second Internet of Things device may create a second trusted execution environment, and may negotiate with the first Internet of Things device to generate a shared key in the second trusted execution environment.
- the first IoT device may generate the shared key through negotiation in the first trusted execution environment.
- the way of generating the shared key has been described in the foregoing embodiments, and will not be repeated here.
- the shared key may be generated through pre-negotiation, or may be generated in real time when the second data is sent, which is not limited in this application.
- the second IoT device may derive the first session key and the second session key from the shared key. It may be that the first session key is used to encrypt the second exchange data to generate the second ciphertext, and the second session key is used to generate the second verification message of the second ciphertext.
- the first IoT device is used to verify the verification message of the second ciphertext based on the shared key in the first trusted execution environment, and decrypt the second ciphertext to obtain the second exchange data after the verification is successful, and Based on at least one second exchange data, execute a second processing operation to obtain a second processing result, and export the second processing result to an external execution environment.
- the external execution environment cannot be obtained, and only the first processing result is exported to the external execution environment, which realizes data Processing operations to obtain processing results, and data privacy and security can be guaranteed.
- the method may also include:
- the second ciphertext of the second exchange data and the verification message of the second ciphertext may be: for the second exchange data currently to be sent, use the shared key to encrypt the second exchange data to generate the second ciphertext.
- the ciphertext and the second verification message for generating the second ciphertext may be: for the second exchange data currently to be sent, use the shared key to encrypt the second exchange data to generate the second ciphertext.
- the ciphertext and the second verification message for generating the second ciphertext.
- encrypting the second exchange data to generate a second ciphertext and generating a second verification message of the second ciphertext may be :
- the second exchange data currently to be sent encrypt the second exchange data and the current first count value to generate a second ciphertext and generate a second verification message of the second ciphertext; the first count value is used for the first Internet of Things
- the device is calibrated.
- the method may also include:
- the unsent second exchange data After receiving the first confirmation request sent by the first IoT device, the unsent second exchange data is used as the second exchange data to be sent; wherein, the first confirmation request is the verification of the first count value by the first IoT device send on success;
- the most recently sent second exchange data is re-used as the second exchange data to be sent; wherein, the first retransmission request is that the first IoT device counts Sent when the value verification fails or the verification of the second verification message fails.
- the verification of the second count value by the first Internet of Things device has been discussed in detail above, and will not be repeated here.
- the first IoT device can maintain the first count value
- the second IoT device can maintain the second count value
- the first count value is the same as the initial value of the second count value
- the first IoT The networked device can specifically check whether the second count value is the same as the current first count value.
- the first count value can be incremented, and the incremented first count value can be encrypted based on the shared key to generate The first encrypted value and the third verification message.
- the first confirmation request sent by the first IoT device may include the first encrypted value and the third verification message.
- the method may further include: receiving The first confirmation request sent by the first Internet of Things device verifies the third verification message of the first encrypted value in the confirmation request based on the shared key, and decrypts the first encrypted value to obtain the first count value after the verification is successful ; Update the second count value with the first count value.
- the first IoT device may also have a need to transmit data to the second IoT device, therefore, in some embodiments, the method may further include:
- a second processing operation is performed based on the at least one first exchange data, and a result of the second processing is exported to an external execution environment.
- the first IoT device may perform the operation of sending the first exchanged data after receiving at least one second exchanged data from the second IoT device; or the second IoT device may The operation of sending the second exchange data is performed after at least one piece of first exchange data from the first Internet of Things device is all received.
- the first ciphertext may be obtained by encrypting the first exchange data and the current first count value. After the first verification message is successfully verified, decrypting the first ciphertext to obtain the first exchange data may be:
- the verification of the second count value fails, it can be considered that the first exchange data has an error and may be attacked by a third party, so the second exchange data can be rejected.
- a second resend request may be sent to the first Internet of Things device, so as to notify the first Internet of Things device to resend the erroneous first exchange data and the like.
- the checking whether the first count value is correct includes: checking whether the first count value is the same as the current second count value; wherein, the initial values of the first count value and the second count value are the same, for example, is 0; the method can also include:
- sending the second confirmation request to the second Internet of Things device includes:
- the second count value in updates the first count value.
- Device A and device B can carry out key negotiation in their respective trusted execution environments, generate a shared key, and use the shared key for key derivation to obtain two session keys: the first session key and the second session key key.
- the shared key may be generated in advance, and of course, may also be generated in real time during data exchange, and the shared key generated for each data exchange may be the same or different.
- the device B may divide the second data to be sent into multiple second exchange data, and the device B transmits and processes each second exchange data in the same way.
- Device A may maintain a counter A in its memory
- device B may maintain a counter B in its memory.
- the initial values of counter A and counter B are the same, for example, may be 0.
- device B For a second exchange data to be sent, device B, in its second trusted execution environment, encrypts the second exchange data and the second count value of the current counter B, generates a second ciphertext, and uses the second The second session key generates a second authentication message of a second ciphertext. After device B combines the second ciphertext and the second verification message, it may send it to device A via the first proxy system and the second proxy system.
- device A After receiving the second ciphertext and the second verification message, device A imports it into its first trusted execution environment, uses the second session key to verify the second verification message in the first trusted execution environment, and the verification is successful. Use the first session key to decrypt the second ciphertext to obtain the second exchange data and the second count value. After that, check whether the second count value is the same as the current first count value of counter A. If they are the same, the value can be incremented. first count value, and use the first session key to generate the first encrypted value of the first count value and use the second session key to generate the third verification message of the first encrypted value, after that, the first proxy system and the second The second proxy system sends to device B a first confirmation request containing the first encrypted value and the third verification message. And if the second count value is different from the current first count value, the second exchange data may be rejected, and the first retransmission request may be sent to device A via the second proxy system and the second proxy system.
- device B uses the second session key to verify the third verification message. After the verification is passed, it uses the first session key to decrypt the first encrypted value to obtain the first count value, and sends After the current second counting value is updated to the first counting value, the above process can be performed with the unsent second exchanged data as the second exchanged data to be sent.
- device B can also add an end identifier to the second exchange data, so that device A can determine whether the second data has been received or not based on the end identifier, and then when the receiving is completed, it can then check the received Execute the first processing operation on the at least one second exchange data to obtain the first processing result, and only export the first processing result to the external execution environment, so as to achieve the purpose of safely processing the second data.
- device B may re-execute the above process and the like by using the most recently sent second exchange data as the second exchange data to be sent.
- the device A After the device A determines that the second data of the device B has been received, if there is a need to send data to the device B, the device A and the device B can reset their respective counters to an initial value of 0 at this time.
- Device A divides the first data to be sent into multiple first exchanged data, and device A transmits and processes each first exchanged data in the same way.
- device A For a first exchange data to be sent, device A sends the first exchange data in its first trusted execution environment After being combined with the first count value of the current counter A, encryption is performed to generate a first ciphertext, and a first verification message of the first ciphertext is generated by using the second session key. Device A may send to device B after combining the first ciphertext and the first verification message via the first proxy system and the second proxy system.
- device B After receiving the first ciphertext and the first verification message, device B imports it into its second trusted execution environment, uses the second session key to verify the first verification message in the second trusted execution environment, and the verification is successful. Use the first session key to decrypt the first ciphertext to obtain the first exchange data and the first count value. After that, check whether the first count value is the same as the current second count value of counter B. If they are the same, the value can be incremented. second count value, and use the first session key to generate a second encrypted value of the second count value and use the second session key to generate a fourth verification message of the second encrypted value, after which, the first proxy system and the second The second proxy system sends to device A a second confirmation request including the second encrypted value and the fourth verification message. And if the first count value is different from the current second count value, the first exchange data may be rejected, and a second retransmission request may be sent to device A via the first proxy system and the second proxy system.
- device A receives the second confirmation request, it uses the second session key to verify the fourth verification message. After the verification is passed, it uses the first session key to decrypt the second encrypted value to obtain the second count value, and sends After the current first count value is updated to the second count value, the above-mentioned process can be performed with the unsent first exchange data as the first exchange data to be sent.
- the first exchange data to be sent is the last first exchange data
- device A can also add an end identifier to the first exchanged data, so that device B can determine whether the first data has been received based on the end identifier, and then when the reception is completed, the received At least one first exchange data performs a second processing operation to obtain a second processing result, and only the second processing result is exported to an external execution environment, so as to achieve the purpose of safely processing the first data.
- device A may use the most recently sent first exchange data as the second exchange data to be sent to perform the above process and so on.
- device A and device B belong to different enterprise devices, such as gateway devices in the Internet of Things.
- Enterprise A maintains the user information of its members in device A, such as communication numbers.
- B maintains the employee information of its members in device B, such as communication numbers; the employee information of enterprise A and enterprise B is private data, and the confidentiality requirements are high.
- enterprise A and enterprise B need to exchange the user information of all members, and seek the intersection of users to determine the purpose of common members.
- the data is not only encrypted and transmitted, but also executed in a trusted manner.
- the calculation of user intersection is performed in the environment to determine the user information of the shared members, and only the user information of the shared members is exported to the external execution environment. Since the user information of the shared members is the existing data of enterprise A and enterprise B, it is guaranteed To ensure data security, enterprise A and enterprise B can further process the user information of shared members. For example, enterprise A can combine the characteristics of enterprise B to determine personalized recommendation information for shared members, and based on shared Member's user information, push personalized recommendation information, etc.
- data is encrypted for transmission, encryption, decryption, and data processing are performed in a trusted execution environment, thereby realizing data processing and ensuring data security.
- Fig. 4 is a schematic structural diagram of an embodiment of a data processing device provided in an embodiment of the present application, the device may include:
- the first determination module 401 is configured to determine the shared key generated through negotiation with the second IoT device in the first trusted execution environment
- the first receiving module 402 is configured to receive the second ciphertext and the second verification message sent by the second IoT device;
- the first verification module 403 is configured to verify the second verification message based on the shared key in the first trusted execution environment, and decrypt the second exchange data from the second ciphertext after the second verification message is successfully verified;
- the first processing module 404 is configured to perform a first processing operation based on the at least one second exchange data to obtain a first processing result after determining to obtain at least one second exchange data corresponding to the second Internet of Things device in the first trusted execution environment , and export the first processing result to an external execution environment.
- the second ciphertext is encrypted and obtained based on the second exchange data and the current second count value
- the first verification module decrypts the second ciphertext to obtain the second exchange data after the second verification message is successfully verified, including: after the second verification message is successfully verified, decrypts the second ciphertext to obtain the second exchange data and the second count value ;Check whether the second count value is correct; if the second count value is successfully verified, save the second exchange data, and send the first confirmation request to the second IoT device; if the second count value fails to verify, reject the second Exchange data.
- the first verification module checking whether the second count value is correct includes: checking whether the second count value is the same as the current first count value; wherein, the initial value of the first count value and the second count value same;
- the device can also include:
- the first update module is used to increment the first count value if the verification of the second count value succeeds
- Sending the first confirmation request to the second Internet of Things device by the first verification module includes: generating the first encrypted value of the first count value and the third verification message of the first encrypted value based on the shared key; sending to the second Internet of Things device including The first confirmation request for the first encrypted value and the third verification message; the first confirmation request is also used to notify the second Internet of Things device to update the first count value based on the first count value in the first encrypted value after the third verification message is successfully verified. Second count value.
- the device may also include:
- the first derivation module is used to obtain the first session key and the second session key from the shared key in the first trusted execution environment
- the first verification module is specifically configured to verify the second verification message based on the second session key in the first trusted execution environment, and decrypt the second ciphertext based on the first session key after the second verification message is successfully verified. Obtain the second exchange data.
- the device may also include:
- the first encryption module is configured to generate a first ciphertext of the first exchange data and a first verification message of the first ciphertext based on the shared key in the first trusted execution environment;
- the first sending module is configured to send the first ciphertext and the first verification message to the second Internet of Things device; wherein, the first verification message is used by the second Internet of Things device based on the shared key in the second trusted execution environment Perform verification, and decrypt the first ciphertext to obtain the first exchange data after the verification is successful.
- the data processing device shown in FIG. 4 can execute the data processing method described in the embodiment shown in FIG. 2 , and its implementation principles and technical effects will not be repeated here.
- the specific manner of performing operations by each module and unit of the data processing device in the above embodiment has been described in detail in the embodiment of the method, and will not be described in detail here.
- Fig. 5 is a schematic structural diagram of another embodiment of a data processing device provided in an embodiment of the present application, the device may include:
- the second determination module 501 is configured to determine the shared key generated through negotiation with the first IoT device
- the second encryption module 502 is configured to generate a second ciphertext of the second exchange data and a second verification message of the second ciphertext based on the shared key;
- the second sending module 503 is configured to send the second ciphertext and the second verification message to the first IoT device; the first IoT device is used to verify the second ciphertext based on the shared key in the first trusted execution environment The second verification message is verified, and after the verification is successful, it is decrypted from the second ciphertext to obtain the second exchange data.
- the device may also include:
- a segmentation processing module configured to segment the second data into at least one second exchange data
- the second encryption module is specifically used to encrypt the second exchange data and the current second count value to generate a second ciphertext and generate a second verification message of the second ciphertext for the second exchange data currently to be sent, using a shared key ;
- the second count value is used for verification by the first IoT device.
- the second processing module is further configured to receive the first confirmation request sent by the first IoT device, and use the unsent second exchange data as the second exchange data to be sent; wherein, the first The confirmation request is sent by the first IoT device when the verification of the first count value is successful; the first retransmission request sent by the first IoT device is received, and the second exchange data sent most recently is re-used as the second exchange data to be sent ; Wherein, the first resending request is sent by the first IoT device when the verification of the first count value fails or the verification of the second verification message fails.
- the apparatus may further include: a second update module, configured to receive the first confirmation request sent by the first Internet of Things device, and perform the third verification message in the first confirmation request based on the shared key Verify, and after successful verification, decrypt the first encrypted value in the first confirmation request to obtain the first count value; the initial value of the first count value is the same as the initial value of the second count value; the first IoT device is used to After the count value is verified successfully, the first count value is incremented; and the second count value is updated by using the first count value.
- a second update module configured to receive the first confirmation request sent by the first Internet of Things device, and perform the third verification message in the first confirmation request based on the shared key Verify, and after successful verification, decrypt the first encrypted value in the first confirmation request to obtain the first count value; the initial value of the first count value is the same as the initial value of the second count value; the first IoT device is used to After the count value is verified successfully, the first count value is incremented; and the second count value is updated by using
- the second determination module is specifically configured to determine the The shared secret key generated by the device negotiation
- the device can also include:
- the second receiving module is configured to receive the first ciphertext and the corresponding first verification message sent by the first IoT device;
- the second verification module is configured to verify the first verification message based on the shared key in the second trusted execution environment, and after the verification succeeds, decrypt the first ciphertext to obtain the first exchange data;
- the second processing module is configured to perform the first processing operation based on the at least one first exchange data after it is determined in the second trusted execution environment that at least one first exchange data corresponding to the first IoT device is obtained, and the first processing Results are exported to an external execution environment.
- the data processing device shown in FIG. 5 can execute the data processing method described in the embodiment shown in FIG. 6 , and its implementation principles and technical effects will not be repeated here.
- the specific manner of performing operations by each module and unit of the data processing device in the above embodiment has been described in detail in the embodiment of the method, and will not be described in detail here.
- the embodiment of the present application also provides an Internet of Things device, as shown in FIG. 6 , the device includes a storage component 601 and a processing component 602; the storage component 601 stores one or more computer instructions;
- the processing component 602 creates a trusted execution environment through its configured security unit 603;
- the one or more computer instructions are called and executed by the processing component to implement the data processing method of the embodiment shown in FIG. 2 above, or realize the data processing method of the embodiment shown in FIG. 3 above.
- the trusted execution environment created by it is the first trusted execution environment; when the IoT device is used as the second IoT device in the above embodiment , the trusted execution environment created by it is the second trusted execution environment.
- the processing component may be a central processing unit, such as Intel, ARM or AMD processing, and the trusted execution environment may be created based on Intel's SGS, ARM's Trustzone, or AMD's PSP.
- the embodiment of the present application also provides an Internet of Things device, as shown in FIG. 7 , the device includes a storage component 701 and a processing component 702; the storage component 701 stores one or more computer instructions;
- the processing component 702 creates a sandbox 703 and uses the sandbox 703 as a trusted execution environment;
- the one or more computer instructions are called and executed by the processing component to implement the data processing method of the embodiment shown in FIG. 2 above, or realize the data processing method of the embodiment shown in FIG. 3 above.
- the trusted execution environment created by it is the first trusted execution environment; when the IoT device is used as the second IoT device in the above embodiment , the trusted execution environment created by it is the second trusted execution environment.
- the embodiment of the present application also provides an Internet of Things device, as shown in FIG. 8 , the device includes a storage component 801, a processing component 802, and a secure element 803; the storage component 801 stores one or more computer instructions;
- the secure element 803 is used to create a trusted execution environment called by the processing component 802;
- the one or more computer instructions are called and executed by the processing component to implement the data processing method of the embodiment shown in FIG. 2 above, or realize the data processing method of the embodiment shown in FIG. 3 above.
- the trusted execution environment created by it is the first trusted execution environment; when the IoT device is used as the second IoT device in the above embodiment , the trusted execution environment created by it is the second trusted execution environment.
- the above-mentioned Internet of Things device must also include other components, such as input/output interfaces, communication components, and the like.
- the input/output interface provides an interface between the processing component and the peripheral interface module, and the above peripheral interface module may be an output device, an input device, and the like.
- the communication component is configured to facilitate wired or wireless communication between the IoT device and other devices, and the like.
- an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed by a computer, the data processing method in the above-mentioned embodiment shown in FIG. 2 or FIG. 3 can be implemented.
- the computer-readable medium may be contained in the electronic device described in the above embodiments; or it may exist independently without being assembled into the electronic device.
- the embodiment of the present application also provides a computer program product, which includes a computer program carried on a computer-readable storage medium, and when the computer program is executed by a computer, it can realize the above-mentioned embodiments as shown in Figure 2 or Figure 3 data processing method.
- the computer program may be downloaded and installed from a network, and/or from removable media.
- various functions defined in the system of the present application are performed.
- the storage component in the above related embodiments may be configured to store various types of data to support operations at the terminal.
- the memory component can be implemented by any type of volatile or non-volatile memory device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.
- SRAM static random access memory
- EEPROM electrically erasable programmable read-only memory
- EPROM erasable Programmable Read Only Memory
- PROM Programmable Read Only Memory
- ROM Read Only Memory
- Magnetic Memory Flash Memory
- Magnetic or Optical Disk any type of volatile or non-volatile memory device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM),
- the computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination thereof.
- the device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without any creative effort.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
Provided in the embodiments of the present application are a data processing method and a device. The method comprises: a first Internet-of-Things device determining a shared key which is generated by negotiating with a second Internet-of-Things device in a first trusted execution environment; receiving second ciphertext and a second verification message, which are sent by the second Internet-of-Things device; verifying the second verification message in the first trusted execution environment on the basis of the shared key, and after the second verification message is successfully verified, decrypting the second ciphertext to obtain second exchange data; after it is determined, in the trusted execution environment, that at least one piece of second exchange data corresponding to the second Internet-of-Things device is obtained, executing a first processing operation on the basis of the at least one piece of second exchange data, so as to obtain a first processing result; and exporting the first processing result to an external execution environment. By using the technical solution provided in the embodiments of the present application, the data security is improved, and the aim of securely processing data is realized.
Description
本申请要求于2022年02月08日提交中国专利局、申请号为202210119023.9、申请名称为“数据处理方法及设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202210119023.9 and the application name "data processing method and equipment" submitted to the China Patent Office on February 08, 2022, the entire contents of which are incorporated in this application by reference.
本申请实施例涉及数据处理技术领域,尤其涉及一种数据处理方法及设备。The embodiments of the present application relate to the technical field of data processing, and in particular, to a data processing method and device.
随着物联网技术的发展,物联网设备在各个领域都得到了广泛的应用。With the development of IoT technology, IoT devices have been widely used in various fields.
实际应用中,多个物联网设备往往存在交换数据以进行计算的需求,而直接传递明文数据往往不安全,容易导致数据泄露,存在安全隐患。In practical applications, multiple IoT devices often have the need to exchange data for calculation, but direct transmission of plaintext data is often unsafe, easily leading to data leakage, and posing security risks.
发明内容Contents of the invention
本申请实施例提供一种数据处理方法及设备,用以解决现有技术中的数据存在安全隐患的问题。Embodiments of the present application provide a data processing method and device, which are used to solve the problem of potential security risks in data in the prior art.
第一方面,本申请实施例中提供了一种数据处理方法,包括:In the first aspect, an embodiment of the present application provides a data processing method, including:
第一物联网设备确定在第一可信执行环境中与第二物联网设备协商生成的共享密钥;The first IoT device determines a shared key generated through negotiation with the second IoT device in the first trusted execution environment;
接收所述第二物联网设备发送的第二密文及第二验证消息;receiving a second ciphertext and a second verification message sent by the second IoT device;
在所述第一可信执行环境中基于所述共享密钥对所述第二验证消息进行验证,并在所述第二验证消息验证成功之后从所述第二密文中解密获得第二交换数据;Verifying the second verification message based on the shared key in the first trusted execution environment, and decrypting the second ciphertext to obtain second exchange data after the second verification message is successfully verified. ;
在所述第一可信执行环境中确定获得所述第二物联网设备对应的至少一个第二交换数据之后,基于所述至少一个第二交换数据执行第一处理操作获得第一处理结果,并将所述第一处理结果导出至外部执行环境。After determining to obtain at least one second exchanged data corresponding to the second IoT device in the first trusted execution environment, performing a first processing operation based on the at least one second exchanged data to obtain a first processing result, and Exporting the first processing result to an external execution environment.
第二方面,本申请实施例中提供了一种数据处理方法,包括:In the second aspect, an embodiment of the present application provides a data processing method, including:
第二物联网设备确定与第一物联网设备协商生成的共享密钥;The second IoT device determines the shared key generated through negotiation with the first IoT device;
基于所述共享密钥生成第二交换数据的第二密文及所述第二密文的第二验证消息;
generating a second ciphertext of the second exchange data and a second verification message of the second ciphertext based on the shared key;
将所述第二密文及所述第二验证消息发送至所述第一物联网设备;所述第一物联网设备用于在第一可信执行环境中基于所述共享密钥对所述第二密文的第二验证消息进行验证,并在验证成功之后从所述第二密文中解密获得所述第二交换数据。sending the second ciphertext and the second verification message to the first IoT device; the first IoT device is configured to verify the shared key based on the shared key in the first trusted execution environment The second verification message of the second ciphertext is verified, and after the verification is successful, the second exchange data is obtained by decrypting the second ciphertext.
第三方面,本申请实施例中提供了一种物联网设备,包括存储组件及处理组件;所述存储组件存储一条或多条计算机指令;In a third aspect, an embodiment of the present application provides an Internet of Things device, including a storage component and a processing component; the storage component stores one or more computer instructions;
所述处理组件通过其配置的安全单元创建可信执行环境或者通过创建沙箱以及将所述沙箱作为可信执行环境;The processing component creates a trusted execution environment through its configured security unit or creates a sandbox and uses the sandbox as a trusted execution environment;
所述一条或多条计算机指令供所述处理组件调用并执行,以实现如上述第一方面所述的数据处理方法,或者实现如上述第二方面所述的数据处理方法。The one or more computer instructions are called and executed by the processing component to implement the data processing method as described in the first aspect above, or to implement the data processing method as described in the second aspect above.
第四方面,本申请实施例中提供了一种物联网设备,包括存储组件、处理组件及安全元件;所述存储组件存储一条或多条计算机指令;In a fourth aspect, an embodiment of the present application provides an Internet of Things device, including a storage component, a processing component, and a secure element; the storage component stores one or more computer instructions;
所述安全元件用以创建供所述处理组件调用的可信执行环境;The secure element is used to create a trusted execution environment called by the processing component;
所述一条或多条计算机指令供所述处理组件调用并执行,以实现如上述第一方面所述的数据处理方法,或者实现如上述第二方面所述的数据处理方法。The one or more computer instructions are called and executed by the processing component to implement the data processing method as described in the first aspect above, or to implement the data processing method as described in the second aspect above.
本申请实施例中,第一物联网设备在其第一可信执行环境中与第二物联网设备协商生成共享密钥,接收第二物联网设备发送的第二密文及第二验证消息;并在所述第一可信执行环境中基于所述共享密钥对所述第二验证消息进行验证,并在所述第二验证消息验证成功之后从所述第二密文中解密获得第二交换数据;之后在所述第一可信执行环境中确定获得所述第二物联网设备对应的至少一个第二交换数据之后,基于所述至少一个第二交换数据执行第一处理操作获得第一处理结果,并将第一处理结果导出至外部执行环境。本申请实施例中数据加密传输且在可信执行环境中进行处理生成处理结果,只将处理结果导出至外部执行环境,从而实现了安全计算目的,有效保证了数据安全性。In the embodiment of the present application, the first IoT device negotiates with the second IoT device in its first trusted execution environment to generate a shared key, and receives the second ciphertext and the second verification message sent by the second IoT device; and verifying the second verification message based on the shared key in the first trusted execution environment, and decrypting the second ciphertext to obtain a second exchange after the verification of the second verification message is successful. data; after determining to obtain at least one second exchange data corresponding to the second Internet of Things device in the first trusted execution environment, performing a first processing operation based on the at least one second exchange data to obtain first processing result, and export the first processing result to an external execution environment. In the embodiment of the present application, the data is transmitted encrypted and processed in a trusted execution environment to generate processing results, and only the processing results are exported to the external execution environment, thereby achieving the purpose of secure computing and effectively ensuring data security.
本申请的这些方面或其他方面在以下实施例的描述中会更加简明易懂。These or other aspects of the present application will be more concise and understandable in the description of the following embodiments.
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present application. Those skilled in the art can also obtain other drawings based on these drawings without creative work.
图1a示出了本申请提供的一种数据处理系统一个实施例的结构示意图;Figure 1a shows a schematic structural diagram of an embodiment of a data processing system provided by the present application;
图1b示出了本申请提供的一种数据处理系统又一个实施例的结构示意图;
Figure 1b shows a schematic structural diagram of another embodiment of a data processing system provided by the present application;
图2示出了本申请提供的一种数据处理方法一个实施例的流程图;FIG. 2 shows a flowchart of an embodiment of a data processing method provided by the present application;
图3示出了本申请提供的一种数据处理方法又一个实施例的流程图;FIG. 3 shows a flowchart of another embodiment of a data processing method provided by the present application;
图4示出了本申请提供的一种数据处理装置一个实施例的结构示意图;FIG. 4 shows a schematic structural diagram of an embodiment of a data processing device provided by the present application;
图5示出了本申请提供的一种数据处理装置又一个实施例的结构示意图;Fig. 5 shows a schematic structural diagram of another embodiment of a data processing device provided by the present application;
图6示出了本申请提供的一种物联网设备一个实施例的结构示意图;FIG. 6 shows a schematic structural diagram of an embodiment of an Internet of Things device provided by the present application;
图7示出了本申请提供的一种物联网设备又一个实施例的结构示意图;Fig. 7 shows a schematic structural diagram of another embodiment of an Internet of Things device provided by the present application;
图8示出了本申请提供的一种物联网设备又一个实施例的结构示意图。Fig. 8 shows a schematic structural diagram of another embodiment of an Internet of Things device provided by the present application.
为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述。In order to enable those skilled in the art to better understand the solutions of the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application.
在本申请的说明书和权利要求书及上述附图中的描述的一些流程中,包含了按照特定顺序出现的多个操作,但是应该清楚了解,这些操作可以不按照其在本文中出现的顺序来执行或并行执行,操作的序号如101、102等,仅仅是用于区分开各个不同的操作,序号本身不代表任何的执行顺序。另外,这些流程可以包括更多或更少的操作,并且这些操作可以按顺序执行或并行执行。需要说明的是,本文中的“第一”、“第二”等描述,是用于区分不同的消息、设备、模块等,不代表先后顺序,也不限定“第一”和“第二”是不同的类型。In some processes described in the specification and claims of the present application and the description in the above-mentioned drawings, multiple operations appearing in a specific order are included, but it should be clearly understood that these operations may not be performed in the order in which they appear herein Execution or parallel execution, the serial numbers of the operations, such as 101, 102, etc., are only used to distinguish different operations, and the serial numbers themselves do not represent any execution order. Additionally, these processes can include more or fewer operations, and these operations can be performed sequentially or in parallel. It should be noted that the descriptions of "first" and "second" in this article are used to distinguish different messages, devices, modules, etc. are different types.
以物联网(IOT,Internet of Things)场景为例,实际应用中常涉及使用多个物联网设备的数据共同参与计算的场景,因此,存在一个物联网设备将其自身的数据提供给其它物联网设备的联动需求,而目前多采用明文形式进行数据传递,但是不同物联网设备的数据通常属于私有数据,明文形式会导致数据泄露,数据安全性较低。特别是,参与计算的不同物联网设备属于不同数据方,数据方例如可以为企业方,不同数据方之间可以借助物联网技术进行资源数据的共享和转移等,然而数据方自己的资源数据通常属于私有数据,并不希望对方获知,那么如何在保护数据隐私的情况下又能实现对数据的处理,即成为需要解决的技术问题。Taking the Internet of Things (IOT, Internet of Things) scenario as an example, practical applications often involve the use of data from multiple IoT devices to participate in calculations. Therefore, there is an IoT device that provides its own data to other IoT devices However, the data of different IoT devices is usually private data, and the plain text form will lead to data leakage and low data security. In particular, different IoT devices participating in the calculation belong to different data parties. For example, the data party can be an enterprise party, and resource data can be shared and transferred between different data parties with the help of IoT technology. However, the data party’s own resource data is usually It belongs to private data and does not want the other party to know, so how to realize the processing of data while protecting data privacy has become a technical problem that needs to be solved.
为了在保证数据安全性的前提下实现对数据的处理,发明人经过一系列研究提出了本申请的技术方案,本申请实施例中,两个物联网设备之间数据进行加密传输且在可信执行环境中进行数据处理而生成处理结果,只将处理结果导出至外部执行环境,从而实现了安全计算目的,实现了数据处理且有效保证了数据安全性。In order to realize data processing under the premise of ensuring data security, the inventor proposed the technical solution of this application after a series of studies. Data processing is performed in the execution environment to generate processing results, and only the processing results are exported to the external execution environment, thereby achieving the purpose of safe computing, realizing data processing and effectively ensuring data security.
当然,本申请实施例不仅可以适用于物联网场景中,任意涉及数据传输和计算的两个设备之间,均可以按照本申请实施例的技术方案执行,以保证数据安全性。
Of course, the embodiment of the present application is not only applicable to the Internet of Things scenario, any two devices involving data transmission and calculation can be implemented according to the technical solution of the embodiment of the present application to ensure data security.
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without making creative efforts belong to the scope of protection of this application.
图1a示出了本申请实施例的技术方案可以应用于其中的一种数据处理系统的系统架构示意图;该系统可以包括第一设备101及第二设备102。第一设备101与第二设备102可以是存在数据传输及处理需求的任意两个设备。在物联网场景下,第一设备101以及第二设备102可以均为物联网设备,在其它应用场景,第一设备101以及第二设备102例如也可以分别为客户端设备和服务端设备等。FIG. 1 a shows a schematic diagram of a system architecture of a data processing system to which the technical solution of the embodiment of the present application can be applied; the system may include a first device 101 and a second device 102 . The first device 101 and the second device 102 may be any two devices that require data transmission and processing. In the IoT scenario, the first device 101 and the second device 102 may both be IoT devices, and in other application scenarios, the first device 101 and the second device 102 may also be, for example, client devices and server devices respectively.
其中,第一设备101及第二设备102之间可以直接建立通信连接,从而实现数据的传输。Wherein, a communication connection may be directly established between the first device 101 and the second device 102, so as to realize data transmission.
此外,作为又一个实施例,如图1b中所示,第一设备101以及第二设备102分别属于不同数据方的情况下,第一设备101以及第二设备102可能位于不同网络中而无法直接通信,此时可以通过第一设备101对应第一数据方的第一代理系统103以及第二设备102对应第二数据方的第二代理系统104进行数据转发,以实现第一设备101以及第二设备102之间的通信。In addition, as yet another embodiment, as shown in FIG. 1b, when the first device 101 and the second device 102 belong to different data parties, the first device 101 and the second device 102 may be located in different networks and cannot directly Communication, at this time, the first proxy system 103 of the first device 101 corresponding to the first data party and the second proxy system 104 of the second device 102 corresponding to the second data party can perform data forwarding, so as to realize the first device 101 and the second Communication between devices 102 .
本申请实施例的技术方案中,第一设备101中可以创建有可信执行环境(TEE,Trusted Execution Environment),为了方便描述,命名为第一可信执行环境;第二设备102中也可以创建有可信执行环境,为了方便描述,名称为第二可信执行环境。In the technical solution of the embodiment of the present application, a Trusted Execution Environment (TEE, Trusted Execution Environment) can be created in the first device 101, which is named the first Trusted Execution Environment for convenience of description; it can also be created in the second device 102. There is a trusted execution environment, which is named the second trusted execution environment for convenience of description.
第一设备以及第二设备可以结合设备类型和/或安全需求等来创建对应类型的可信执行环境。例如可信执行环境可以是在设备系统中所创建的沙箱;或者可信执行环境可以是基于CPU(central processing unit,中央处理器)内置的安全单元所创建,比如基于Intel(一种处理器)的SGS(Software Guard Extension,软件保护扩展),ARM(一种处理器)的Trustzone(信任区)或AMD(一种处理器)的PSP(Platform Security Processor,平台安全处理器)等所创建;或者可以是由设备中配置的外部安全元件(SE,Secure Element)所创建等。The first device and the second device may combine device types and/or security requirements to create a corresponding type of trusted execution environment. For example, the trusted execution environment can be a sandbox created in the device system; or the trusted execution environment can be created based on the built-in security unit of the CPU (central processing unit, central processing unit), such as based on Intel (a processor ) SGS (Software Guard Extension, software protection extension), ARM (a processor) Trustzone (trust zone) or AMD (a processor) PSP (Platform Security Processor, platform security processor), etc.; Or it may be created by an external secure element (SE, Secure Element) configured in the device, etc.
其中,可信执行环境可以是与操作系统并存的运行环境,其可以在设备中独立运行,可以保证在可信执行环境中数据和代码的安全性,实现与外部执行环境隔离的目的,本文中所指的外部执行环境可以是指设备的操作系统。Among them, the trusted execution environment can be an operating environment that coexists with the operating system, which can run independently in the device, can ensure the security of data and codes in the trusted execution environment, and achieve the purpose of isolation from the external execution environment. In this paper The referenced external execution environment may refer to the operating system of the device.
在物联网场景中,第一设备101或第二设备102例如可以是传感器类型的检测设备,或提供网关功能的网关设备等任意需要多方数据进行计算的物联网设备等。In the Internet of Things scenario, the first device 101 or the second device 102 may be, for example, a sensor-type detection device, or a gateway device providing a gateway function, and any other Internet of Things device that requires multi-party data for calculation.
本申请实施例技术方案中,第一设备101可以在其第一可信执行环境与第二设备102协商生成共享密钥;第二设备102可以基于共享密钥可以生成第二交换数据的第二密文以
及第二密文的第二验证消息,并将第二密文以及第二验证消息发送至第一设备101;第二设备102可以在第一可信执行环境中基于共享密钥对第二验证消息进行验证,并在第二验证消息验证成功之后从第二密文中解密获得第二交换数据;第一设备101在第一可信执行环境中确定获得第二设备102对应的至少一个第二交换数据之后,可以至少基于该至少一个第二交换数据执行第一处理操作获得第一处理结果,并将第一处理结果导出至外部执行环境。第一设备101与第二设备102之间进行数据加密传输,且第一设备101在可信执行环境中进行解密以及数据处理,仅将第一处理结果导致出外部执行环境,外部执行环境无法获知第二交换数据,从而既可以保证数据安全性且实现了数据处理。In the technical solution of the embodiment of the present application, the first device 101 can negotiate with the second device 102 in its first trusted execution environment to generate a shared key; the second device 102 can generate the second exchange data based on the shared key. ciphertext to and the second verification message of the second ciphertext, and send the second ciphertext and the second verification message to the first device 101; the second device 102 can perform the second verification based on the shared key in the first trusted execution environment The message is verified, and after the second verification message is verified successfully, it is decrypted from the second ciphertext to obtain the second exchange data; the first device 101 determines to obtain at least one second exchange data corresponding to the second device 102 in the first trusted execution environment After data, a first processing operation may be performed based on at least the at least one second exchanged data to obtain a first processing result, and the first processing result may be exported to an external execution environment. Encrypted data transmission is performed between the first device 101 and the second device 102, and the first device 101 performs decryption and data processing in a trusted execution environment, and only the first processing result is brought out of the external execution environment, which cannot be known by the external execution environment The second is to exchange data, so that data security can be guaranteed and data processing can be realized.
在下文一个或多个实施例中,主要以物联网场景,以第一设备以及第二设备为物联网设备为例,对本申请实施例的技术方案的实现细节进行详细阐述。In the following one or more embodiments, the implementation details of the technical solutions of the embodiments of the present application are described in detail mainly by taking an Internet of Things scenario and taking the first device and the second device as Internet of Things devices as examples.
图2为本申请实施例提供的一种数据处理方法一个实施例的流程图,本实施例的技术方案由第一物联网设备执行,该方法可以包括以下几个步骤:Fig. 2 is a flowchart of an embodiment of a data processing method provided by the embodiment of the present application. The technical solution of this embodiment is executed by the first Internet of Things device, and the method may include the following steps:
201:确定在第一可信执行环境与第二物联网设备协商生成的共享密钥。201: Determine the shared key generated through negotiation with the second Internet of Things device in the first trusted execution environment.
第一物联网设备可以结合设备类型和/或安全需求等来创建对应类型的第一可信执行环境。例如第一可信执行环境可以是沙箱;或者基于CPU内置的安全单元所创建或者基于配置的外部安全元件所创建等。The first IoT device may combine the device type and/or security requirements to create a corresponding type of first trusted execution environment. For example, the first trusted execution environment may be a sandbox; or it may be created based on a CPU built-in security unit or based on a configured external security unit.
为了进一步保证安全性,特别是第一物联网设备与第二物联网设备存在互相交换数据的需求,第一物联网设备也会向第二物联网设备发送数据的情况下,第二物联网设备也可以创建第二可信执行环境,第二物联网设备可以是在第二可信执行环境中与第一物联网设备协商以生成该共享密钥;第二可信执行环境的类型可以是沙箱、或者基于CPU内置的安全单元所创建或者基于配置的外部安全元件所创建等。In order to further ensure security, especially when the first IoT device and the second IoT device need to exchange data with each other, and the first IoT device will also send data to the second IoT device, the second IoT device A second trusted execution environment can also be created, and the second IoT device can negotiate with the first IoT device in the second trusted execution environment to generate the shared key; the type of the second trusted execution environment can be sand box, or based on the built-in security unit of the CPU or based on the configuration of an external security unit, etc.
其中,共享密钥可以由第一物联网设备和第二物联网设备预先协商生成,当然,也可以在每一次进行数据传输时而实时生成,因此,可选地,该方法还可以包括:在第一可信执行环境与第二物联网设备协商生成共享密钥。Wherein, the shared key may be generated through pre-negotiation between the first IoT device and the second IoT device, and of course, may also be generated in real time during each data transmission. Therefore, optionally, the method may also include: A trusted execution environment negotiates with the second IoT device to generate a shared key.
作为一种可选方式,该共享密钥可以按照如下方式协商获得:As an option, the shared key can be obtained through negotiation as follows:
首先,第一物联网设备在第一可信执行环境中生成第一私钥及第一公钥;其中,第一私钥可以保存在第一可信执行环境中;同样,第二物联网设备也可以生成第二私钥以及第二公钥,可选地,第二物联网设备可以是在其第二可信执行环境中生成第二私钥以及第二公钥;First, the first IoT device generates the first private key and the first public key in the first trusted execution environment; wherein, the first private key can be stored in the first trusted execution environment; similarly, the second IoT device A second private key and a second public key may also be generated, optionally, the second IoT device may generate the second private key and the second public key in its second trusted execution environment;
之后,第一物联网设备将第一公钥导出至外部执行环境,并在外部执行环境对第一公钥进行认证获得第一公钥证书,以及将第一公钥证书发送至第二物联网设备;其中,在外部执行环境可以数字签名技术请求证书颁发机构(CA,Certificate Authority)对第一公钥进行签名,获得该第一公钥的第一公钥证书;同样,第二物联网设备也可以对第二公钥进
行认证获得第二公钥证书,可选地,第二公钥在第二可选执行环境中生成时,可以首先导出至第二物联网设备的外部执行环境,在外部执行环境对第一公钥进行认证获得第一公钥证书;Afterwards, the first IoT device exports the first public key to the external execution environment, and authenticates the first public key in the external execution environment to obtain the first public key certificate, and sends the first public key certificate to the second IoT device device; wherein, in the external execution environment, the digital signature technology can request the certificate authority (CA, Certificate Authority) to sign the first public key to obtain the first public key certificate of the first public key; similarly, the second Internet of Things device You can also enter the second public key Perform authentication to obtain the second public key certificate. Optionally, when the second public key is generated in the second optional execution environment, it can first be exported to the external execution environment of the second Internet of Things device. Key for authentication to obtain the first public key certificate;
之后,第一物联网设备获取第二物联网设备发送的第二公钥证书;第一物联网设备也会将第一公钥证书发送至第二物联网设备;Afterwards, the first IoT device obtains the second public key certificate sent by the second IoT device; the first IoT device also sends the first public key certificate to the second IoT device;
之后,第一物联网设备从第二公钥证书中提取第二公钥;第一物联网设备可以验证第二公钥证书的有效性,并在验证有效之后,从中提取获得第二公钥;同样第二物联网设备也可以验证第一公钥证书的有效性,并在验证有效之后,从中提取获得第一公钥。提取公钥过程可以在可信环境中执行;Afterwards, the first IoT device extracts the second public key from the second public key certificate; the first IoT device can verify the validity of the second public key certificate, and extract the second public key from it after the verification is valid; Similarly, the second Internet of Things device can also verify the validity of the first public key certificate, and extract the first public key from it after the verification is valid. The process of extracting the public key can be performed in a trusted environment;
之后,第一物联网设备在第一可信执行环境中,基于第一私钥以及第二公钥,采用密钥协商算法生成共享密钥。第二物联网设备也可以基于第二私钥以及第一公钥,采用密钥协商算法生成同一个共享密钥,可选地,第二物联网设备也可以是在第二可信执行环境中,基于第二私钥以及第一公钥,采用密钥协商算法生成同一个共享密钥;Afterwards, the first IoT device generates a shared key by using a key agreement algorithm based on the first private key and the second public key in the first trusted execution environment. The second IoT device can also use the key agreement algorithm to generate the same shared key based on the second private key and the first public key. Optionally, the second IoT device can also be in the second trusted execution environment , based on the second private key and the first public key, a key agreement algorithm is used to generate the same shared key;
其中,密钥协商算法例如可以采用ECDH(Elliptic-Curve Diffie-Hellman,椭圆曲线迪菲-赫尔曼)算法,当然也可以采用其它算法如RSA(一种公钥加密算法)、DHKA(Differ-Hellman Key Exchange,迪菲-赫尔曼密钥交换)算法等,本申请对此不进行具体限定。Wherein, the key agreement algorithm can for example adopt ECDH (Elliptic-Curve Diffie-Hellman, elliptic curve Diffie-Hellman) algorithm, certainly also can adopt other algorithm such as RSA (a kind of public key encryption algorithm), DHKA (Differ-Hellman). Hellman Key Exchange, Diffie-Hellman key exchange) algorithm, etc., this application does not specifically limit this.
当然,共享密钥也可以采用其它协商方式实现,如由第一物联网设备生成,并加密发送至第二物联网设备,由第二物联网设备解密获得,或者由第二物联网设备生成并加密发送至第一物联网设备,由第一物联网设备解密获得等,或者第一物联网设备以及第二物联网设备均按照约定算法生成等,本申请对此不进行具体限制。Of course, the shared key can also be realized by other negotiation methods, such as being generated by the first IoT device, encrypted and sent to the second IoT device, and decrypted by the second IoT device, or generated by the second IoT device and sent to the second IoT device. The encrypted data is sent to the first IoT device and decrypted by the first IoT device, etc., or both the first IoT device and the second IoT device are generated according to the agreed algorithm, etc. This application does not impose specific restrictions on this.
202:接收第二物联网设备发送的第二密文及第二验证消息。202: Receive a second ciphertext and a second verification message sent by a second Internet of Things device.
共享密钥由第一物联网设备与第二物联网设备协商获得,第二物联网设备也会生成该共享密钥,可以基于该共享密钥,对其待发送的第二交换数据进行加密处理等,获得第二密文及第二密文的第二验证消息。The shared key is obtained through negotiation between the first IoT device and the second IoT device, and the second IoT device will also generate the shared key. Based on the shared key, the second exchange data to be sent can be encrypted etc. to obtain the second ciphertext and the second verification message of the second ciphertext.
待发送的第二交换数据可以是指第二物联网设备中待传输至第一物联网设备用于参与计算的第二数据的至少部分数据,实际应用中,在第二数据的数据量较大情况下,也可以将第二数据切分为多个第二交换数据,待发送的第二交换数据可以是指任一个未发送的第二交换数据等,第二物联网设备针对每一个第二交换数据,均可以基于共享密钥生成对应的第二密文及第二验证消息,实现以第二密文和第二验证消息的形式发送至第一物联网设备。其中,对第二交换数据的加密处理可以采用任意的对称加密算法实现,本申请对此不进行具体限定。该第二验证消息可以用以实现对第二密文的完整性保护等,其可以是第二密文的信息摘要,该信息摘要例如可以是采用MAC(Message Authentication Codes,消
息认证码)算法对第二密文生成的MAC标签等。The second exchange data to be sent may refer to at least part of the second data in the second IoT device to be transmitted to the first IoT device for participating in calculations. In practical applications, the second data has a large amount of data In some cases, the second data may also be divided into multiple second exchange data, the second exchange data to be sent may refer to any unsent second exchange data, etc., the second IoT device for each second exchange data For exchanging data, a corresponding second ciphertext and a second verification message can be generated based on the shared key, so as to be sent to the first IoT device in the form of the second ciphertext and the second verification message. Wherein, the encryption processing of the second exchange data may be realized by using any symmetric encryption algorithm, which is not specifically limited in this application. The second verification message can be used to realize the integrity protection of the second ciphertext, etc., and it can be an information digest of the second ciphertext, and the information digest can be, for example, MAC (Message Authentication Codes, information authentication code) algorithm to the second ciphertext generated MAC label and the like.
203:在第一可信执行环境中基于共享密钥对第二验证消息进行验证,并在第二验证消息验证成功之后从第二密文中解密获得第二交换数据。203: Verify the second verification message based on the shared key in the first trusted execution environment, and decrypt the second ciphertext to obtain second exchange data after the second verification message is successfully verified.
第一物联网设备可以首先对第二验证消息进行验证,若验证成功,再从第二密文中解密获得第二交换数据,验证成功可以表明第二密文是完整的未被篡改等,以保证数据安全性。若验证失败,可以认为存在安全隐患,则可以拒绝该第二密文等,此外,验证失败情况下还可以向第二物联网设备发送第一重发请求,以请求第二物联网设备重新发送该发生错误的第二交换数据等。The first IoT device can first verify the second verification message, and if the verification is successful, it can decrypt the second exchange data from the second ciphertext. If the verification is successful, it can indicate that the second ciphertext is complete and has not been tampered with, so as to ensure data security. If the verification fails, it can be considered that there is a potential safety hazard, and the second ciphertext can be rejected. In addition, if the verification fails, the first resend request can be sent to the second Internet of Things device to request the second Internet of Things device to resend The erroneous second exchange data and so on.
为了进一步提高安全性,第一物联网设备以及第二物联网设备生成共享密钥之后,可以基于该共享密钥派生获得第一会话密钥以及第二会话密钥,如可以采用KDF(密钥派生函数,key derivation function)进行派生获得。当然也可以采用和第二物联网设备约定的指定方式来派生获得,如将共享密钥分别进行不同的指定变换而获得第一会话密钥和第二会话密钥等,本申请对此不进行具体限定。第一物联网设备可以是在其第一可信执行环境从共享密钥中派生获得第一会话密钥及第二会话密钥。第二物联网设备可以利用第一会话密钥加密第二交换数据生成第二密文,利用第二会话密钥生成第二交换数据的第二验证消息等,从而该步骤203可以是:在第一可信执行环境中基于第二会话密钥对第二验证消息进行验证,并在第二验证消息验证成功之后基于第一会话密钥从第二密文中解密获得第二交换数据。例如,可以是利用第二会话密钥生成该第二密文的验证消息,若生成的验证消息与该第二验证消息相同,则表明第二密文是完整的、未被篡改等,即验证成功,实现对第二交换数据的完整性保护,进而再可以再基于第一会话密钥从第二密文中解密出第二交换数据。In order to further improve security, after the first IoT device and the second IoT device generate a shared key, they can derive the first session key and the second session key based on the shared key, such as KDF (key Derivation function, key derivation function) for derivation. Of course, it can also be obtained by deriving the specified method agreed upon with the second IoT device, such as performing different specified transformations on the shared key to obtain the first session key and the second session key, etc., which are not discussed in this application Specific limits. The first IoT device may derive the first session key and the second session key from the shared key in its first trusted execution environment. The second Internet of Things device may use the first session key to encrypt the second exchange data to generate a second ciphertext, and use the second session key to generate a second verification message for the second exchange data, etc., so that step 203 may be: In a trusted execution environment, the second verification message is verified based on the second session key, and after the second verification message is successfully verified, the second exchange data is obtained by decrypting the second ciphertext based on the first session key. For example, the verification message of the second ciphertext may be generated by using the second session key. If the generated verification message is the same as the second verification message, it indicates that the second ciphertext is complete and has not been tampered with. If it succeeds, the integrity protection of the second exchange data is realized, and then the second exchange data can be decrypted from the second ciphertext based on the first session key.
204:在第一可信执行环境中确定获得第二物联网设备对应的至少一个第二交换数据之后,基于至少一个第二交换数据执行第一处理操作,获得第一处理结果。204: After it is determined in the first trusted execution environment that at least one second exchanged data corresponding to the second Internet of Things device is obtained, execute a first processing operation based on the at least one second exchanged data, and obtain a first processing result.
由上文描述可知,第二物联网设备中参与计算的第二数据可能会切分为至少一个第二交换数据并分别发送至第一物联网设备,第一物联网设备可以按照步骤203的操作获得每一个第二交换数据,第一物联网设备可以根据获得的第二交换数据的数量来确定是否接收完成,当然,第二物联网设备发送最后一个第二交换数据时可以在第二交换数据中携带结束标识,第一物联设备可以根据解密得到的第二交换数据中是否携带结束标识来确定是否获得全部的第二交换数据等。It can be seen from the above description that the second data involved in the calculation in the second IoT device may be divided into at least one second exchange data and sent to the first IoT device respectively, and the first IoT device can follow the operation of step 203 Obtaining each second exchange data, the first IoT device can determine whether the reception is completed according to the quantity of the obtained second exchange data. Of course, when the second Internet of Things device sends the last second exchange data, it can Carrying the end identifier, the first IoT device may determine whether to obtain all the second exchange data according to whether the decrypted second exchange data carries the end identifier.
之后,第一物联网设备可以基于该至少一个第二交换数据执行相应的处理操作,为了方便描述,命名为第一处理操作,从而获得第一处理结果。当然,该至少一个第二交换数据也可以首先组合获得第二物联网设备的第二数据,进而再执行第一处理操作。Afterwards, the first Internet of Things device may perform a corresponding processing operation based on the at least one second exchanged data, which is named as a first processing operation for convenience of description, so as to obtain a first processing result. Certainly, the at least one second exchanged data may also first be combined to obtain the second data of the second Internet of Things device, and then perform the first processing operation.
可选地,在涉及多方计算场景中,第一物联网设备可能存在获取多个不同物联网设备
中的数据的需求,每一个物联网设备均可以作为第二物联网设备而采用本申请实施例的技术方案实现与第一物联网设备的数据传输,该第一物联网设备可以是基于至少一个物联网设备所发送的至少一个第二交换数据,来执行第一处理操作,从而获得的第一处理结果。本申请对第一处理操作所涉及的数据不进行具体限制,第一物联网设备可以至少基于该第二物联网设备所发送的至少一个第二交换数据而执行。Optionally, in scenarios involving multi-party computing, the first IoT device may acquire multiple different IoT devices According to the data requirements in the Internet of Things, each Internet of Things device can be used as a second Internet of Things device to implement data transmission with the first Internet of Things device using the technical solution of the embodiment of the application. The first Internet of Things device can be based on at least one The at least one second exchange data sent by the IoT device is used to execute the first processing operation, thereby obtaining the first processing result. The present application does not specifically limit the data involved in the first processing operation, and the first IoT device may execute it based at least on at least one second exchange data sent by the second IoT device.
205:将第一处理结果导出至外部执行环境。205: Export the first processing result to an external execution environment.
本实施例中,在第一可信执行环境中获得第一处理结果之后,再将第一处理结果导出至外部执行环境,第一物联网设备即可以使用该第一处理结果进行后续的操作等。由于数据加密传输,且数据解密操作在可信执行环境中执行,外部执行环境无法获得,仅将第一处理结果导出至外部执行环境,既实现了数据处理操作从而获得处理结果,且可以保证数据隐私性和安全性。In this embodiment, after the first processing result is obtained in the first trusted execution environment, the first processing result is exported to the external execution environment, and the first IoT device can use the first processing result to perform subsequent operations, etc. . Since the data is encrypted and transmitted, and the data decryption operation is performed in a trusted execution environment, the external execution environment cannot be obtained, and only the first processing result is exported to the external execution environment, which not only realizes the data processing operation to obtain the processing result, but also ensures that the data Privacy and Security.
在一个实际应用中,假设至少一个第二交换数据为第二物联网设备中的用户数据,第一物联网设备中也维护有用户数据,各自的用户数据为私有数据,该第一处理操作具体可以是统计第二物联网设备的用户数据和第一物联网设备的用户数据的共有用户数据,第一处理结果即可以为共有用户数据,仅将共有用户数据导出至外部执行环境,既可以保证数据安全性,且实现了共有用户数据确定的需求。In a practical application, assuming that at least one second exchange data is user data in the second IoT device, user data is also maintained in the first IoT device, and the respective user data are private data, the first processing operation is specifically It can be to count the shared user data of the user data of the second IoT device and the user data of the first IoT device, the first processing result can be the shared user data, and only the shared user data is exported to the external execution environment, which can ensure Data security, and realize the requirement of shared user data determination.
第一物联网设备可以外部执行环境中对第一处理结果执行进一步的处理,或者可以将第一处理结果从外部执行环境中再发送至其它处理系统以进行处理等,例如第一处理结果为共有用户数据的情况下,可以结合第二物联设备对应的特征,对共有用户数据进行个性化推荐等,当然上述仅是举例说明本申请技术方案可以适用的数据处理场景,本申请并不仅限定于此。The first IoT device may perform further processing on the first processing result in the external execution environment, or may resend the first processing result from the external execution environment to other processing systems for processing, etc., for example, the first processing result is shared In the case of user data, combined with the corresponding features of the second IoT device, personalized recommendations can be made for the shared user data. Of course, the above is just an example to illustrate the data processing scenarios that the technical solution of the present application can be applied to, and the present application is not limited to this.
为了进一步提高安全性,第二物联网设备可以维护第二计数值,该第二计数值与数据发送次数匹配。第二密文可以具体是基于第二交换数据以及第二物联网设备当前第二计数值进行加密获得;在共享密钥派生获得第一会话密钥以及第二会话密钥的情况下,可以首先将第二交换数据和当前第二计数值组合生成拼接数据,再利用第一会话密钥对该拼接数据进行加密获得第二密文。第二交换数据和第二计数值的组合格式例如可以为TLV(tag、length和value,标签、长度以及值)格式等,当然也不仅限定于此。In order to further improve security, the second IoT device may maintain a second count value, which matches the number of times data is sent. The second ciphertext can be obtained by encrypting the second exchange data and the current second count value of the second IoT device; in the case of obtaining the first session key and the second session key by deriving the shared key, it can first Combining the second exchange data and the current second count value to generate concatenated data, and then encrypting the concatenated data by using the first session key to obtain the second ciphertext. The combination format of the second exchange data and the second count value may be, for example, a TLV (tag, length, and value) format, etc., and of course it is not limited thereto.
则该在第二验证消息验证成功之后从第二密文中解密获得第二交换数据可以包括:在第二验证消息验证成功之后从第二密文中解密获得第二交换数据及第二计数值;校验该第二计数值是否正确;若该第二计数值校验成功,则保存第二交换数据,并向第二物联网设备发送第一确认请求;其中,该第一确认请求可以用于通知第二物联网设备发送下一个第二交换数据,或者结束发送流程等。Then the decryption from the second ciphertext to obtain the second exchange data after the second verification message is successfully verified may include: decrypting from the second ciphertext to obtain the second exchange data and the second count value after the second verification message is successfully verified; Check whether the second count value is correct; if the second count value is verified successfully, save the second exchange data, and send the first confirmation request to the second Internet of Things device; wherein, the first confirmation request can be used to notify The second IoT device sends the next second exchange data, or ends the sending process, and so on.
若该第二计数值校验失败,可以认为第二交换数据发生错误,可能被第三方攻击,因
此可以拒绝该第二交换数据。If the verification of the second count value fails, it can be considered that the second exchange data has an error and may be attacked by a third party. This can reject the second exchange data.
可选地,第二计数值校验失败之后,第一物联网设备还可以向第二物联网设备发送第一重发请求,以通知第二物联网设备重新发送该发生错误的第二交换数据等。当然,第一物联网设备也可以删除已接收到的第二交换数据,而结束接收流程等,或者请求第二物联网设备重新发送所有第二交换数据等。Optionally, after the verification of the second count value fails, the first IoT device may also send a first resend request to the second IoT device, so as to notify the second IoT device to resend the second exchanged data that has an error wait. Of course, the first IoT device may also delete the received second exchanged data to end the receiving process, or request the second IoT device to resend all the second exchanged data, etc.
其中,第一物联网设备校验第二计数值是否正确可以有多种实现方式,比如第二计数值与第二物理网设备发送第二交换数据的发送次数匹配,第一物联网设备每一次对第二计数值验证成功,可以累计验证次数,对第二计数值的验证可以是查看第二计数值是否与验证次数匹配等,其中,验证次数可以小于第二计数值,并与第二计数值相差数值1;又如,第二计数值与第二物理网设备发送第二交换数据的发送次数匹配,第一物联网设备每一次对第二计数值验证成功,可以保存该第二计数值,对第二计数值的校验可以是与已保存的第二计数值比较,若相差数值1,则可以认为验证成功。此外,为了进一步提高安全性,第一物联网设备也可以维护第一计数值,作为又一个实施例,校验第二计数值是否正确可以包括:Among them, the first IoT device checks whether the second count value is correct. There are many ways to implement it. For example, the second count value matches the number of times the second exchange data is sent by the second physical network device. If the verification of the second count value is successful, the number of verification times can be accumulated. The verification of the second count value can be to check whether the second count value matches the number of verification times, etc., wherein the number of times of verification can be less than the second count value, and can be compared with the second count value The value difference is 1; as another example, the second count value matches the number of times the second exchange data is sent by the second physical network device, and the first IoT device can save the second count value every time it successfully verifies the second count value , the verification of the second count value may be compared with the saved second count value, and if the difference is 1, it may be considered that the verification is successful. In addition, in order to further improve security, the first IoT device may also maintain the first count value. As yet another embodiment, checking whether the second count value is correct may include:
校验第二计数值与当前第一计数值是否相同;其中,第一计数值以及第二计数值的初始值相同,比如可以为0;Check whether the second count value is the same as the current first count value; wherein, the initial values of the first count value and the second count value are the same, such as 0;
该方法还可以包括:The method can also include:
若第二计数值校验成功,递增第一计数值;If the verification of the second count value is successful, increment the first count value;
则向第二物联网设备发送第一确认请求包括:Then sending the first confirmation request to the second Internet of Things device includes:
基于共享密钥生成第一计数值的第一加密数值及第一加密数值的第三验证消息;generating a first encrypted value of the first count value and a third verification message of the first encrypted value based on the shared key;
向第二物联网设备发送包括第一加密数值及第三验证消息的第一确认请求;第一确认请求还用于通知第二物联网设备在第三验证消息验证成功之后,基于第一加密数值中的第一计数值更新第二计数值。Send a first confirmation request including the first encrypted value and the third verification message to the second Internet of Things device; the first confirmation request is also used to notify the second Internet of Things device that after the third verification message is successfully verified, based on the first encrypted value The first count value in updates the second count value.
其中,第一物联网设备可以设置第一计数器用来生成第一计数值,第二物理网设备可以设置第二计数器用来生成第二计数值等。Wherein, the first IoT device may set a first counter to generate a first count value, and the second physical network device may set a second counter to generate a second count value, and so on.
在共享密钥派生获得第一会话密钥及第二会话密钥的情况下,可以是利用第一会话密钥对第一计数值进行加密获得第一加密数值,再利用第二会话密钥生成第一加密数值的第三验证消息。其中,第一加密数值和第三验证消息例如可以采用TLV格式组合之后再发送至第二物联网设备。In the case of obtaining the first session key and the second session key by deriving the shared key, the first count value may be encrypted using the first session key to obtain the first encrypted value, and then the second session key may be used to generate A third verification message of the first encrypted value. Wherein, the first encrypted value and the third verification message may be combined in TLV format, for example, and then sent to the second IoT device.
此外,第一物联网设备可能也会存在向第二物联网设备传输数据的需求,因此,一些实施例中,该方法还可以包括:在第一可信执行环境,基于共享密钥生成第一交换数据的
第一密文及第一密文的第一验证消息;将第一密文及第一验证消息发送至第二物联网设备;其中,第一验证消息用于第二物联网设备在第二可信执行环境中基于共享密钥进行验证,并在验证成功之后从第一密文中解密获得第一交换数据。In addition, the first IoT device may also have a need to transmit data to the second IoT device. Therefore, in some embodiments, the method may further include: in the first trusted execution environment, generating the first exchanging data The first ciphertext and the first verification message of the first ciphertext; the first ciphertext and the first verification message are sent to the second Internet of Things device; wherein, the first verification message is used by the second Internet of Things device in the second available In the letter execution environment, verification is performed based on the shared key, and the first exchange data is obtained by decrypting the first ciphertext after the verification is successful.
为了保证数据正确传输,第一物联网设备可以是在确定获得第二物联网设备对应的至少一个第二交换数据之后,执行上述发送第一交换数据的操作,并可以将第一计数值恢复为初始值等。同样第二物联网设备在至少一个第二交换数据全部发送完成之后,可以将第二计数值恢复为初始值等。In order to ensure correct data transmission, the first IoT device may perform the above operation of sending the first exchanged data after determining to obtain at least one second exchanged data corresponding to the second IoT device, and may restore the first count value to initial value etc. Likewise, the second IoT device may restore the second count value to an initial value and the like after at least one second exchange data is completely sent.
当然,第二物联网设备也可以是在确定获得第一物联网设备对应的至少一个第一交换数据之后再发送第二交换数据等。第二物联网设备确定获得第一物联网设备对应的至少一个第一交换数据之后,可以将第二计数值恢复为初始值,同样,第一物联网设备在至少一个第一交换数据全部发送完成之后,可以将第一计数值恢复为初始值等。结合上述描述可知,第一交换数据可以是将第一物联网设备需要发送至第二物联网设备以参与计算的第一数据的至少部分数据,第一数据的数据量较大情况下可以切分获得多个第一交换数据,并分别进行发送,因此该方法还可以包括:Certainly, the second Internet of Things device may also send the second exchange data and the like after determining to obtain at least one piece of first exchange data corresponding to the first Internet of Things device. After the second Internet of Things device determines to obtain at least one first exchange data corresponding to the first Internet of Things device, the second count value can be restored to the initial value. Similarly, the first Internet of Things device completes sending at least one first exchange data Afterwards, the first count value may be restored to an initial value, etc. It can be seen from the above description that the first exchange data can be at least part of the first data that the first IoT device needs to send to the second IoT device to participate in the calculation, and the first data can be divided when the data volume is large A plurality of first exchanged data are obtained and sent respectively, so the method may further include:
将第一数据切分为至少一个第一交换数据;segmenting the first data into at least one first exchange data;
则在第一可信执行环境,基于共享密钥生成第一交换数据的第一密文及第一密文的第一验证消息可以是:针对当前待发送的第一交换数据,基于共享密钥生成第一交换数据的第一密文及第一密文的第一验证消息。Then in the first trusted execution environment, generating the first ciphertext of the first exchange data and the first verification message of the first ciphertext based on the shared key may be: for the first exchange data currently to be sent, based on the shared key A first ciphertext of the first exchange data and a first verification message of the first ciphertext are generated.
当前待发送的第一交换数据可以是指第一物联网设备未发送的任一个第一交换数据,也可以是基于第二物联网设备的第二重发请求,而将最近发送的第一交换数据重新作为当前待发送的第一交换数据。待发送的第二交换数据可以是指任一个未发送的第二交换数据等,第一物联网设备针对每一个第一交换数据,均可以基于共享密钥生成对应的第一密文及第一验证消息,实现以第一密文和第一验证消息的形式发送至第二物联网设备。The first exchange data currently to be sent may refer to any first exchange data not sent by the first IoT device, or it may be based on the second resend request of the second IoT device, and the most recently sent first exchange data The data is again used as the first exchanged data to be sent currently. The second exchange data to be sent may refer to any unsent second exchange data, etc. For each first exchange data, the first IoT device may generate the corresponding first ciphertext and first ciphertext based on the shared key. The verification message is sent to the second IoT device in the form of the first ciphertext and the first verification message.
第二物联网设备可以在第二可信执行环境确定获得第一物联网设备的至少一个第一交换数据之后,再基于该至少一个第一交换数据执行第二处理操作获得第二处理结果,并将第二处理结果导出至外部执行环境。第二物联网设备在可信执行环境中解密以及进行数据处理,外部执行环境无法获得,仅将第二处理结果导出至外部执行环境,既实现了数据处理操作从而获得处理结果,且可以保证第一交换数据的数据隐私性和安全性。After the second trusted execution environment determines to obtain at least one first exchange data of the first Internet of Things device, the second IoT device may execute a second processing operation based on the at least one first exchange data to obtain a second processing result, and Export the second processing result to an external execution environment. The second IoT device decrypts and performs data processing in the trusted execution environment, and the external execution environment cannot obtain it. Only the second processing result is exported to the external execution environment, which not only realizes the data processing operation to obtain the processing result, but also guarantees the first - Data privacy and security of exchanged data.
其中,在共享密钥派生获得第一会话密钥以及第二会话密钥的情况下,在第一可信执行环境,基于共享密钥生成第一交换数据的第一密文及第一密文的第一验证消息可以是:在第一可信执行环境,利用第一会话密钥将第一交换数据加密为第一密文,利用第二会话密钥生成第一密文的第一验证消息。Wherein, when the shared key is derived to obtain the first session key and the second session key, in the first trusted execution environment, the first ciphertext and the first ciphertext of the first exchange data are generated based on the shared key The first verification message of can be: in the first trusted execution environment, the first exchange data is encrypted into the first ciphertext by using the first session key, and the first verification message of the first ciphertext is generated by using the second session key .
此外,为了进一步保证数据安全性,第一物联网设备可以是基于共享密钥将第一交换
数据以及当前第一计数值加密生成第一密文,以及生成第一密文的第一验证消息,第二物联网设备对第一验证消息验证成功之后,从第一密文中解密获得第一交换数据和第一计数值,首先校验第一计数值是否正确,校验成功之后可以保存该第一交换数据,还可以向第一物联网设备发送第二确认请求,否则可以拒绝该第一交换数据,还可以向第一物联网设备发送第二重发请求。具体校验方式,例如可以是校验第一计数值与当前第二计数值是否相同,若相同,则递增第二计数值,并利用共享密钥将第二计数值加密生成第二加密数值以及生成第二加密数值的第四验证消息,第二确认请求中可以包括该第二加密数值和第四验证消息,第一物联网设备在对第四验证消息验证成功之后,可以从第二加密数值中解密获得该第二计数值,并可以利用第二计数值更新当前第一计数值。之后,第一物联网设备可以继续发送下一个第一交换数据或者结束发送流程等。第一物联网设备在发送最后一个第一交换数据中,可以在第一交换数据中添加结束标识之后再加密,从而第二物联网设备可以基于结束标识确定是否接收完成,进而可以执行第一处理操作等。In addition, in order to further ensure data security, the first IoT device may exchange the first The data and the current first count value are encrypted to generate the first ciphertext, and the first verification message of the first ciphertext is generated. After the second IoT device successfully verifies the first verification message, it decrypts the first ciphertext to obtain the first exchange Data and the first count value, first check whether the first count value is correct, after the verification is successful, the first exchange data can be saved, and a second confirmation request can be sent to the first IoT device, otherwise the first exchange can be rejected data, and may also send a second retransmission request to the first IoT device. The specific verification method, for example, can be to verify whether the first count value is the same as the current second count value, if they are the same, increment the second count value, and use the shared key to encrypt the second count value to generate a second encrypted value and Generate a fourth verification message of the second encrypted value. The second confirmation request may include the second encrypted value and the fourth verification message. After the first IoT device successfully verifies the fourth verification message, it may obtain the second encrypted value The second count value is obtained by decrypting in the middle, and the current first count value can be updated by using the second count value. Afterwards, the first IoT device may continue to send the next first exchange data or end the sending process. When sending the last first exchange data, the first IoT device may add an end identifier to the first exchange data before encrypting, so that the second Internet of Things device can determine whether the reception is complete based on the end identifier, and then execute the first processing operation etc.
下面从第二物联网设备的角度对本申请技术方案进行介绍,图3为本申请实施例提供的一种数据处理方法又一个实施例的流程图,本实施例的技术方案由第二物联网设备执行,该方法可以包括以下几个步骤:The following describes the technical solution of this application from the perspective of the second Internet of Things device. Figure 3 is a flow chart of another embodiment of a data processing method provided by the embodiment of this application. The technical solution of this embodiment is provided by the second Internet of Things device To execute, the method may include the following steps:
301:确定与第一物联网设备协商生成共的享密钥。301: Determine to negotiate with the first IoT device to generate a shared key.
可选地,第二物联网设备可以创建第二可信执行环境,可以是在第二可信执行环境中与第一物联网设备协商生成共享密钥。Optionally, the second Internet of Things device may create a second trusted execution environment, and may negotiate with the first Internet of Things device to generate a shared key in the second trusted execution environment.
第一物联网设备可以是在第一可信执行环境协商生成该共享密钥。共享密钥的生成方式在前文实施例中已进行了描述,此处不再重复赘述。该共享密钥可以预先协商生成,也可以在发送第二数据时实时生成等,本申请对此不进行限定。The first IoT device may generate the shared key through negotiation in the first trusted execution environment. The way of generating the shared key has been described in the foregoing embodiments, and will not be repeated here. The shared key may be generated through pre-negotiation, or may be generated in real time when the second data is sent, which is not limited in this application.
302:基于共享密钥生成第二交换数据的第二密文及第二密文的第二验证消息。302: Generate a second ciphertext of the second exchange data and a second verification message of the second ciphertext based on the shared key.
可选地,第二物联网设备可以从共享密钥中派生获得第一会话密钥及第二会话密钥。可以是利用第一会话密钥对第二交换数据进行加密生成第二密文,利用第二会话密钥生成第二密文的第二验证消息。Optionally, the second IoT device may derive the first session key and the second session key from the shared key. It may be that the first session key is used to encrypt the second exchange data to generate the second ciphertext, and the second session key is used to generate the second verification message of the second ciphertext.
303:将第二密文及第二验证消息发送至第一物联网设备。303: Send the second ciphertext and the second verification message to the first IoT device.
其中,第一物联网设备用于在第一可信执行环境中基于共享密钥对第二密文的验证消息进行验证,并在验证成功之后从第二密文中解密获得第二交换数据,并基于至少一个第二交换数据,执行第二处理操作获得第二处理结果,将第二处理结果导出至外部执行环境。Wherein, the first IoT device is used to verify the verification message of the second ciphertext based on the shared key in the first trusted execution environment, and decrypt the second ciphertext to obtain the second exchange data after the verification is successful, and Based on at least one second exchange data, execute a second processing operation to obtain a second processing result, and export the second processing result to an external execution environment.
本实施例中,由于数据加密传输,且数据解密操作在第一物联网设备的可信执行环境中执行,外部执行环境无法获得,仅将第一处理结果导出至外部执行环境,既实现了数据处理操作从而获得处理结果,且可以保证数据隐私性和安全性。
In this embodiment, since the data is encrypted for transmission, and the data decryption operation is performed in the trusted execution environment of the first IoT device, the external execution environment cannot be obtained, and only the first processing result is exported to the external execution environment, which realizes data Processing operations to obtain processing results, and data privacy and security can be guaranteed.
一些实施例中,该方法还可以包括:In some embodiments, the method may also include:
将第二数据切分为至少一个第二交换数据;segmenting the second data into at least one second exchange data;
则基于共享密钥生成第二交换数据的第二密文及第二密文的验证消息可以是:针对当前待发送的第二交换数据,利用共享密钥,将第二交换数据加密生成第二密文以及生成第二密文的第二验证消息。Then, based on the shared key, the second ciphertext of the second exchange data and the verification message of the second ciphertext may be: for the second exchange data currently to be sent, use the shared key to encrypt the second exchange data to generate the second ciphertext. The ciphertext and the second verification message for generating the second ciphertext.
可选地,为了进一步提高安全性,该针对当前待发送的第二交换数据,利用共享密钥,将第二交换数据加密生成第二密文以及生成第二密文的第二验证消息可以是:Optionally, in order to further improve security, for the second exchange data currently to be sent, using a shared key, encrypting the second exchange data to generate a second ciphertext and generating a second verification message of the second ciphertext may be :
针对当前待发送的第二交换数据,将第二交换数据及当前的第一计数值加密生成第二密文以及生成第二密文的第二验证消息;第一计数值用于第一物联网设备进行校验。For the second exchange data currently to be sent, encrypt the second exchange data and the current first count value to generate a second ciphertext and generate a second verification message of the second ciphertext; the first count value is used for the first Internet of Things The device is calibrated.
一些实施例中,该方法还可以包括:In some embodiments, the method may also include:
接收到第一物联网设备发送的第一确认请求,将未发送的第二交换数据作为待发送的第二交换数据;其中,第一确认请求为第一物联网设备在第一计数值校验成功时发送;After receiving the first confirmation request sent by the first IoT device, the unsent second exchange data is used as the second exchange data to be sent; wherein, the first confirmation request is the verification of the first count value by the first IoT device send on success;
接收到第一物联网设备发送的第一重发请求,将最近发送的第二交换数据重新作为待发送的第二交换数据;其中,第一重发请求为第一物联网设备在第二计数值校验失败或者第二验证消息验证失败时发送。After receiving the first retransmission request sent by the first IoT device, the most recently sent second exchange data is re-used as the second exchange data to be sent; wherein, the first retransmission request is that the first IoT device counts Sent when the value verification fails or the verification of the second verification message fails.
其中,第一物联网设备对第二计数值的校验在前文已进行详细论述,此处不再赘述。在其中一种校验方式中,第一物联网设备可以维护第一计数值,第二物联网设备可以维护第二计数值,第一计数值与第二计数值的初始值相同,第一物联网设备可以具体是校验第二计数值与其当前第一计数值是否相同,校验成功之后,可以递增该第一计数值,并基于共享密钥对该递增之后的第一计数值进行加密生成第一加密数值以及第三验证消息,第一物联网设备发送的第一确认请求即可以包括该第一加密数值以及第三验证消息,因此,一些实施例中,该方法还可以包括:接收到第一物联网设备发送的第一确认请求,基于共享密钥对确认请求中的第一加密数值的第三验证消息进行验证,并在验证成功之后从第一加密数值中解密获得第一计数值;利用第一计数值更新第二计数值。Wherein, the verification of the second count value by the first Internet of Things device has been discussed in detail above, and will not be repeated here. In one of the verification methods, the first IoT device can maintain the first count value, the second IoT device can maintain the second count value, the first count value is the same as the initial value of the second count value, and the first IoT The networked device can specifically check whether the second count value is the same as the current first count value. After the verification is successful, the first count value can be incremented, and the incremented first count value can be encrypted based on the shared key to generate The first encrypted value and the third verification message. The first confirmation request sent by the first IoT device may include the first encrypted value and the third verification message. Therefore, in some embodiments, the method may further include: receiving The first confirmation request sent by the first Internet of Things device verifies the third verification message of the first encrypted value in the confirmation request based on the shared key, and decrypts the first encrypted value to obtain the first count value after the verification is successful ; Update the second count value with the first count value.
此外,第一物联网设备可能也会存在向第二物联网设备传输数据的需求,因此,一些实施例中,该方法还可以包括:In addition, the first IoT device may also have a need to transmit data to the second IoT device, therefore, in some embodiments, the method may further include:
接收第一物联网设备发送的第一密文及对应的第一验证消息;Receive the first ciphertext and the corresponding first verification message sent by the first IoT device;
在第二可信执行环境中基于共享密钥对第一密文的第一验证消息进行验证,并在第一验证消息验证成功之后,从第一密文中解密获得第一交换数据;Verifying the first verification message of the first ciphertext based on the shared key in the second trusted execution environment, and after the first verification message is successfully verified, decrypting from the first ciphertext to obtain the first exchange data;
在第二可信执行环境中确定获得第一物联网设备对应的至少一个第一交换数据之后,
基于至少一个第一交换数据执行第二处理操作,并将第二处理结果导出至外部执行环境。After determining to obtain at least one first exchange data corresponding to the first IoT device in the second trusted execution environment, A second processing operation is performed based on the at least one first exchange data, and a result of the second processing is exported to an external execution environment.
其中,为了保证数据正确传输,第一物联网设备可以是在全部接收到第二物联网设备的至少一个第二交换数据之后,在执行发送第一交换数据的操作;或者第二物联网设备可以是在全部接收到第一物联网设备的至少一个第一交换数据之后,再执行发送第二交换数据的操作。Wherein, in order to ensure correct data transmission, the first IoT device may perform the operation of sending the first exchanged data after receiving at least one second exchanged data from the second IoT device; or the second IoT device may The operation of sending the second exchange data is performed after at least one piece of first exchange data from the first Internet of Things device is all received.
为了进一步提高安全性,第一密文可以是基于第一交换数据以及当前第一计数值加密获得,在第一验证消息验证成功之后,从第一密文中解密获得第一交换数据可以是:In order to further improve security, the first ciphertext may be obtained by encrypting the first exchange data and the current first count value. After the first verification message is successfully verified, decrypting the first ciphertext to obtain the first exchange data may be:
校验该第一计数值是否正确;若该第一计数值校验成功,则保存第一交换数据,并向第一物联网设备发送第二确认请求;其中,该第二确认请求可以用于通知第一物联网设备发送下一个第二交换数据,或者结束发送流程等。Check whether the first count value is correct; if the first count value is successfully verified, save the first exchange data, and send a second confirmation request to the first Internet of Things device; wherein, the second confirmation request can be used for Notifying the first IoT device to send the next second exchange data, or ending the sending process, etc.
若该第二计数值校验失败,可以认为第一交换数据发生错误,可能被第三方攻击,因此可以拒绝该第二交换数据。If the verification of the second count value fails, it can be considered that the first exchange data has an error and may be attacked by a third party, so the second exchange data can be rejected.
可选地,第一计数值校验失败之后,可以向第一物联网设备发送第二重发请求,以通知第一物联网设备重新发送该发生错误的第一交换数据等。Optionally, after the verification of the first count value fails, a second resend request may be sent to the first Internet of Things device, so as to notify the first Internet of Things device to resend the erroneous first exchange data and the like.
为了进一步提高安全性,该校验第一计数值是否正确包括:校验第一计数值与当前第二计数值是否相同;其中,第一计数值以及第二计数值的初始值相同,比如可以为0;该方法还可以包括:In order to further improve security, the checking whether the first count value is correct includes: checking whether the first count value is the same as the current second count value; wherein, the initial values of the first count value and the second count value are the same, for example, is 0; the method can also include:
若第一计数值校验成功,则递增第二计数值;If the verification of the first count value is successful, the second count value is incremented;
则向第二物联网设备发送第二确认请求包括:Then sending the second confirmation request to the second Internet of Things device includes:
基于共享密钥生成第二计数值的第二加密数值及第二加密数值的第四验证消息;generating a second encrypted value of the second count value and a fourth verification message of the second encrypted value based on the shared key;
向第一物联网设备发送包括第二加密数值及第四验证消息的第二确认请求;第二确认请求还用于通知第一物联网设备在第四验证消息验证成功之后,基于第二加密数值中的第二计数值更新第一计数值。Send a second confirmation request including a second encrypted value and a fourth verification message to the first IoT device; the second confirmation request is also used to notify the first IoT device that after the fourth verification message is successfully verified, based on the second encrypted value The second count value in updates the first count value.
上述图3所示实施例及其相关实施例中的相同或相似步骤已在图2所示实施例及其相关实施例中进行了详细描述,此处不再重复赘述。The same or similar steps in the above embodiment shown in FIG. 3 and its related embodiments have been described in detail in the embodiment shown in FIG. 2 and its related embodiments, and will not be repeated here.
下面以物联网场景为例,结合图1b所示的系统架构图,假设第一物联网设备为设备A,第二设物联网设备为设备B,对本申请实施例的技术方案进行整体介绍。Taking the Internet of Things scenario as an example, combined with the system architecture diagram shown in Figure 1b, assuming that the first Internet of Things device is Device A, and the second Internet of Things device is Device B, an overall introduction to the technical solution of the embodiment of the present application is given.
假设设备A以及设备B存在互相交换数据的需求。Assume that device A and device B need to exchange data with each other.
设备A以及设备B可以分别在各自的可信执行环境中进行密钥协商,生成共享密钥,并将共享密钥进行密钥派生获得两个会话密钥:第一会话密钥以及第二会话密钥。
Device A and device B can carry out key negotiation in their respective trusted execution environments, generate a shared key, and use the shared key for key derivation to obtain two session keys: the first session key and the second session key key.
其中,该共享密钥可以预先生成,当然也可以在进行数据交换时实时生成,每一次数据交换生成的共享密钥可以相同,也可以不同。Wherein, the shared key may be generated in advance, and of course, may also be generated in real time during data exchange, and the shared key generated for each data exchange may be the same or different.
设备B可以将需要发送的第二数据切分为多个第二交换数据,设备B对每个第二交换数据的传输处理方式相同。The device B may divide the second data to be sent into multiple second exchange data, and the device B transmits and processes each second exchange data in the same way.
设备A在其内存中可以维护一个计数器A,设备B在其内存中可以维护一个计数器B,计数器A以及计数器B的初始值相同,例如可以为0。Device A may maintain a counter A in its memory, and device B may maintain a counter B in its memory. The initial values of counter A and counter B are the same, for example, may be 0.
针对待发送的一个第二交换数据,设备B在其第二可信执行环境中,将第二交换数据与当前计数器B的第二计数值组合之后进行加密,生成第二密文,并利用第二会话密钥生成第二密文的第二验证消息。设备B将第二密文和第二验证消息组合之后,可以经由第一代理系统以及第二代理系统而发送至设备A。For a second exchange data to be sent, device B, in its second trusted execution environment, encrypts the second exchange data and the second count value of the current counter B, generates a second ciphertext, and uses the second The second session key generates a second authentication message of a second ciphertext. After device B combines the second ciphertext and the second verification message, it may send it to device A via the first proxy system and the second proxy system.
设备A接收到第二密文以及第二验证消息之后,导入其第一可信执行环境中,在第一可信执行环境中利用第二会话密钥对第二验证消息进行验证,验证成功,利用第一会话密钥从第二密文中解密获得第二交换数据和第二计数值,之后,校验第二计数值与计数器A的当前第一计数值是否相同,若相同,则可以递增该第一计数值,并利用第一会话密钥生成第一计数值的第一加密值以及利用第二会话密钥生成第一加密值的第三验证消息,之后,可以经由第一代理系统以及第二代理系统向设备B发送包含该第一加密值和该第三验证消息的第一确认请求。而若第二计数值与当前第一计数值不同,则可以拒绝该第二交换数据,并可以经由第二代理系统以及第二代理系统向设备A发送第一重发请求。After receiving the second ciphertext and the second verification message, device A imports it into its first trusted execution environment, uses the second session key to verify the second verification message in the first trusted execution environment, and the verification is successful. Use the first session key to decrypt the second ciphertext to obtain the second exchange data and the second count value. After that, check whether the second count value is the same as the current first count value of counter A. If they are the same, the value can be incremented. first count value, and use the first session key to generate the first encrypted value of the first count value and use the second session key to generate the third verification message of the first encrypted value, after that, the first proxy system and the second The second proxy system sends to device B a first confirmation request containing the first encrypted value and the third verification message. And if the second count value is different from the current first count value, the second exchange data may be rejected, and the first retransmission request may be sent to device A via the second proxy system and the second proxy system.
设备B若接收到第一确认请求之后,利用第二会话密钥对第三验证消息进行验证,验证通过之后,利用第一会话密钥从第一加密值中解密得到第一计数值,并将当前第二计数值更新为该第一计数值之后,可以将未发送的一个第二交换数据作为待发送的一个第二交换数据执行上述流程,若待发送的第二交换数据为最后一个第二交换数据的情况下,设备B还可以在该第二交换数据中添加结束标识,从而设备A可以基于该结束标识确定第二数据是否接收完成等,进而在接收完成的情况下,再对接收到的至少一个第二交换数据执行第一处理操作得到第一处理结果,仅将第一处理结果导出至外部执行环境,从而实现对第二数据进行安全处理的目的。If device B receives the first confirmation request, it uses the second session key to verify the third verification message. After the verification is passed, it uses the first session key to decrypt the first encrypted value to obtain the first count value, and sends After the current second counting value is updated to the first counting value, the above process can be performed with the unsent second exchanged data as the second exchanged data to be sent. If the second exchanged data to be sent is the last second In the case of exchanging data, device B can also add an end identifier to the second exchange data, so that device A can determine whether the second data has been received or not based on the end identifier, and then when the receiving is completed, it can then check the received Execute the first processing operation on the at least one second exchange data to obtain the first processing result, and only export the first processing result to the external execution environment, so as to achieve the purpose of safely processing the second data.
设备B若接收到第一重发请求,可以将最近发送的一个第二交换数据重新作为待发送的第二交换数据执行上述流程等。If device B receives the first retransmission request, it may re-execute the above process and the like by using the most recently sent second exchange data as the second exchange data to be sent.
设备A确定接收完成设备B的第二数据之后,若存在向设备B发送数据的需求,此时设备A以及设备B可以将各自的计数器恢复至初始值0。After the device A determines that the second data of the device B has been received, if there is a need to send data to the device B, the device A and the device B can reset their respective counters to an initial value of 0 at this time.
设备A将需要发送的第一数据切分为多个第一交换数据,设备A对每个第一交换数据的传输处理方式相同。Device A divides the first data to be sent into multiple first exchanged data, and device A transmits and processes each first exchanged data in the same way.
针对待发送的一个第一交换数据,设备A在其第一可信执行环境中,将第一交换数据
与当前计数器A的第一计数值组合之后进行加密,生成第一密文,并利用第二会话密钥生成第一密文的第一验证消息。设备A可以经由第一代理系统以及第二代理系统将第一密文和第一验证消息组合之后发送至设备B。For a first exchange data to be sent, device A sends the first exchange data in its first trusted execution environment After being combined with the first count value of the current counter A, encryption is performed to generate a first ciphertext, and a first verification message of the first ciphertext is generated by using the second session key. Device A may send to device B after combining the first ciphertext and the first verification message via the first proxy system and the second proxy system.
设备B接收到第一密文以及第一验证消息之后,导入其第二可信执行环境中,在第二可信执行环境中利用第二会话密钥对第一验证消息进行验证,验证成功,利用第一会话密钥从第一密文中解密获得第一交换数据和第一计数值,之后,校验第一计数值与计数器B的当前第二计数值是否相同,若相同,则可以递增该第二计数值,并利用第一会话密钥生成第二计数值的第二加密值以及利用第二会话密钥生成第二加密值的第四验证消息,之后,可以经由第一代理系统以及第二代理系统向设备A发送包含该第二加密值和该第四验证消息的第二确认请求。而若第一计数值与当前第二计数值不同,则可以拒绝该第一交换数据,并可以经由第一代理系统以及第二代理系统向设备A发送第二重发请求。After receiving the first ciphertext and the first verification message, device B imports it into its second trusted execution environment, uses the second session key to verify the first verification message in the second trusted execution environment, and the verification is successful. Use the first session key to decrypt the first ciphertext to obtain the first exchange data and the first count value. After that, check whether the first count value is the same as the current second count value of counter B. If they are the same, the value can be incremented. second count value, and use the first session key to generate a second encrypted value of the second count value and use the second session key to generate a fourth verification message of the second encrypted value, after which, the first proxy system and the second The second proxy system sends to device A a second confirmation request including the second encrypted value and the fourth verification message. And if the first count value is different from the current second count value, the first exchange data may be rejected, and a second retransmission request may be sent to device A via the first proxy system and the second proxy system.
设备A若接收到第二确认请求之后,利用第二会话密钥对第四验证消息进行验证,验证通过之后,利用第一会话密钥从第二加密值中解密得到第二计数值,并将当前第一计数值更新为该第二计数值之后,可以将未发送的一个第一交换数据作为待发送的第一交换数据执行上述流程,若待发送的第一交换数据为最后一个第一交换数据的情况下,设备A还可以在该第一交换数据中添加结束标识,从而设备B可以基于该结束标识确定第一数据是否接收完成等,进而在接收完成的情况下,再对接收到的至少一个第一交换数据执行第二处理操作得到第二处理结果,仅将第二处理结果导出至外部执行环境,从而实现对第一数据进行安全处理目的。If device A receives the second confirmation request, it uses the second session key to verify the fourth verification message. After the verification is passed, it uses the first session key to decrypt the second encrypted value to obtain the second count value, and sends After the current first count value is updated to the second count value, the above-mentioned process can be performed with the unsent first exchange data as the first exchange data to be sent. If the first exchange data to be sent is the last first exchange data In the case of data, device A can also add an end identifier to the first exchanged data, so that device B can determine whether the first data has been received based on the end identifier, and then when the reception is completed, the received At least one first exchange data performs a second processing operation to obtain a second processing result, and only the second processing result is exported to an external execution environment, so as to achieve the purpose of safely processing the first data.
设备A若接收到第二重发请求,可以将最近发送的一个第一交换数据重新作为待发送的第二交换数据执行上述流程等。If device A receives the second retransmission request, it may use the most recently sent first exchange data as the second exchange data to be sent to perform the above process and so on.
实际应用中,比如设备A以及设备B分别属于不同的企业方设备,例如可以是指物联网中的网关设备,企业方A在设备A中维护了其下会员的用户信息,如通讯号码,企业方B在设备B中维护了其下会员的员工信息,如通讯号码;企业方A和企业方B的员工信息为私有数据,保密要求较高,目前存在需要统计企业方A和企业方B共有会员的目的,此时需要企业方A和企业方B交换全部会员的用户信息,并求用户交集以确定共有会员的目的,而采用本申请实施例的技术方案,数据不仅加密传输并在可信执行环境中执行用户交集的运算,从而确定出共有会员的用户信息,仅将共有会员的用户信息导出外部执行环境,由于共有会员的用户信息为企业方A和企业方B本身已有数据,因此保证了数据安全性,企业方A以及企业方B即可以针对共有会员的用户信息进行进一步处理操作,例如企业方A可以结合企业方B的特征,确定针对共有会员的个性化推荐信息,并基于共有会员的用户信息,将个性推荐信息进行推送等。In practical applications, for example, device A and device B belong to different enterprise devices, such as gateway devices in the Internet of Things. Enterprise A maintains the user information of its members in device A, such as communication numbers. B maintains the employee information of its members in device B, such as communication numbers; the employee information of enterprise A and enterprise B is private data, and the confidentiality requirements are high. Currently, there is a need to count the total members of enterprise A and enterprise B. At this time, enterprise A and enterprise B need to exchange the user information of all members, and seek the intersection of users to determine the purpose of common members. However, by adopting the technical solution of the embodiment of this application, the data is not only encrypted and transmitted, but also executed in a trusted manner. The calculation of user intersection is performed in the environment to determine the user information of the shared members, and only the user information of the shared members is exported to the external execution environment. Since the user information of the shared members is the existing data of enterprise A and enterprise B, it is guaranteed To ensure data security, enterprise A and enterprise B can further process the user information of shared members. For example, enterprise A can combine the characteristics of enterprise B to determine personalized recommendation information for shared members, and based on shared Member's user information, push personalized recommendation information, etc.
通过本申请实施例的技术方案,数据加密传输且在可信执行环境中进行加密和解密以及数据处理等,从而既实现了数据处理且保证了数据安全性。
Through the technical solutions of the embodiments of the present application, data is encrypted for transmission, encryption, decryption, and data processing are performed in a trusted execution environment, thereby realizing data processing and ensuring data security.
图4为本申请实施例提供的一种数据处理装置一个实施例的结构示意图,该装置可以包括:Fig. 4 is a schematic structural diagram of an embodiment of a data processing device provided in an embodiment of the present application, the device may include:
第一确定模块401,用于确定在第一可信执行环境中与第二物联网设备协商生成的共享密钥;The first determination module 401 is configured to determine the shared key generated through negotiation with the second IoT device in the first trusted execution environment;
第一接收模块402,用于接收第二物联网设备发送的第二密文及第二验证消息;The first receiving module 402 is configured to receive the second ciphertext and the second verification message sent by the second IoT device;
第一验证模块403,用于在第一可信执行环境中基于共享密钥对第二验证消息进行验证,并在第二验证消息验证成功之后从第二密文中解密获得第二交换数据;The first verification module 403 is configured to verify the second verification message based on the shared key in the first trusted execution environment, and decrypt the second exchange data from the second ciphertext after the second verification message is successfully verified;
第一处理模块404,用于在第一可信执行环境中确定获得第二物联网设备对应的至少一个第二交换数据之后,基于至少一个第二交换数据执行第一处理操作获得第一处理结果,并将第一处理结果导出至外部执行环境。The first processing module 404 is configured to perform a first processing operation based on the at least one second exchange data to obtain a first processing result after determining to obtain at least one second exchange data corresponding to the second Internet of Things device in the first trusted execution environment , and export the first processing result to an external execution environment.
在某些实施例中,第二密文基于第二交换数据以及当前第二计数值加密获得;In some embodiments, the second ciphertext is encrypted and obtained based on the second exchange data and the current second count value;
该第一验证模块在第二验证消息验证成功之后从第二密文中解密获得第二交换数据包括:在第二验证消息验证成功之后从第二密文中解密获得第二交换数据及第二计数值;校验第二计数值是否正确;若第二计数值校验成功,保存第二交换数据,并向第二物联网设备发送第一确认请求;若第二计数值校验失败,拒绝第二交换数据。The first verification module decrypts the second ciphertext to obtain the second exchange data after the second verification message is successfully verified, including: after the second verification message is successfully verified, decrypts the second ciphertext to obtain the second exchange data and the second count value ;Check whether the second count value is correct; if the second count value is successfully verified, save the second exchange data, and send the first confirmation request to the second IoT device; if the second count value fails to verify, reject the second Exchange data.
在某些实施例中,第一验证模块校验第二计数值是否正确包括:校验第二计数值与当前第一计数值是否相同;其中,第一计数值以及第二计数值的初始值相同;In some embodiments, the first verification module checking whether the second count value is correct includes: checking whether the second count value is the same as the current first count value; wherein, the initial value of the first count value and the second count value same;
该装置还可以包括:The device can also include:
第一更新模块,用于若第二计数值校验成功,递增第一计数值;The first update module is used to increment the first count value if the verification of the second count value succeeds;
第一验证模块向第二物联网设备发送第一确认请求包括:基于共享密钥生成第一计数值的第一加密数值及第一加密数值的第三验证消息;向第二物联网设备发送包括第一加密数值及第三验证消息的第一确认请求;第一确认请求还用于通知第二物联网设备在第三验证消息验证成功之后,基于第一加密数值中的第一计数值更新第二计数值。Sending the first confirmation request to the second Internet of Things device by the first verification module includes: generating the first encrypted value of the first count value and the third verification message of the first encrypted value based on the shared key; sending to the second Internet of Things device including The first confirmation request for the first encrypted value and the third verification message; the first confirmation request is also used to notify the second Internet of Things device to update the first count value based on the first count value in the first encrypted value after the third verification message is successfully verified. Second count value.
在某些实施例中,该装置还可以包括:In some embodiments, the device may also include:
第一派生模块,用于在第一可信执行环境中从共享密钥中派生获得第一会话密钥及第二会话密钥;The first derivation module is used to obtain the first session key and the second session key from the shared key in the first trusted execution environment;
第一验证模块具体用于在第一可信执行环境中基于第二会话密钥对第二验证消息进行验证,并在第二验证消息验证成功之后基于第一会话密钥从第二密文中解密获得第二交换数据。The first verification module is specifically configured to verify the second verification message based on the second session key in the first trusted execution environment, and decrypt the second ciphertext based on the first session key after the second verification message is successfully verified. Obtain the second exchange data.
在某些实施例中,该装置还可以包括:
In some embodiments, the device may also include:
第一加密模块,用于在第一可信执行环境,基于共享密钥生成第一交换数据的第一密文及第一密文的第一验证消息;The first encryption module is configured to generate a first ciphertext of the first exchange data and a first verification message of the first ciphertext based on the shared key in the first trusted execution environment;
第一发送模块,用于将第一密文及第一验证消息发送至第二物联网设备;其中,第一验证消息用于第二物联网设备在第二可信执行环境中基于共享密钥进行验证,并在验证成功之后从第一密文中解密获得第一交换数据。The first sending module is configured to send the first ciphertext and the first verification message to the second Internet of Things device; wherein, the first verification message is used by the second Internet of Things device based on the shared key in the second trusted execution environment Perform verification, and decrypt the first ciphertext to obtain the first exchange data after the verification is successful.
图4所述的数据处理装置可以执行图2所示实施例所述的数据处理方法,其实现原理和技术效果不再赘述。对于上述实施例中的数据处理装置其中各个模块、单元执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。The data processing device shown in FIG. 4 can execute the data processing method described in the embodiment shown in FIG. 2 , and its implementation principles and technical effects will not be repeated here. The specific manner of performing operations by each module and unit of the data processing device in the above embodiment has been described in detail in the embodiment of the method, and will not be described in detail here.
图5为本申请实施例提供的一种数据处理装置又一个实施例的结构示意图,该装置可以包括:Fig. 5 is a schematic structural diagram of another embodiment of a data processing device provided in an embodiment of the present application, the device may include:
第二确定模块501,用于确定与第一物联网设备协商生成的共享密钥;The second determination module 501 is configured to determine the shared key generated through negotiation with the first IoT device;
第二加密模块502,用于基于共享密钥生成第二交换数据的第二密文及第二密文的第二验证消息;The second encryption module 502 is configured to generate a second ciphertext of the second exchange data and a second verification message of the second ciphertext based on the shared key;
第二发送模块503,用于将第二密文及第二验证消息发送至第一物联网设备;第一物联网设备用于在第一可信执行环境中基于共享密钥对第二密文的第二验证消息进行验证,并在验证成功之后从第二密文中解密获得第二交换数据。The second sending module 503 is configured to send the second ciphertext and the second verification message to the first IoT device; the first IoT device is used to verify the second ciphertext based on the shared key in the first trusted execution environment The second verification message is verified, and after the verification is successful, it is decrypted from the second ciphertext to obtain the second exchange data.
在某些实施例中,该装置还可以包括:In some embodiments, the device may also include:
切分处理模块,用于将第二数据切分为至少一个第二交换数据;A segmentation processing module, configured to segment the second data into at least one second exchange data;
第二加密模块具体用于针对当前待发送的第二交换数据,利用共享密钥,将第二交换数据及当前第二计数值加密生成第二密文以及生成第二密文的第二验证消息;第二计数值用于第一物联网设备进行校验。The second encryption module is specifically used to encrypt the second exchange data and the current second count value to generate a second ciphertext and generate a second verification message of the second ciphertext for the second exchange data currently to be sent, using a shared key ; The second count value is used for verification by the first IoT device.
在某些实施例中,该第二处理模块还用于接收到第一物联网设备发送的第一确认请求,将未发送的第二交换数据作为待发送的第二交换数据;其中,第一确认请求为第一物联网设备在第一计数值验证成功时发送;接收到第一物联网设备发送的第一重发请求,将最近发送的第二交换数据重新作为待发送的第二交换数据;其中,第一重发请求为第一物联网设备在第一计数值校验失败或者第二验证消息验证失败时发送。In some embodiments, the second processing module is further configured to receive the first confirmation request sent by the first IoT device, and use the unsent second exchange data as the second exchange data to be sent; wherein, the first The confirmation request is sent by the first IoT device when the verification of the first count value is successful; the first retransmission request sent by the first IoT device is received, and the second exchange data sent most recently is re-used as the second exchange data to be sent ; Wherein, the first resending request is sent by the first IoT device when the verification of the first count value fails or the verification of the second verification message fails.
在某些实施例中,该装置还可以包括:第二更新模块,用于接收到第一物联网设备发送的第一确认请求,基于共享密钥对第一确认请求中的第三验证消息进行验证,并在验证成功之后从第一确认请求中的第一加密数值中解密获得第一计数值;第一计数值与第二计数值的初始值相同;第一物联网设备用于在第二计数值校验成功之后递增第一计数值;利用第一计数值更新第二计数值。In some embodiments, the apparatus may further include: a second update module, configured to receive the first confirmation request sent by the first Internet of Things device, and perform the third verification message in the first confirmation request based on the shared key Verify, and after successful verification, decrypt the first encrypted value in the first confirmation request to obtain the first count value; the initial value of the first count value is the same as the initial value of the second count value; the first IoT device is used to After the count value is verified successfully, the first count value is incremented; and the second count value is updated by using the first count value.
在某些实施例中,第二确定模块具体用于确定在第二可信执行环境中与第一物联网设
备协商生成的共享密钥;In some embodiments, the second determination module is specifically configured to determine the The shared secret key generated by the device negotiation;
该装置还可以包括:The device can also include:
第二接收模块,用于接收第一物联网设备发送的第一密文及对应的第一验证消息;The second receiving module is configured to receive the first ciphertext and the corresponding first verification message sent by the first IoT device;
第二验证模块,用于在第二可信执行环境中基于共享密钥对第一验证消息进行验证,并在验证成功之后,从第一密文中解密获得第一交换数据;The second verification module is configured to verify the first verification message based on the shared key in the second trusted execution environment, and after the verification succeeds, decrypt the first ciphertext to obtain the first exchange data;
第二处理模块,用于在第二可信执行环境中确定获得第一物联网设备对应的至少一个第一交换数据之后,基于至少一个第一交换数据执行第一处理操作,并将第一处理结果导出至外部执行环境。The second processing module is configured to perform the first processing operation based on the at least one first exchange data after it is determined in the second trusted execution environment that at least one first exchange data corresponding to the first IoT device is obtained, and the first processing Results are exported to an external execution environment.
图5所述的数据处理装置可以执行图6所示实施例所述的数据处理方法,其实现原理和技术效果不再赘述。对于上述实施例中的数据处理装置其中各个模块、单元执行操作的具体方式已经在有关该方法的实施例中进行了详细描述,此处将不做详细阐述说明。The data processing device shown in FIG. 5 can execute the data processing method described in the embodiment shown in FIG. 6 , and its implementation principles and technical effects will not be repeated here. The specific manner of performing operations by each module and unit of the data processing device in the above embodiment has been described in detail in the embodiment of the method, and will not be described in detail here.
此外,本申请实施例还提供了一种物联网设备,如图6中所述,该设备包括存储组件601及处理组件602;存储组件601存储一条或多条计算机指令;In addition, the embodiment of the present application also provides an Internet of Things device, as shown in FIG. 6 , the device includes a storage component 601 and a processing component 602; the storage component 601 stores one or more computer instructions;
处理组件602通过其配置的安全单元603创建可信执行环境;The processing component 602 creates a trusted execution environment through its configured security unit 603;
所述一条或多条计算机指令供处理组件调用并执行,以实现上述图2所示实施例的数据处理方法,或者实现如上述图3所示实施例的数据处理方法。The one or more computer instructions are called and executed by the processing component to implement the data processing method of the embodiment shown in FIG. 2 above, or realize the data processing method of the embodiment shown in FIG. 3 above.
该物联网设备作为上述实施例中的第一物联网设备时,其所创建的可信执行环境即为第一可信执行环境;该物联网设备作为上述实施例中的第二物联网设备时,其所创建的可信执行环境即为第二可信执行环境。When the IoT device is used as the first IoT device in the above embodiment, the trusted execution environment created by it is the first trusted execution environment; when the IoT device is used as the second IoT device in the above embodiment , the trusted execution environment created by it is the second trusted execution environment.
其中,该处理组件可以为中央处理器,例如Intel、ARM或AMD处理等,该可信执行环境可以是基于Intel的SGS,ARM的Trustzone或AMD的PSP等所创建。Wherein, the processing component may be a central processing unit, such as Intel, ARM or AMD processing, and the trusted execution environment may be created based on Intel's SGS, ARM's Trustzone, or AMD's PSP.
此外,本申请实施例还提供了一种物联网设备,如图7中所述,该设备包括存储组件701及处理组件702;所述存储组件701存储一条或多条计算机指令;In addition, the embodiment of the present application also provides an Internet of Things device, as shown in FIG. 7 , the device includes a storage component 701 and a processing component 702; the storage component 701 stores one or more computer instructions;
所述处理组件702通过创建沙箱703以及将所述沙箱703作为可信执行环境;The processing component 702 creates a sandbox 703 and uses the sandbox 703 as a trusted execution environment;
所述一条或多条计算机指令供所述处理组件调用并执行,以实现上述图2所示实施例的数据处理方法,或者实现如上述图3所示实施例的数据处理方法。The one or more computer instructions are called and executed by the processing component to implement the data processing method of the embodiment shown in FIG. 2 above, or realize the data processing method of the embodiment shown in FIG. 3 above.
该物联网设备作为上述实施例中的第一物联网设备时,其所创建的可信执行环境即为第一可信执行环境;该物联网设备作为上述实施例中的第二物联网设备时,其所创建的可信执行环境即为第二可信执行环境。When the IoT device is used as the first IoT device in the above embodiment, the trusted execution environment created by it is the first trusted execution environment; when the IoT device is used as the second IoT device in the above embodiment , the trusted execution environment created by it is the second trusted execution environment.
此外,本申请实施例还提供了一种物联网设备,如图8中所述,该设备包括存储组件801、处理组件802以及安全元件803;所述存储组件801存储一条或多条计算机指令;
In addition, the embodiment of the present application also provides an Internet of Things device, as shown in FIG. 8 , the device includes a storage component 801, a processing component 802, and a secure element 803; the storage component 801 stores one or more computer instructions;
所述安全元件803用以创建供所述处理组件802调用的可信执行环境;The secure element 803 is used to create a trusted execution environment called by the processing component 802;
所述一条或多条计算机指令供所述处理组件调用并执行,以实现上述图2所示实施例的数据处理方法,或者实现如上述图3所示实施例的数据处理方法。The one or more computer instructions are called and executed by the processing component to implement the data processing method of the embodiment shown in FIG. 2 above, or realize the data processing method of the embodiment shown in FIG. 3 above.
该物联网设备作为上述实施例中的第一物联网设备时,其所创建的可信执行环境即为第一可信执行环境;该物联网设备作为上述实施例中的第二物联网设备时,其所创建的可信执行环境即为第二可信执行环境。When the IoT device is used as the first IoT device in the above embodiment, the trusted execution environment created by it is the first trusted execution environment; when the IoT device is used as the second IoT device in the above embodiment , the trusted execution environment created by it is the second trusted execution environment.
当然,上述的物联网设备必然还可以包括其他部件,例如输入/输出接口、通信组件等。输入/输出接口为处理组件和外围接口模块之间提供接口,上述外围接口模块可以是输出设备、输入设备等。通信组件被配置为便于物联网设备和其他设备之间有线或无线方式的通信等。Of course, the above-mentioned Internet of Things device must also include other components, such as input/output interfaces, communication components, and the like. The input/output interface provides an interface between the processing component and the peripheral interface module, and the above peripheral interface module may be an output device, an input device, and the like. The communication component is configured to facilitate wired or wireless communication between the IoT device and other devices, and the like.
此外,本申请实施例还提供了一种计算机可读存储介质,存储有计算机程序,所述计算机程序被计算机执行时可以实现上述图2或图3所示实施例的数据处理示方法。该计算机可读介质可以是上述实施例中描述的电子设备中所包含的;也可以是单独存在,而未装配入该电子设备中。In addition, an embodiment of the present application also provides a computer-readable storage medium storing a computer program, and when the computer program is executed by a computer, the data processing method in the above-mentioned embodiment shown in FIG. 2 or FIG. 3 can be implemented. The computer-readable medium may be contained in the electronic device described in the above embodiments; or it may exist independently without being assembled into the electronic device.
本申请实施例还提供了一种计算机程序产品,其包括承载在计算机可读存储介质上的计算机程序,所述计算机程序被计算机执行时可以实现如上述如图2或图3所示实施例的数据处理方法。在这样的实施例中,计算机程序可以是从网络上被下载和安装,和/或从可拆卸介质被安装。在该计算机程序被处理器执行时,执行本申请的系统中限定的各种功能。The embodiment of the present application also provides a computer program product, which includes a computer program carried on a computer-readable storage medium, and when the computer program is executed by a computer, it can realize the above-mentioned embodiments as shown in Figure 2 or Figure 3 data processing method. In such an embodiment, the computer program may be downloaded and installed from a network, and/or from removable media. When the computer program is executed by the processor, various functions defined in the system of the present application are performed.
上述相关实施例中的存储组件可以被配置为存储各种类型的数据以支持在终端的操作。存储组件可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。The storage component in the above related embodiments may be configured to store various types of data to support operations at the terminal. The memory component can be implemented by any type of volatile or non-volatile memory device or their combination, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable Programmable Read Only Memory (EPROM), Programmable Read Only Memory (PROM), Read Only Memory (ROM), Magnetic Memory, Flash Memory, Magnetic or Optical Disk.
计算机可读存储介质例如可以是但不限于电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合等。The computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or device, or any combination thereof.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。The device embodiments described above are only illustrative, and the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in One place, or it can be distributed to multiple network elements. Part or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. It can be understood and implemented by those skilled in the art without any creative effort.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助
软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。Through the above description of the implementation manners, those skilled in the art can clearly understand that each implementation manner can use It can be realized by software plus necessary general-purpose hardware platform, of course, it can also be realized by hardware. Based on this understanding, the essence of the above technical solution or the part that contributes to the prior art can be embodied in the form of software products, and the computer software products can be stored in computer-readable storage media, such as ROM/RAM, magnetic discs, optical discs, etc., including several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) execute the methods described in various embodiments or some parts of the embodiments.
最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, rather than limiting them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: it can still Modifications are made to the technical solutions described in the foregoing embodiments, or equivalent replacements are made to some of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions of the various embodiments of the present application.
Claims (12)
- 一种数据处理方法,其特征在于,包括:A data processing method, characterized in that, comprising:第一物联网设备确定在第一可信执行环境中与第二物联网设备协商生成的共享密钥;The first IoT device determines a shared key generated through negotiation with the second IoT device in the first trusted execution environment;接收所述第二物联网设备发送的第二密文及第二验证消息;receiving a second ciphertext and a second verification message sent by the second IoT device;在所述第一可信执行环境中基于所述共享密钥对所述第二验证消息进行验证,并在所述第二验证消息验证成功之后从所述第二密文中解密获得第二交换数据;Verifying the second verification message based on the shared key in the first trusted execution environment, and decrypting the second ciphertext to obtain second exchange data after the second verification message is successfully verified. ;在所述第一可信执行环境中确定获得所述第二物联网设备对应的至少一个第二交换数据之后,基于所述至少一个第二交换数据执行第一处理操作获得第一处理结果,并将所述第一处理结果导出至外部执行环境。After determining to obtain at least one second exchanged data corresponding to the second IoT device in the first trusted execution environment, performing a first processing operation based on the at least one second exchanged data to obtain a first processing result, and Exporting the first processing result to an external execution environment.
- 根据权利要求1所述的方法,其特征在于,所述第二密文基于所述第二交换数据以及当前第二计数值加密获得;The method according to claim 1, wherein the second ciphertext is encrypted and obtained based on the second exchange data and the current second count value;所述在所述第二验证消息验证成功之后从所述第二密文中解密获得第二交换数据包括:The obtaining the second exchange data by decrypting the second ciphertext after the second verification message is successfully verified includes:在所述第二验证消息验证成功之后从所述第二密文中解密获得第二交换数据及第二计数值;Decrypting from the second ciphertext to obtain second exchange data and a second count value after the second verification message is successfully verified;校验所述第二计数值是否正确;verifying whether the second count value is correct;若所述第二计数值校验成功,保存所述第二交换数据,并向所述第二物联网设备发送第一确认请求;If the verification of the second count value is successful, save the second exchange data, and send a first confirmation request to the second IoT device;若所述第二计数值校验失败,拒绝所述第二交换数据。If the verification of the second count value fails, rejecting the second exchange data.
- 根据权利要求2所述的方法,其特征在于,所述校验所述第二计数值是否正确包括:The method according to claim 2, wherein the checking whether the second count value is correct comprises:校验所述第二计数值与当前第一计数值是否相同;其中,所述第一计数值以及所述第二计数值的初始值相同;Checking whether the second count value is the same as the current first count value; wherein, the initial values of the first count value and the second count value are the same;所述方法还包括:The method also includes:若所述第二计数值校验成功,递增所述第一计数值;If the verification of the second count value is successful, increment the first count value;所述向所述第二物联网设备发送第一确认请求包括:The sending the first confirmation request to the second IoT device includes:基于所述共享密钥生成所述第一计数值的第一加密数值及所述第一加密数值的第三验证消息;generating a first encrypted value of the first count value and a third verification message of the first encrypted value based on the shared key;向所述第二物联网设备发送包括所述第一加密数值及所述第三验证消息的第一确认请求;所述第一确认请求还用于通知所述第二物联网设备在所述第三验证消息验证成功之后,基于所述第一加密数值中的第一计数值更新所述第二计数值。sending a first confirmation request including the first encrypted value and the third verification message to the second Internet of Things device; the first confirmation request is also used to notify the second Internet of Things device to After the third verification message is successfully verified, the second count value is updated based on the first count value in the first encrypted value.
- 根据权利要求1所述的方法,其特征在于,还包括: The method according to claim 1, further comprising:在所述第一可信执行环境中从所述共享密钥中派生获得第一会话密钥及第二会话密钥;deriving a first session key and a second session key from the shared key in the first trusted execution environment;所述在所述第一可信执行环境中基于所述共享密钥对所述第二验证消息进行验证,并在所述第二验证消息验证成功之后从所述第二密文中解密获得第二交换数据包括:Verifying the second verification message based on the shared key in the first trusted execution environment, and decrypting the second ciphertext to obtain the second verification message after the verification of the second verification message is successful. Exchange data includes:在所述第一可信执行环境中基于所述第二会话密钥对所述第二验证消息进行验证,并在所述第二验证消息验证成功之后基于所述第一会话密钥从所述第二密文中解密获得第二交换数据。In the first trusted execution environment, the second verification message is verified based on the second session key, and after the second verification message is successfully verified, based on the first session key, the Decrypt the second ciphertext to obtain the second exchange data.
- 根据权利要求4所述的方法,其特征在于,还包括:The method according to claim 4, further comprising:在所述第一可信执行环境,基于所述共享密钥生成第一交换数据的第一密文及所述第一密文的第一验证消息;In the first trusted execution environment, generating a first ciphertext of the first exchange data and a first verification message of the first ciphertext based on the shared key;将所述第一密文及所述第一验证消息发送至所述第二物联网设备;其中,所述第一验证消息用于所述第二物联网设备在第二可信执行环境中基于所述共享密钥进行验证,并在验证成功之后从所述第一密文中解密获得所述第一交换数据。Send the first ciphertext and the first verification message to the second IoT device; wherein, the first verification message is used by the second IoT device in the second trusted execution environment based on The shared key is verified, and after the verification is successful, the first exchange data is obtained by decrypting from the first ciphertext.
- 一种数据处理方法,其特征在于,包括:A data processing method, characterized in that, comprising:第二物联网设备确定与第一物联网设备协商生成的共享密钥;The second IoT device determines the shared key generated through negotiation with the first IoT device;基于所述共享密钥生成第二交换数据的第二密文及所述第二密文的第二验证消息;generating a second ciphertext of the second exchange data and a second verification message of the second ciphertext based on the shared key;将所述第二密文及所述第二验证消息发送至所述第一物联网设备;所述第一物联网设备用于在第一可信执行环境中基于所述共享密钥对所述第二密文的第二验证消息进行验证,并在验证成功之后从所述第二密文中解密获得所述第二交换数据。sending the second ciphertext and the second verification message to the first IoT device; the first IoT device is configured to verify the shared key based on the shared key in the first trusted execution environment The second verification message of the second ciphertext is verified, and after the verification is successful, the second exchange data is obtained by decrypting the second ciphertext.
- 根据权利要求6所述的方法,其特征在于,还包括:The method according to claim 6, further comprising:将第二数据切分为至少一个第二交换数据;segmenting the second data into at least one second exchange data;所述基于所述共享密钥生成第二交换数据的第二密文及所述第二密文的第二验证消息包括:The generation of the second ciphertext of the second exchange data based on the shared key and the second verification message of the second ciphertext include:针对当前待发送的第二交换数据,利用所述共享密钥,将第二交换数据及当前第二计数值加密生成第二密文以及生成所述第二密文的第二验证消息;所述第二计数值用于所述第一物联网设备进行校验。For the second exchange data currently to be sent, using the shared key, encrypt the second exchange data and the current second count value to generate a second ciphertext and generate a second verification message of the second ciphertext; The second count value is used for verification by the first IoT device.
- 根据权利要求7所述的方法,其特征在于,还包括:The method according to claim 7, further comprising:接收到所述第一物联网设备发送的第一确认请求,将未发送的第二交换数据作为待发送的第二交换数据;其中,所述第一确认请求为所述第一物联网设备在所述第一计数值验证成功时发送;receiving the first confirmation request sent by the first IoT device, using the unsent second exchange data as the second exchange data to be sent; wherein, the first confirmation request is that the first IoT device Sending when the verification of the first count value is successful;接收到所述第一物联网设备发送的第一重发请求,将最近发送的第二交换数据重新作为待发送的第二交换数据;其中,所述第一重发请求为所述第一物联网设备在所述第一计数值校验失败或者所述第二验证消息验证失败时发送。Receiving the first resend request sent by the first IoT device, reusing the second exchange data sent recently as the second exchange data to be sent; wherein, the first resend request is the The networking device sends it when the verification of the first count value fails or the verification of the second verification message fails.
- 根据权利要求8所述的方法,其特征在于,还包括: The method according to claim 8, further comprising:接收到所述第一物联网设备发送的第一确认请求,基于所述共享密钥对所述第一确认请求中的第三验证消息进行验证,并在验证成功之后从所述第一确认请求中的第一加密数值中解密获得第一计数值;所述第一计数值与所述第二计数值的初始值相同;所述第一物联网设备用于在所述第二计数值校验成功之后递增所述第一计数值;receiving the first confirmation request sent by the first Internet of Things device, verifying the third verification message in the first confirmation request based on the shared key, and after the verification is successful, from the first confirmation request Decrypt the first encrypted value in to obtain the first count value; the initial value of the first count value is the same as the initial value of the second count value; the first IoT device is used to check the second count value Incrementing the first count value after success;利用所述第一计数值更新所述第二计数值。The second count value is updated with the first count value.
- 根据权利要求6所述的方法,其特征在于,所述第二物联网设备确定与第一物联网设备协商生成的共享密钥包括:The method according to claim 6, wherein the determination by the second Internet of Things device that the shared key generated through negotiation with the first Internet of Things device includes:确定在第二可信执行环境中与第一物联网设备协商生成的共享密钥;determining a shared key generated through negotiation with the first IoT device in the second trusted execution environment;所述方法还包括:The method also includes:接收所述第一物联网设备发送的第一密文及对应的第一验证消息;receiving a first ciphertext and a corresponding first verification message sent by the first IoT device;在所述第二可信执行环境中基于所述共享密钥对所述第一验证消息进行验证,并在验证成功之后,从所述第一密文中解密获得第一交换数据;Verifying the first verification message based on the shared key in the second trusted execution environment, and after the verification succeeds, decrypting the first ciphertext to obtain the first exchange data;在所述第二可信执行环境中确定获得所述第一物联网设备对应的至少一个第一交换数据之后,基于所述至少一个第一交换数据执行第一处理操作,并将第一处理结果导出至外部执行环境。After it is determined in the second trusted execution environment to obtain at least one first exchange data corresponding to the first IoT device, perform a first processing operation based on the at least one first exchange data, and store the first processing result Export to an external execution environment.
- 一种物联网设备,其特征在于,包括存储组件及处理组件;所述存储组件存储一条或多条计算机指令;An Internet of Things device, characterized in that it includes a storage component and a processing component; the storage component stores one or more computer instructions;所述处理组件通过其配置的安全单元创建可信执行环境或者通过创建沙箱以及将所述沙箱作为可信执行环境;The processing component creates a trusted execution environment through its configured security unit or creates a sandbox and uses the sandbox as a trusted execution environment;所述一条或多条计算机指令供所述处理组件调用并执行,以实现如权利要求1~5任一项所述的数据处理方法,或者实现如权利要求6~10任一项所述的数据处理方法。The one or more computer instructions are called and executed by the processing component, so as to realize the data processing method according to any one of claims 1-5, or realize the data processing method according to any one of claims 6-10. Approach.
- 一种物联网设备,其特征在于,包括存储组件、处理组件及安全元件;所述存储组件存储一条或多条计算机指令;An Internet of Things device, characterized in that it includes a storage component, a processing component, and a security element; the storage component stores one or more computer instructions;所述安全元件用以创建供所述处理组件调用的可信执行环境;The secure element is used to create a trusted execution environment called by the processing component;所述一条或多条计算机指令供所述处理组件调用并执行,以实现如权利要求1~5任一项所述的数据处理方法,或者实现如权利要求6~10任一项所述的数据处理方法。 The one or more computer instructions are called and executed by the processing component, so as to realize the data processing method according to any one of claims 1-5, or realize the data processing method according to any one of claims 6-10. Approach.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210119023.9 | 2022-02-08 | ||
CN202210119023.9A CN114143117B (en) | 2022-02-08 | 2022-02-08 | Data processing method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023151479A1 true WO2023151479A1 (en) | 2023-08-17 |
Family
ID=80382175
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2023/073927 WO2023151479A1 (en) | 2022-02-08 | 2023-01-31 | Data processing method, and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN114143117B (en) |
WO (1) | WO2023151479A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117596083A (en) * | 2024-01-18 | 2024-02-23 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114143117B (en) * | 2022-02-08 | 2022-07-22 | 阿里云计算有限公司 | Data processing method and device |
CN116599772B (en) * | 2023-07-14 | 2024-04-09 | 腾讯科技(深圳)有限公司 | Data processing method and related equipment |
CN118316608A (en) * | 2024-06-07 | 2024-07-09 | 中国电信股份有限公司 | Data encryption method, data decryption method and related equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107005577A (en) * | 2017-01-25 | 2017-08-01 | 深圳市汇顶科技股份有限公司 | The processing method and processing unit of finger print data |
CN107409118A (en) * | 2014-12-22 | 2017-11-28 | 迈克菲有限责任公司 | Trust Establishment between credible performing environment and ancillary equipment |
CN110474921A (en) * | 2019-08-28 | 2019-11-19 | 中国石油大学(北京) | A kind of perception layer data fidelity method towards local Internet of Things |
CN111082934A (en) * | 2019-12-31 | 2020-04-28 | 支付宝(杭州)信息技术有限公司 | Cross-domain secure multiparty computing method and device based on trusted execution environment |
CN111181720A (en) * | 2019-12-31 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Service processing method and device based on trusted execution environment |
US20210374233A1 (en) * | 2020-05-28 | 2021-12-02 | Red Hat, Inc. | Data distribution across multiple devices using a trusted execution environment in a mobile device |
CN114143117A (en) * | 2022-02-08 | 2022-03-04 | 阿里云计算有限公司 | Data processing method and device |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9722775B2 (en) * | 2015-02-27 | 2017-08-01 | Verizon Patent And Licensing Inc. | Network services via trusted execution environment |
CN106454528A (en) * | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Service processing method based on trusted execution environment and client side |
WO2019237304A1 (en) * | 2018-06-14 | 2019-12-19 | 华为技术有限公司 | Key processing method and device |
CN110011956B (en) * | 2018-12-12 | 2020-07-31 | 阿里巴巴集团控股有限公司 | Data processing method and device |
AU2019207311B2 (en) * | 2019-04-26 | 2020-10-29 | Advanced New Technologies Co., Ltd. | Securely executing smart contract operations in a trusted execution environment |
CN113360857A (en) * | 2021-08-10 | 2021-09-07 | 支付宝(杭州)信息技术有限公司 | Code starting method and system for software |
CN114003884B (en) * | 2021-10-25 | 2024-07-26 | 武汉大学 | Biometric authentication key negotiation method and system for secure communication |
-
2022
- 2022-02-08 CN CN202210119023.9A patent/CN114143117B/en active Active
-
2023
- 2023-01-31 WO PCT/CN2023/073927 patent/WO2023151479A1/en unknown
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107409118A (en) * | 2014-12-22 | 2017-11-28 | 迈克菲有限责任公司 | Trust Establishment between credible performing environment and ancillary equipment |
CN107005577A (en) * | 2017-01-25 | 2017-08-01 | 深圳市汇顶科技股份有限公司 | The processing method and processing unit of finger print data |
CN110474921A (en) * | 2019-08-28 | 2019-11-19 | 中国石油大学(北京) | A kind of perception layer data fidelity method towards local Internet of Things |
CN111082934A (en) * | 2019-12-31 | 2020-04-28 | 支付宝(杭州)信息技术有限公司 | Cross-domain secure multiparty computing method and device based on trusted execution environment |
CN111181720A (en) * | 2019-12-31 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Service processing method and device based on trusted execution environment |
US20210374233A1 (en) * | 2020-05-28 | 2021-12-02 | Red Hat, Inc. | Data distribution across multiple devices using a trusted execution environment in a mobile device |
CN114143117A (en) * | 2022-02-08 | 2022-03-04 | 阿里云计算有限公司 | Data processing method and device |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117596083A (en) * | 2024-01-18 | 2024-02-23 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
CN117596083B (en) * | 2024-01-18 | 2024-04-12 | 杭州海康威视数字技术股份有限公司 | Intelligent Internet of things data aggregation method and device based on data desensitization |
Also Published As
Publication number | Publication date |
---|---|
CN114143117A (en) | 2022-03-04 |
CN114143117B (en) | 2022-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109309565B (en) | Security authentication method and device | |
US10742422B1 (en) | Digital transaction signing for multiple client devices using secured encrypted private keys | |
CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
WO2023151479A1 (en) | Data processing method, and device | |
US7120797B2 (en) | Methods for authenticating potential members invited to join a group | |
CN103338215B (en) | The method setting up TLS passage based on the close algorithm of state | |
CN111131278B (en) | Data processing method and device, computer storage medium and electronic equipment | |
CN106790090A (en) | Communication means, apparatus and system based on SSL | |
CN107708112A (en) | A kind of encryption method suitable for MQTT SN agreements | |
CN112400299B (en) | Data interaction method and related equipment | |
WO2016058404A1 (en) | Entity authentication method and device based on pre-shared key | |
US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
WO2022022009A1 (en) | Message processing method and apparatus, device, and storage medium | |
CN111294203B (en) | Information transmission method | |
US11722466B2 (en) | Methods for communicating data utilizing sessionless dynamic encryption | |
CN114697040B (en) | Electronic signature method and system based on symmetric key | |
WO2023151427A1 (en) | Quantum key transmission method, device and system | |
TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
US11088835B1 (en) | Cryptographic module to generate cryptographic keys from cryptographic key parts | |
CN111756528A (en) | Quantum session key distribution method and device and communication architecture | |
CN111130775A (en) | Key negotiation method, device and equipment | |
CN116318654A (en) | SM2 algorithm collaborative signature system, method and equipment integrating quantum key distribution | |
CN117155564A (en) | Bidirectional encryption authentication system and method | |
WO2022135391A1 (en) | Identity authentication method and apparatus, and storage medium, program and program product | |
Ashraf et al. | Lightweight and authentic symmetric session key cryptosystem for client–server mobile communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23752259 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |