WO2023179102A1 - Method for determining trusted identity of application, and management unit and device - Google Patents

Method for determining trusted identity of application, and management unit and device Download PDF

Info

Publication number
WO2023179102A1
WO2023179102A1 PCT/CN2022/137827 CN2022137827W WO2023179102A1 WO 2023179102 A1 WO2023179102 A1 WO 2023179102A1 CN 2022137827 W CN2022137827 W CN 2022137827W WO 2023179102 A1 WO2023179102 A1 WO 2023179102A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
identity
request
middleware
communication channel
Prior art date
Application number
PCT/CN2022/137827
Other languages
French (fr)
Chinese (zh)
Inventor
周广宇
赵俊化
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023179102A1 publication Critical patent/WO2023179102A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Definitions

  • This application relates to the field of data security, and in particular to a method, management unit and device for confirming an application's trusted identity.
  • a two-way certificate authentication process requires a four-way handshake process.
  • the server verifies the certificate from the client, and the client verifies the certificate from the server, thereby establishing a trust mechanism based on cryptography.
  • the server and the client conduct encrypted secure communication based on the negotiated key.
  • the process of the above-mentioned certificate-based authentication mechanism requires the participation of a trusted third-party organization, such as a certificate authority (certificate authority, CA). And the CA needs to issue certificates for both ends of the communication. This will introduce certificate issuance costs, certificate storage costs, and certificate maintenance costs, making it a complex solution.
  • a handshake mechanism needs to be introduced based on certificate authentication, and the handshake mechanism requires multiple certificate verification processes, which is time-consuming. Therefore, in the car, some scenarios that are highly sensitive to delay are not suitable for using TLS-based authentication communication methods.
  • the embodiments of this application provide an application trusted identity confirmation method, management unit and device, which are used to build an identity connection with the target application based entirely on a middleware trusted base of user-mode software, which is independent of the kernel and more flexible;
  • communication data can be integrated with identity data, saving the number of communications and improving device performance.
  • the embodiments of this application first provide a method for confirming an application's trusted identity, which can be used in the field of data security, especially in the field of intelligent connected cars.
  • the method includes: first, establishing a middleware trusted base The identity connection with the target application.
  • the middleware trust base is pre-built user mode software.
  • the target application at least includes the first application and the second application.
  • the middleware trusted base receives the first request sent by the first application through the first identity channel.
  • the first request can also be called a communication initialization request, which is used to indicate that the first application requests to communicate with the second application.
  • the identity channel is an identity channel corresponding to the first application.
  • the middleware trusted base can obtain a second request based on the first request, wherein the second request includes the identity information of the first application, and the middleware trusted base will pass the third request established when establishing the identity connection.
  • the second identity channel sends the second request to the second application.
  • the second identity channel is an identity channel corresponding to the second application.
  • the second application After receiving the second request sent by the middleware trusted base, the second application will obtain the identity information of the first application from the data message of the second request, and decide whether to establish a communication channel with the first application based on the identity information. , this communication channel can be called the first communication channel (ie, safe channel).
  • the embodiment of the present application establishes identity connections with each application process based on the constructed middleware trust base, which is more flexible; and in the communication initialization stage of the process, the middleware trust base
  • the identity information of the initiating process is added to the communication initialization request to enable the receiving process to identify whether the initiating process is a reliable application process. This eliminates the need for additional identity transmission processes, saves the number of communications, and improves communication performance; in addition, the intermediate The software trust base is completely user-mode software, has no dependence on the kernel, and is more universal.
  • the middleware trust base establishes an identity connection with the target application in the following manner: the middleware trust base establishes an identity connection with the target application through execution management.
  • the middleware trustworthy base establishing an identity connection with the target application may also be: the middleware trustworthy base establishes an identity connection with the target application using the configuration file of the target application.
  • the middleware trusted base obtains the second request based on the first request.
  • the middleware trusted base injects the identity information of the first application into the first request, thereby obtaining the second request containing the first request.
  • the second request for the identity information of the first application integrates the communication data with the identity data, thereby eliminating the need for additional identity transmission processes, saving the number of communications, and improving communication performance.
  • the access rights of the first identity channel are subject to a first restriction, and the first restriction includes at least any one of the following: the identity connection between the third application and the middleware trusted base cannot be created or accessed, Wherein, the third application and the first application are different applications; or, the data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a communication channel different from the first communication channel.
  • the access rights of the second identity channel are subject to a second restriction, and the second restriction includes at least any of the following: the identity connection between the fourth application and the middleware trusted base cannot be created or accessed, Wherein, the fourth application and the second application are different applications; or the data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a different communication channel from the first communication channel.
  • the access permission of the first communication channel is subject to a third restriction, and the third restriction includes at least any of the following: the identity connection between the target application and the middleware trusted base cannot be created or accessed; or , data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a communication channel different from the first communication channel.
  • the access rights of the above-mentioned channels are restricted by the operating system kernel, thereby improving data security.
  • the first application and the second application belong to application programs in the same operating system.
  • the second aspect of the embodiments of the present application provides a management unit that has the function of implementing the method of the above-mentioned first aspect or any possible implementation of the first aspect.
  • This function can be implemented by hardware, or it can be implemented by hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the third aspect of the embodiment of the present application provides a device, which may include a memory, a processor and a bus system, wherein the memory is used to store programs, and the processor is used to call the program stored in the memory to execute the first aspect of the embodiment of the present application or
  • the first aspect is any possible implementation method.
  • the fourth aspect of the embodiments of the present application provides a computer-readable storage medium.
  • the computer-readable storage medium stores instructions. When run on a computer, the computer can execute the first aspect or any one of the first aspects. Possible implementation methods.
  • the fifth aspect of the embodiment of the present application provides a computer program that, when run on a computer, causes the computer to execute the method of the above-mentioned first aspect or any possible implementation of the first aspect.
  • the sixth aspect of the embodiment of the present application provides a chip.
  • the chip includes at least one processor and at least one interface circuit.
  • the interface circuit is coupled to the processor.
  • the at least one interface circuit is used to perform a transceiver function and send instructions to At least one processor, at least one processor is used to run computer programs or instructions, which has the function of implementing the above-mentioned first aspect or any of the possible implementation methods of the first aspect.
  • This function can be implemented by hardware or software. Implementation can also be achieved through a combination of hardware and software.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the interface circuit is used to communicate with other modules outside the chip.
  • Figure 1 is a schematic flow chart of a method for confirming an application's trusted identity provided by an embodiment of the present application
  • Figure 2 is a schematic diagram of the middleware trusted base provided by the embodiment of the present application to establish an identity connection
  • Figure 3 is a schematic diagram of the middleware trusted base provided by the embodiment of the present application using execution management to establish an identity connection;
  • Figure 4 is a schematic diagram of the middleware trusted base provided by the embodiment of the present application using a configuration file to establish an identity connection;
  • Figure 5 is a schematic flow chart of the middleware trusted base for transferring identity information provided by the embodiment of the present application.
  • Figure 6 is a diagram illustrating the overall architecture of the vehicle system access from start to finish according to the embodiment of the present application
  • FIG. 7 is a schematic structural diagram of a management unit provided by an embodiment of the present application.
  • Figure 8 is a schematic structural diagram of the equipment provided by the embodiment of the present application.
  • the embodiment of the present application provides a method, management unit and device for confirming an application's trusted identity, which is used to build an identity connection with a target application (application, APP) based entirely on a middleware trusted base based on user-mode software, without affecting the kernel.
  • a target application application, APP
  • Dependence more flexible; in addition, based on the built identity connection, communication data can be integrated with identity data, saving the number of communications and improving device performance.
  • SSL is the predecessor of TLS, and its full name is secure sockets layer. It is no longer updated;
  • TLS is transport layer security, which is An encryption protocol for network-based transmission that can authenticate the identity of both parties based on a trusted third-party notarization;
  • HTTPS is hyper text transfer protocol over secure socket layer, which is an HTTP channel targeting security. Based on HTTP, the security of the transmission process is ensured through transmission encryption and identity authentication.
  • a two-way certificate authentication process requires a four-way handshake process, and the certificate is an authentication mechanism based on asymmetric encryption and decryption.
  • the server verifies the certificate from the client, and the client verifies the certificate from the server, thereby establishing a trust mechanism based on cryptography.
  • the server and the client conduct encrypted secure communication based on the negotiated key.
  • the process of certificate-based authentication mechanism requires the participation of a trusted third-party organization, such as a CA. And the CA needs to issue certificates for both ends of the communication.
  • identity authentication requires the introduction of certificates and the maintenance of the certificate life cycle, which increases costs.
  • a handshake mechanism needs to be introduced based on certificate authentication, and the handshake mechanism needs to complete multiple certificate verification processes.
  • the number of verifications needs to be at least two, and usually the working certificate is not the root certificate, so certificate chain verification is usually introduced during certificate verification.
  • the number of certificate verifications may be far more than 2 times, and each certificate verification needs to go through the cloud.
  • the public key infrastructure (PKI) queries the certificate validity and completes the asymmetric encryption and decryption algorithm process. Each step is a time-consuming operation. Therefore, TLS-based authentication communication methods are not suitable for use in some scenarios that are highly sensitive to delay in the car.
  • a socket whose Family attribute is configured as AF_UNIX is called a unix domain socket, or UDS for short. It is an inter-process communication method provided by the Linux kernel and is used to implement inter-process communication (IPC) on the same host. UDS can be used Efficient inter-process communication within the operating system. UDS provides a way to transfer identities between processes. When the sender process indicates that the message type sent is SCM_CREDENTIALS, the receiver process can obtain the UID/GID/PID of the initiator process through the Linux C library function. This further obtains the identity of the initiating process. It should be noted that the SCM_CREDENTIALS mechanism of UDS is implemented through the kernel socket, that is, the Linux kernel transfers the UID/GID/PID information of the initiating process between the two processes.
  • UDS can complete the basic identity transfer function, this function can be used as long as it is a Linux system and is very versatile. But along with it, UDS still cannot solve some business-related problems, including:
  • Another way of UDS is to use the SO_PEERCRED mechanism, which can integrate identity and data transmission, but requires an additional system call to obtain the identity, which will cause a loss of communication performance and thus reduce communication efficiency;
  • Identity information can only be UID/GID/PID, and business code needs to be mapped to implement the logic required by the business;
  • Information transfer is implemented in the kernel, requiring additional system calls to transfer identity information, which reduces the certainty of IPC communication.
  • the Linux mainline introduced an inter-process communication method based on the binder driver.
  • This communication method is widely used in Android systems.
  • binder provides a universal IPC framework, initially introduced by open binder and customized by Google for widespread use in IPC scenarios in Android.
  • the binder was merged into the mainline in Linux 3.19.
  • Android encapsulates binder into a java native interface (java native interface, JNI) for use by upper-layer applications.
  • the JNI interface will use the driver layer interface, which is /dev/binder.
  • the binder driver injects caller identity information into IPC data in the kernel. This solution solves problem a in the second way above.
  • the binder-based communication method combines the data message and the identity information of the initiator.
  • the receiving end can access the identity information of the peer through the get calling UID class interface.
  • the binder solution still cannot handle the problems b and c mentioned in the second method above, that is: the binder can still only transmit the logical concept information provided by the UID/GID/PID operating system. Android solves this problem by giving each process a unique UID.
  • this type of solution is not a universal solution and is not suitable for vehicle operating systems; the identity information acquisition logic of binder is in the kernel, which increases the kernel processing time and is still not performance friendly enough. Since binder has been merged into the kernel mainline, maintainability has been alleviated, but it is more difficult to push similar functions into the kernel.
  • Some existing identity authentication mechanism solutions are mostly based on the kernel to obtain the UID/GID/PID information of the peer process, which usually introduces the following problems: 1) It cannot be integrated with business communication and requires additional communication to obtain it from the kernel. Information corresponding to the process; 2) It can only transfer the existing logical concepts of the operating system, such as UID/GID/PID, and cannot be closely integrated with the business. When using the identity, a table lookup mapping is still required; 3) The identity authentication process is Kernel implementation introduces multiple system calls, which reduces performance, and introduces kernel modifications, making maintenance difficult.
  • the embodiment of the present application provides a method, management unit and device for confirming an application's trusted identity, which can solve the above three problems.
  • the embodiment of the present application is entirely based on the middleware trusted base of user-mode software.
  • the identity connection with the target application has no dependence on the kernel and is more flexible; in addition, based on the built-in identity connection, communication data can be integrated with identity data, saving the number of communications and improving device performance.
  • Figure 1 is a schematic flowchart of a method for confirming an application's trusted identity provided by an embodiment of the present application. Specifically, it may include the following steps:
  • the middleware trust base establishes an identity connection with the target application.
  • the middleware trust base is user-mode software built in advance.
  • the target application at least includes a first application and a second application.
  • the middleware trust base can also be called identity manager, which is a kind of user-mode software.
  • the middleware trust base itself is trustworthy.
  • a middleware trust base is constructed corresponding to an operating system. After the middleware trust base is constructed, the middleware trust base can be established and related to related applications (which can be called target applications, target processes). etc., for ease of explanation, applications are used as examples to illustrate the identity connection between).
  • the target application includes at least two different applications, which may be called a first application and a second application.
  • the target application may refer to any one or more applications (for example, it may be all applications) belonging to the same operating system.
  • the first application and the second application Applications refer to applications that belong to the same operating system.
  • the middleware trust base when the middleware trust base is started, it will establish a communication channel for marking identities with the processes belonging to all applications in the operating system. As shown in Figure 2, this communication channel can be called an identity channel. In this article, there are multiple ways to establish identity connections, including but not limited to:
  • the middleware trust base establishes an identity connection with the target application through execution management.
  • the middleware trusted base can use execution management (execution management is a service process) to establish an identity connection with the target application. For example, execution management can notify the middleware trust base which APP processes have been started, and then the middleware trust base can actively initiate identity connections.
  • execution management execution management is a service process
  • the vehicle platform software business processes are all started by execution management.
  • the role of execution management is similar to Android's zygote process.
  • Execution management is called through the fork-exec system and ultimately starts the business process.
  • the execution management assists in establishing the identity channel. Please refer to Figure 3 for details.
  • the creation process is as follows:
  • the execution management calls the fork system call to create a child process. At this time, the execution management code is still running;
  • the sub-process initiates IPC communication to the middleware trusted base, notifying the middleware trusted base that it is about to launch an APP process;
  • the middleware trust base attempts to open the identity connection channel of the APP process.
  • the middleware trust base uses the configuration file of the target application to establish an identity connection with the target application.
  • the middleware trusted base can use the configuration file to establish an identity connection with the target application.
  • the middleware trust base can statically obtain the APP process information that needs to be started on the current platform, and then initiate an identity connection.
  • the vehicle platform software business process has its own configuration file.
  • the configuration file When the configuration file is packaged and integrated by the software, it is installed in the root file system of the vehicle platform.
  • the file is in a read-only file system, and when it is started, it will be verified with the entire system to ensure its integrity.
  • Both the middleware trust base and the APP process can obtain the identity connection information of the APP process based on this configuration file.
  • the mandatory access control (MAC) policy of the operating system stipulates that the APP process can only access the identity connection channel corresponding to its identity, the identity connection created by the embodiment of this application is also safe and trustworthy. Please refer to Figure 4 for details. , its creation process is as follows:
  • the middleware trust base traverses the configuration files of all APP processes under the same operating system, opens its identity connection channel for each APP process, and attempts to establish an identity connection with the APP;
  • the APP process When the APP process communicates for the first time, it opens its own identity connection channel by reading the identity connection information in the configuration file, thereby establishing a trusted secure identity channel with the middleware trust base.
  • the middleware trust base establishes identity connections with all application processes under the same operating system, the identity information provided by the kernel trust base can be transferred to the middleware trust base.
  • the middleware trusted base receives the first request sent by the first application through the first identity channel, where the first request is used to represent the first application's request to communicate with the second application.
  • the entire operating system can transfer the identity information of each application through the middleware trust base.
  • an application process can be called the first application, that is, APP1, also can be called the initiating end process
  • another application process can be called the second application, that is, APP2
  • the receiving process needs to be able to determine the identity of the initiating process. If the initiating process is an unidentified process, for the sake of communication security, the receiving process will refuse to communicate with it. Therefore, during communication initialization, the initiating process cannot communicate directly with the receiving process.
  • the communication will be directly rejected by the receiving end. At this time, it is required that the identity of the initiating process can be safely transmitted to the receiving process. But it cannot be transmitted directly through the communication channel load between two application processes, because if this transmission method is used, an untrustworthy process or a malicious process can arbitrarily adjust the communication load to imitate other application processes. This will prevent the receiving process from making correct and reliable judgments. Therefore, during communication initialization, the first application needs to communicate with the middleware trusted base to attempt to establish a communication channel with the second application via the middleware trusted base.
  • the middleware trusted base may receive the first request sent by the first application through the first identity channel established when establishing the identity connection.
  • the first request may also be called a communication initialization request and is used to characterize the first application request. Communicate with the second application.
  • the first identity channel is an identity channel corresponding to the first application.
  • the middleware trusted base obtains the second request according to the first request, and the second request includes the identity information of the first application.
  • the middleware trusted base After receiving the first request (ie, communication initialization request) sent by the first application, the middleware trusted base will further obtain a second request based on the first request.
  • the second request includes the identity information of the first application.
  • the way in which the middleware trusted base obtains the second request based on the first request may be: the middleware trusted base injects the identity information of the first application into the first request, Thus, a second request containing the identity information of the first application is obtained.
  • the middleware trusted base sends the second request to the second application through the second identity channel.
  • the middleware trusted base will send the second request to the second application through the second identity channel established when establishing the identity connection.
  • the second identity channel is an identity channel corresponding to the second application.
  • the middleware trust base can determine which application the second application is based on the APP ID maintained by itself, as shown in Figure 5.
  • the second application determines whether to establish a first communication channel with the first application based on the identity information in the second request.
  • the second application After receiving the second request sent by the middleware trusted base, the second application will obtain the identity information of the first application from the data message of the second request, and decide whether to establish a communication channel with the first application based on the identity information.
  • this communication channel can be called the first communication channel (ie, safe channel).
  • the middleware trust base itself is trustworthy, it follows that the identity information in the request forwarded via the middleware trust base is also trustworthy. Therefore, the second application can make a judgment based on the identity information of the first application.
  • the first communication channel between the middleware trust base and the processes at both ends of the communication is jointly established by the system execution management and the middleware trust base during initialization. Since the execution management of the system belongs to the same security level as the middleware trust base described in this application, data requests sent through these two channels are also trustworthy.
  • the application trusted identity confirmation method provided by the embodiment of the application is based on the constructed middleware trusted base to establish the identity connection with each application process, which is more flexible; and in the communication initialization stage, the process is The middleware trust base injects the identity information of the initiating process into the communication initialization request (that is, the communication data and the identity data are fused), so that the receiving process can identify whether the initiating process is a reliable application process, thereby eliminating the need for additional identities.
  • the transmission process saves the number of communications and improves communication performance; in addition, the middleware trust base is completely user-mode software, which has less dependence on the kernel and is more universal.
  • the access rights of the first identity channel are subject to a first restriction, and the first restriction is at least Including any of the following: the inability to create or access the identity connection between the third application and the middleware trusted base, where the third application and the first application are different applications; or the inability to access the data passed on the second communication channel.
  • the second communication channel is a communication channel different from the first communication channel.
  • the access permission of the second identity channel is subject to a second restriction
  • the second restriction includes at least any of the following: the identity connection between the fourth application and the middleware trusted base cannot be created or accessed, wherein the fourth The application and the second application are different applications; or the data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a communication channel different from the first communication channel.
  • the access rights of the first communication channel are subject to a third restriction, which includes at least one of the following: the inability to create or access the identity connection between the target application and the middleware trusted base; or the inability to access the transfer on the second communication channel. data, wherein the second communication channel is a communication channel different from the first communication channel.
  • each channel mentioned above cannot create or access identity connections between other processes and the middleware trusted base to ensure that the identity mechanism is safe and trustworthy; in addition, each channel cannot access communication data between other processes. Ensure data security within secure communication channels to avoid tampering and information leakage.
  • embodiments of this application can use the access control mechanism provided by the Linux kernel to protect all communication channels, including but not limited to:
  • a. Use the kernel's MAC mechanism, such as security-enhanced Linux (SELinux), to restrict the behavior of application processes. It is only allowed to access channels related to itself (such as pipes, UDS, shared memory, etc.), including identity connections with Identity Manager, secure communication channels established with other processes, etc.
  • OS security-enhanced Linux
  • Adopt discretionary access control such as building an APP sandbox and running each APP with a different user to achieve isolation. This ensures that each process can only access channels related to itself.
  • the embodiments of this application take into account the shortcomings of existing methods, and the proposed method for confirming application trusted identity based on a middleware trust base can be integrated with the communication framework to achieve the integration of data communication and identity transfer; and , based on a pure user-mode middleware trust base, avoids being trapped in kernel operations too much and for too long, and improves communication performance and certainty; finally, the embodiment of this application fully conforms to the business ID system and avoids the direct use of UID and other operations. System logic concept, more flexible.
  • access control can be an important means to avoid malicious intrusions. When an invasion occurs, it can also be used as a resilient means to control the intruder's access to higher-level resources. Therefore, access control for key resources that need to be used in software systems is a very important technology in the security field. Access control must be based on a trusted identity mechanism to be effectively implemented. In the Internet field, trusted identities are usually implemented based on certificate systems and cryptography. However, in scenarios such as vehicle-mounted software that require very high reliability and real-time performance, an identity mechanism based entirely on a certificate system or cryptography is not fully applicable. In view of the characteristics of vehicle-mounted software, the present invention implements a complete trusted identity mechanism based on user mode.
  • the application system framework of the present invention is shown in Figure 6.
  • the application trusted identity confirmation method provided by the embodiment of the present application can be implemented in the IAM module in Figure 6.
  • the technology involved in this application is not limited to autonomous driving platforms, but also includes all access control scenarios built on user-mode trusted bases, including but not limited to industrial control, railways, aviation and other types of applications that have a high level of digital security.
  • the systems and solutions required by the specifications belong to a universal user-space secure identity transfer mechanism. It can be applied to almost any scenario and is highly customizable and scalable.
  • FIG. 7 is a schematic structural diagram of a management unit provided by an embodiment of the present application.
  • the management unit 700 may specifically include: a creation module 701, a first sending module 702, an acquisition module 703, and a second sending module 704, where , the establishment module 701 is used to establish an identity connection with the target application, which includes at least a first application and a second application; the first sending module 702 is used to receive the information sent by the first application through the first identity channel.
  • the first request is used to represent that the first application requests communication with the second application, and the first identity channel corresponds to the first application;
  • the acquisition module 703 is used to obtain the second request according to the first request.
  • the second request includes the identity information of the first application;
  • the second sending module 704 is configured to send the second request to the second application through the second identity channel, so that the second application is based on the second
  • the identity information in the request determines whether to establish a first communication channel with the first application, and the second identity channel corresponds to the second application.
  • the establishment module 701 is specifically configured to establish an identity connection with the target application through execution management.
  • the establishment module 701 is specifically configured to: establish an identity connection with the target application using the configuration file of the target application.
  • the acquisition module 703 is specifically configured to inject the identity information of the first application into the first request to obtain the second request.
  • the access rights of the first identity channel are subject to a first restriction, which first restriction includes at least any of the following: an identity connection between a third application and the middleware trusted base cannot be created or accessed , the third application and the first application are different applications; or, the data transmitted on the second communication channel cannot be accessed, and the second communication channel is a communication channel different from the first communication channel.
  • the access rights of the second identity channel are subject to a second restriction, and the second restriction includes at least any of the following: the identity connection between the fourth application and the middleware trusted base cannot be created or accessed. , the fourth application and the second application are different applications; or, the data transmitted on the second communication channel cannot be accessed, and the second communication channel is a communication channel different from the first communication channel.
  • the access permission of the first communication channel is subject to a third restriction, and the third restriction includes at least any of the following: the identity connection between the target application and the middleware trusted base cannot be created or accessed. ; Or, the data transmitted on the second communication channel cannot be accessed, and the second communication channel is a communication channel different from the first communication channel.
  • the first application and the second application belong to application programs in the same operating system.
  • Figure 8 is a schematic structural diagram of a device provided by an embodiment of the present application.
  • the management described in the corresponding embodiment of Figure 7 can be deployed on the device 800.
  • Unit 700 is used to implement the functions of the management unit 700 in the corresponding embodiment of Figure 7.
  • the device 800 is implemented by one or more servers.
  • the device 800 may vary greatly due to different configurations or performance, and may include one or more servers.
  • the memory 832 and the storage medium 830 may be short-term storage or persistent storage.
  • the program stored in the storage medium 830 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations on the device 800 .
  • the central processor 822 may be configured to communicate with the storage medium 830 and execute a series of instruction operations in the storage medium 830 on the device 800 .
  • Device 800 may also include one or more power supplies 826, one or more wired or wireless network interfaces 850, one or more input and output interfaces 858, and/or, one or more operating systems 841, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and many more.
  • one or more power supplies 826 such as Power SupplyTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and many more.
  • operating systems 841 such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and many more.
  • the central processor 822 is used to execute the trusted identity confirmation method in the corresponding embodiment of Figure 1.
  • the central processor 822 is used to execute the trusted identity confirmation method in the corresponding embodiment of Figure 1.
  • specific content please refer to the description in the method embodiments shown above in this application, and will not be described again here. .
  • An embodiment of the present application also provides a computer-readable storage medium, which stores a program for signal processing. When it is run on a computer, it causes the computer to execute the embodiment shown in Figure 1 Describes the steps performed by the middleware trustbase.
  • the device provided by the embodiment of the present application may specifically be a chip.
  • the chip may include: a processing unit and a communication unit.
  • the processing unit may be, for example, a processor.
  • the communication unit may be, for example, an input/output interface, a pin, or a circuit.
  • the processing unit can execute computer execution instructions stored in the storage unit, so that the chip in the device performs the steps performed by the middleware trusted base described in the embodiment shown in FIG. 1 .
  • the storage unit is a storage unit within the chip, such as a register, cache, etc.
  • the storage unit may also be a storage unit located outside the chip in the wireless access device, such as Read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory, RAM), etc.
  • ROM Read-only memory
  • RAM random access memory
  • the device embodiments described above are only illustrative.
  • the units described as separate components may or may not be physically separated, and the components shown as units may or may not be physically separate.
  • the physical unit can be located in one place, or it can be distributed across multiple network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • the connection relationship between modules indicates that there are communication connections between them, which can be specifically implemented as one or more communication buses or signal lines.
  • the present application can be implemented by software plus necessary general hardware. Of course, it can also be implemented by dedicated hardware including dedicated integrated circuits, dedicated CPUs, dedicated memories, Special components, etc. to achieve. In general, all functions performed by computer programs can be easily implemented with corresponding hardware. Moreover, the specific hardware structures used to implement the same function can also be diverse, such as analog circuits, digital circuits or special-purpose circuits. circuit etc. However, for this application, software program implementation is a better implementation in most cases. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product in essence or that contributes to the existing technology.
  • the computer software product is stored in a readable storage medium, such as a computer floppy disk. , U disk, mobile hard disk, ROM, RAM, magnetic disk or optical disk, etc., including several instructions to cause a computer device (which can be a personal computer or network device, etc.) to execute the method described in each embodiment of the application.
  • the computer program product includes one or more computer instructions.
  • the computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device.
  • the computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transmitted over a wired connection from a website, computer, or data center. (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website, computer, device or data center.
  • DSL digital subscriber line
  • the computer-readable storage medium may be any available medium that a computer can store, or a data storage device such as a device integrated with one or more available media, a data center, or the like.
  • the available media may be magnetic media (eg, floppy disk, hard disk, tape), optical media (eg, DVD), or semiconductor media (eg, solid state disk (SSD)), etc.

Abstract

Disclosed in the embodiments of the present application are a method for determining a trusted identity of an application, and a management unit and a device, which can be applied to the field of vehicles. The method comprises: pre-constructed user mode software (i.e. a middleware trusted base) firstly establishing an identity connection with a target application (e.g. a first application, a second application, etc.), and receiving, by means of a first identity channel, "request to communicate with the second application", which is sent by the first application; and the middleware trusted base obtaining a second request according to identity information, which is injected into the first request, of the first application, and sending the second request to the second application by means of a second identity channel, so that the second application determines, on the basis of the identity information in the second request, whether to establish a first communication channel with the first application. In the embodiments of the present application, an identity connection with each application is constructed completely on the basis of a middleware trusted base of user state software, with little dependence on a kernel, and a higher flexibility is achieved. In addition, on the basis of the constructed identity connection, communication data can be fused with identity data, such that the number of times of communication is reduced, thereby improving the performance of a device.

Description

一种应用可信身份的确认方法、管理单元及设备An application trusted identity confirmation method, management unit and device
本申请要求于2022年3月22日提交中国专利局、申请号为202210283816.4、申请名称为“一种应用可信身份的确认方法、管理单元及设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requests the priority of the Chinese patent application submitted to the China Patent Office on March 22, 2022, with the application number 202210283816.4 and the application title "A method, management unit and device for confirming trusted identity", and its entire content incorporated herein by reference.
技术领域Technical field
本申请涉及数据安全领域,尤其涉及一种应用可信身份的确认方法、管理单元及设备。This application relates to the field of data security, and in particular to a method, management unit and device for confirming an application's trusted identity.
背景技术Background technique
随着互联网的高速发展,数据安全问题日益凸显。例如,相比于传统燃油汽车,智能网联汽车需要面对来自整个互联网的攻击者,因此,在自动驾驶领域,汽车软件从业者需要应对智能化带来的新的安全课题,只有解决数字安全问题,自动驾驶平台才能保证终端用户的安全驾驶。而一辆完整的智能网联汽车通常会涉及十几个甚至数十个电子控制单元(electronic control unit,ECU),每个ECU根据其电子器件架构复杂度要求,部署了不同的软件栈。作为智能网联车的核心运算中心,智能驾驶平台的核心操作系统通常会有各种各样的原子服务部署于其上。这些服务与服务之间,客户端与服务之间,均需要进行通信,以完成汽车行驶的功能。在这些通信中,往往会涉及到用户隐私等数据安全问题。部分关键通信还会影响车辆的行驶安全。在这种情况下,如何才能保证汽车行驶所涉及的通信安全,就变得至关重要。With the rapid development of the Internet, data security issues have become increasingly prominent. For example, compared with traditional fuel vehicles, intelligent connected vehicles need to face attackers from the entire Internet. Therefore, in the field of autonomous driving, automotive software practitioners need to deal with new security issues brought about by intelligence. Only by solving digital security The problem is that only the autonomous driving platform can ensure the safe driving of end users. A complete intelligent connected car usually involves a dozen or even dozens of electronic control units (ECUs). Each ECU deploys different software stacks based on its electronic device architecture complexity requirements. As the core computing center of intelligent connected vehicles, the core operating system of the intelligent driving platform usually has various atomic services deployed on it. Communication is required between these services and between clients and services to complete the function of car driving. In these communications, data security issues such as user privacy are often involved. Some critical communications also affect the driving safety of the vehicle. In this case, how to ensure the security of communications involved in car driving becomes crucial.
当前在互联网应用中使用比较广泛的是基于SSL/TLS/HTTPS的身份认证机制,以TLS为例,一次双向证书认证的过程需要经历四次握手流程。在一次完整TLS双向认证的握手流程中,服务端验证了来自客户端的证书,客户端验证了来自服务端的证书,从而建立基于密码学的信任机制。在完成双向认证后,服务端和客户端基于协商出来的密钥进行加密的安全通信。Currently, the identity authentication mechanism based on SSL/TLS/HTTPS is widely used in Internet applications. Taking TLS as an example, a two-way certificate authentication process requires a four-way handshake process. In a complete TLS two-way authentication handshake process, the server verifies the certificate from the client, and the client verifies the certificate from the server, thereby establishing a trust mechanism based on cryptography. After completing the two-way authentication, the server and the client conduct encrypted secure communication based on the negotiated key.
上述这种基于证书的认证机制的过程需要可信任的第三方机构参与,例如证书颁发机构(certificate authority,CA)。并且CA需要为通信两端均颁发证书。这将引入证书颁发成本、证书存储成本以及证书的维护成本,是一种复杂的解决方案。另外,TLS在建链时,需要基于证书认证引入握手机制,而握手机制中需要完成多次证书校验流程,比较耗时。因此在车内,一些对时延敏感性高的场景,不适合使用基于TLS的认证通信方式。The process of the above-mentioned certificate-based authentication mechanism requires the participation of a trusted third-party organization, such as a certificate authority (certificate authority, CA). And the CA needs to issue certificates for both ends of the communication. This will introduce certificate issuance costs, certificate storage costs, and certificate maintenance costs, making it a complex solution. In addition, when building a TLS chain, a handshake mechanism needs to be introduced based on certificate authentication, and the handshake mechanism requires multiple certificate verification processes, which is time-consuming. Therefore, in the car, some scenarios that are highly sensitive to delay are not suitable for using TLS-based authentication communication methods.
发明内容Contents of the invention
本申请实施例提供了一种应用可信身份的确认方法、管理单元及设备,用于完全基于用户态软件的中间件可信基构建与目标应用的身份连接,对内核无依赖,更灵活;此外,基于构建的身份连接,通信数据可以和身份数据融合,节省了通信次数,提升了设备性能。The embodiments of this application provide an application trusted identity confirmation method, management unit and device, which are used to build an identity connection with the target application based entirely on a middleware trusted base of user-mode software, which is independent of the kernel and more flexible; In addition, based on the built identity connection, communication data can be integrated with identity data, saving the number of communications and improving device performance.
基于此,本申请实施例提供以下技术方案:Based on this, the embodiments of this application provide the following technical solutions:
第一方面,本申请实施例首先提供一种应用可信身份的确认方法,可用于数据安全领域中,尤其可以应用于智能网联汽车领域中,该方法包括:首先,中间件可信基建立与目 标应用之间的身份连接,该中间件可信基为事先构建好的用户态软件,该目标应用至少包括第一应用和第二应用,在建立好与目标应用之间的身份连接后,中间件可信基再通过第一身份通道接收第一应用发送的第一请求,该第一请求也可以称为通信初始化请求,用于表征第一应用请求与第二应用进行通信,该第一身份通道为与第一应用对应的身份通道。之后,中间件可信基可以基于该第一请求得到第二请求,其中,该第二请求中就包括该第一应用的身份信息,中间件可信基会通过在建立身份连接时建立的第二身份通道将该第二请求向第二应用发送。需要注意的是,该第二身份通道是与第二应用对应的身份通道。第二应用在接收到中间件可信基发送的第二请求后,会从第二请求的数据报文中获得第一应用的身份信息,并根据该身份信息决定是否与第一应用建立通信通道,该通信通道可称为第一通信通道(即安全通道)。In the first aspect, the embodiments of this application first provide a method for confirming an application's trusted identity, which can be used in the field of data security, especially in the field of intelligent connected cars. The method includes: first, establishing a middleware trusted base The identity connection with the target application. The middleware trust base is pre-built user mode software. The target application at least includes the first application and the second application. After the identity connection with the target application is established, The middleware trusted base then receives the first request sent by the first application through the first identity channel. The first request can also be called a communication initialization request, which is used to indicate that the first application requests to communicate with the second application. The first request The identity channel is an identity channel corresponding to the first application. Afterwards, the middleware trusted base can obtain a second request based on the first request, wherein the second request includes the identity information of the first application, and the middleware trusted base will pass the third request established when establishing the identity connection. The second identity channel sends the second request to the second application. It should be noted that the second identity channel is an identity channel corresponding to the second application. After receiving the second request sent by the middleware trusted base, the second application will obtain the identity information of the first application from the data message of the second request, and decide whether to establish a communication channel with the first application based on the identity information. , this communication channel can be called the first communication channel (ie, safe channel).
在本申请上述实施方式中,本申请实施例是基于构建的中间件可信基建立与各应用进程之间的身份连接,更加灵活;并且进程在通信初始化阶段,是由中间件可信基在通信初始化请求中加入发起端进程的身份信息,来使得接收端进程识别该发起端进程是否为可靠应用进程,从而无需额外的身份传输过程,节约了通信次数,提升了通信性能;此外,该中间件可信基完全为用户态软件,对内核无依赖,更具普适性。In the above embodiments of the present application, the embodiment of the present application establishes identity connections with each application process based on the constructed middleware trust base, which is more flexible; and in the communication initialization stage of the process, the middleware trust base The identity information of the initiating process is added to the communication initialization request to enable the receiving process to identify whether the initiating process is a reliable application process. This eliminates the need for additional identity transmission processes, saves the number of communications, and improves communication performance; in addition, the intermediate The software trust base is completely user-mode software, has no dependence on the kernel, and is more universal.
在一种可能的实现方式中,中间件可信基建立与目标应用之间的身份连接可以是:中间件可信基借助执行管理建立与目标应用之间的身份连接。In a possible implementation manner, the middleware trust base establishes an identity connection with the target application in the following manner: the middleware trust base establishes an identity connection with the target application through execution management.
在一种可能的实现方式中,中间件可信基建立与目标应用之间的身份连接也可以是:中间件可信基借助目标应用的配置文件建立与所述目标应用之间的身份连接。In a possible implementation manner, the middleware trustworthy base establishing an identity connection with the target application may also be: the middleware trustworthy base establishes an identity connection with the target application using the configuration file of the target application.
在一种可能的实现方式中,中间件可信基根据第一请求得到第二请求的实现方式可以是:中间件可信基在第一请求中注入第一应用的身份信息,从而得到包含有第一应用的身份信息的第二请求,使得通信数据与身份数据进行了融合,从而无需额外的身份传输过程,节约了通信次数,提升了通信性能。In a possible implementation manner, the middleware trusted base obtains the second request based on the first request. The middleware trusted base injects the identity information of the first application into the first request, thereby obtaining the second request containing the first request. The second request for the identity information of the first application integrates the communication data with the identity data, thereby eliminating the need for additional identity transmission processes, saving the number of communications, and improving communication performance.
在一种可能的实现方式中,第一身份通道的访问权限受到第一限制,第一限制至少包括如下任意一种:不能创建或访问第三应用与中间件可信基之间的身份连接,其中,第三应用与第一应用为不同的应用;或,不能访问第二通信通道上传递的数据,其中,第二通信通道为与所述第一通信通道不同的通信通道。In a possible implementation, the access rights of the first identity channel are subject to a first restriction, and the first restriction includes at least any one of the following: the identity connection between the third application and the middleware trusted base cannot be created or accessed, Wherein, the third application and the first application are different applications; or, the data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a communication channel different from the first communication channel.
在一种可能的实现方式中,第二身份通道的访问权限受到第二限制,第二限制至少包括如下任意一种:不能创建或访问第四应用与中间件可信基之间的身份连接,其中,该第四应用与第二应用为不同的应用;或,不能访问第二通信通道上传递的数据,其中,该第二通信通道为与第一通信通道不同的通信通道。In a possible implementation, the access rights of the second identity channel are subject to a second restriction, and the second restriction includes at least any of the following: the identity connection between the fourth application and the middleware trusted base cannot be created or accessed, Wherein, the fourth application and the second application are different applications; or the data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a different communication channel from the first communication channel.
在一种可能的实现方式中,第一通信通道的访问权限受到第三限制,第三限制至少包括如下任意一种:不能创建或访问目标应用与中间件可信基之间的身份连接;或,不能访问第二通信通道上传递的数据,其中,该第二通信通道为与第一通信通道不同的通信通道。In a possible implementation, the access permission of the first communication channel is subject to a third restriction, and the third restriction includes at least any of the following: the identity connection between the target application and the middleware trusted base cannot be created or accessed; or , data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a communication channel different from the first communication channel.
在本申请上述实施方式中,为了避免恶意进程在通信过程中,对身份连接发起攻击,例如试图创建他人的身份连接以发起仿冒攻击,或者在通信过程中恶意篡改中间件可信基注入的身份信息等。上述所涉及的通道(如,第一身份通道、第二身份通道、第一通信通 道等)访问权限均受到了操作系统内核的限制,从而提高了数据安全性。In the above embodiments of the present application, in order to prevent malicious processes from launching attacks on the identity connection during the communication process, for example, trying to create other people's identity connections to launch counterfeit attacks, or maliciously tampering with the identity injected by the middleware trust base during the communication process Information etc. The access rights of the above-mentioned channels (such as the first identity channel, the second identity channel, the first communication channel, etc.) are restricted by the operating system kernel, thereby improving data security.
在一种可能的实现方式中,第一应用以及第二应用属于同一操作系统内的应用程序。In a possible implementation, the first application and the second application belong to application programs in the same operating system.
本申请实施例第二方面提供一种管理单元,该管理单元具有实现上述第一方面或第一方面任意一种可能实现方式的方法的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。The second aspect of the embodiments of the present application provides a management unit that has the function of implementing the method of the above-mentioned first aspect or any possible implementation of the first aspect. This function can be implemented by hardware, or it can be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions.
本申请实施例第三方面提供一种设备,可以包括存储器、处理器以及总线系统,其中,存储器用于存储程序,处理器用于调用该存储器中存储的程序以执行本申请实施例第一方面或第一方面任意一种可能实现方式的方法。The third aspect of the embodiment of the present application provides a device, which may include a memory, a processor and a bus system, wherein the memory is used to store programs, and the processor is used to call the program stored in the memory to execute the first aspect of the embodiment of the present application or The first aspect is any possible implementation method.
本申请实施例第四方面提供一种计算机可读存储介质,该计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机可以执行上述第一方面或第一方面任意一种可能实现方式的方法。The fourth aspect of the embodiments of the present application provides a computer-readable storage medium. The computer-readable storage medium stores instructions. When run on a computer, the computer can execute the first aspect or any one of the first aspects. Possible implementation methods.
本申请实施例第五方面提供了一种计算机程序,当其在计算机上运行时,使得计算机执行上述第一方面或第一方面任意一种可能实现方式的方法。The fifth aspect of the embodiment of the present application provides a computer program that, when run on a computer, causes the computer to execute the method of the above-mentioned first aspect or any possible implementation of the first aspect.
本申请实施例第六方面提供了一种芯片,该芯片包括至少一个处理器和至少一个接口电路,该接口电路和该处理器耦合,至少一个接口电路用于执行收发功能,并将指令发送给至少一个处理器,至少一个处理器用于运行计算机程序或指令,其具有实现如上述第一方面或第一方面任意一种可能实现方式的方法的功能,该功能可以通过硬件实现,也可以通过软件实现,还可以通过硬件和软件组合实现,该硬件或软件包括一个或多个与上述功能相对应的模块。此外,该接口电路用于与该芯片之外的其它模块进行通信。The sixth aspect of the embodiment of the present application provides a chip. The chip includes at least one processor and at least one interface circuit. The interface circuit is coupled to the processor. The at least one interface circuit is used to perform a transceiver function and send instructions to At least one processor, at least one processor is used to run computer programs or instructions, which has the function of implementing the above-mentioned first aspect or any of the possible implementation methods of the first aspect. This function can be implemented by hardware or software. Implementation can also be achieved through a combination of hardware and software. The hardware or software includes one or more modules corresponding to the above functions. In addition, the interface circuit is used to communicate with other modules outside the chip.
附图说明Description of the drawings
图1为本申请实施例提供的应用可信身份的确认方法一个流程示意图;Figure 1 is a schematic flow chart of a method for confirming an application's trusted identity provided by an embodiment of the present application;
图2为本申请实施例提供的中间件可信基建立身份连接的一个示意图;Figure 2 is a schematic diagram of the middleware trusted base provided by the embodiment of the present application to establish an identity connection;
图3为本申请实施例提供的中间件可信基借助执行管理建立身份连接的一个示意图;Figure 3 is a schematic diagram of the middleware trusted base provided by the embodiment of the present application using execution management to establish an identity connection;
图4为本申请实施例提供的中间件可信基借助配置文件建立身份连接的一个示意图;Figure 4 is a schematic diagram of the middleware trusted base provided by the embodiment of the present application using a configuration file to establish an identity connection;
图5为本申请实施例提供的中间件可信基中转身份信息的一个流程示意图;Figure 5 is a schematic flow chart of the middleware trusted base for transferring identity information provided by the embodiment of the present application;
图6为本申请实施例提供的车载系统访问开工至总体架构图;Figure 6 is a diagram illustrating the overall architecture of the vehicle system access from start to finish according to the embodiment of the present application;
图7为本申请实施例提供的管理单元的一个结构示意图;Figure 7 is a schematic structural diagram of a management unit provided by an embodiment of the present application;
图8为本申请实施例提供的设备的一个结构示意图。Figure 8 is a schematic structural diagram of the equipment provided by the embodiment of the present application.
具体实施方式Detailed ways
本申请实施例提供了一种应用可信身份的确认方法、管理单元及设备,用于完全基于用户态软件的中间件可信基构建与目标应用(application,APP)的身份连接,对内核无依赖,更灵活;此外,基于构建的身份连接,通信数据可以和身份数据融合,节省了通信次数,提升了设备性能。The embodiment of the present application provides a method, management unit and device for confirming an application's trusted identity, which is used to build an identity connection with a target application (application, APP) based entirely on a middleware trusted base based on user-mode software, without affecting the kernel. Dependence, more flexible; in addition, based on the built identity connection, communication data can be integrated with identity data, saving the number of communications and improving device performance.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的术语在适当情况 下可以互换,这仅仅是描述本申请的实施例中对相同属性的对象在描述时所采用的区分方式。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,以便包含一系列单元的过程、方法、系统、产品或设备不必限于那些单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它单元。The terms "first", "second", etc. in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that the terms so used are interchangeable under appropriate circumstances, and are merely a way of distinguishing objects with the same properties in describing the embodiments of the present application. Furthermore, the terms "include" and "having" and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, product or apparatus comprising a series of elements need not be limited to those elements, but may include not explicitly other elements specifically listed or inherent to such processes, methods, products or equipment.
为便于理解本申请方案,在介绍本申请实施例之前,先对本领域中通常采用的身份认证机制进行简单说明:In order to facilitate understanding of the solution of this application, before introducing the embodiments of this application, a brief description of the identity authentication mechanism commonly used in this field is given:
(1)基于SSL/TLS/HTTPS的身份认证机制(1) Identity authentication mechanism based on SSL/TLS/HTTPS
当前在互联网应用中使用比较广泛的是基于SSL/TLS/HTTPS的身份认证机制,其中,SSL是TLS的前身,全称为secure sockets layer,现在已不再更新;TLS的全称是transport layer security,是一种对基于网络的传输的加密协议,可以在受信任的第三方公证基础上做双方的身份认证;HTTPS的全称是hyper text transfer protocol over secure socket layer,是以安全为目标的HTTP通道,在HTTP的基础上通过传输加密和身份认证保证传输过程的安全性。The identity authentication mechanism based on SSL/TLS/HTTPS is currently widely used in Internet applications. Among them, SSL is the predecessor of TLS, and its full name is secure sockets layer. It is no longer updated; the full name of TLS is transport layer security, which is An encryption protocol for network-based transmission that can authenticate the identity of both parties based on a trusted third-party notarization; the full name of HTTPS is hyper text transfer protocol over secure socket layer, which is an HTTP channel targeting security. Based on HTTP, the security of the transmission process is ensured through transmission encryption and identity authentication.
以TLS为例,一次双向证书认证的过程需要经历四次握手流程,而证书是一种基于非对称加解密的认证机制。在一次完整TLS双向认证的握手流程中,服务端验证了来自客户端的证书,客户端验证了来自服务端的证书,从而建立基于密码学的信任机制。在完成双向认证后,服务端和客户端基于协商出来的密钥进行加密的安全通信。Taking TLS as an example, a two-way certificate authentication process requires a four-way handshake process, and the certificate is an authentication mechanism based on asymmetric encryption and decryption. In a complete TLS two-way authentication handshake process, the server verifies the certificate from the client, and the client verifies the certificate from the server, thereby establishing a trust mechanism based on cryptography. After completing the two-way authentication, the server and the client conduct encrypted secure communication based on the negotiated key.
基于证书的认证机制的过程需要可信任的第三方机构参与,例如CA。并且CA需要为通信两端均颁发证书。使用该方案进行身份认证,需要引入证书,以及证书生命周期的维护,增加了成本。另外,TLS在建链时,需要基于证书认证引入握手机制,而握手机制中需要完成多次证书校验流程。校验次数至少需要两次,而通常工作证书并非根证书,所以证书校验时通常要引入证书链校验,则证书校验次数可能远远超过2次,每次证书校验均需要通过云端的公开密钥基础设施(public key infrastructure,PKI)查询证书有效性,并且完成非对称加解密算法流程,每一步均为比较耗时的操作。所以在车内一些对时延敏感性很高的场景,不适合使用基于TLS的认证通信方式。The process of certificate-based authentication mechanism requires the participation of a trusted third-party organization, such as a CA. And the CA needs to issue certificates for both ends of the communication. Using this solution for identity authentication requires the introduction of certificates and the maintenance of the certificate life cycle, which increases costs. In addition, when building a TLS chain, a handshake mechanism needs to be introduced based on certificate authentication, and the handshake mechanism needs to complete multiple certificate verification processes. The number of verifications needs to be at least two, and usually the working certificate is not the root certificate, so certificate chain verification is usually introduced during certificate verification. The number of certificate verifications may be far more than 2 times, and each certificate verification needs to go through the cloud. The public key infrastructure (PKI) queries the certificate validity and completes the asymmetric encryption and decryption algorithm process. Each step is a time-consuming operation. Therefore, TLS-based authentication communication methods are not suitable for use in some scenarios that are highly sensitive to delay in the car.
(2)基于Linux UDS SCM_CREDENTIALS获取UID/GID/PID进行身份认证(2) Obtain UID/GID/PID for identity authentication based on Linux UDS SCM_CREDENTIALS
Family属性配置为AF_UNIX的socket被称为unix domain socket,简称UDS,为Linux内核提供的一种进程间通信方式,用于实现同一主机上的进程间通信(inter process communication,IPC),UDS可以用作系统内部高效的进程间通信。UDS提供了进程间传递身份的方式。当发送端进程指明发送的消息类型是SCM_CREDENTIALS时,接收端进程即可以通过Linux的C库函数,获取到发起端进程的UID/GID/PID。从而进一步获取到发起端进程的身份。需要说明的是,UDS的SCM_CREDENTIALS机制是通过内核的socket实现的,即由Linux内核在两个进程间传递发起端进程的UID/GID/PID信息。A socket whose Family attribute is configured as AF_UNIX is called a unix domain socket, or UDS for short. It is an inter-process communication method provided by the Linux kernel and is used to implement inter-process communication (IPC) on the same host. UDS can be used Efficient inter-process communication within the operating system. UDS provides a way to transfer identities between processes. When the sender process indicates that the message type sent is SCM_CREDENTIALS, the receiver process can obtain the UID/GID/PID of the initiator process through the Linux C library function. This further obtains the identity of the initiating process. It should be noted that the SCM_CREDENTIALS mechanism of UDS is implemented through the kernel socket, that is, the Linux kernel transfers the UID/GID/PID information of the initiating process between the two processes.
然而,UDS虽然可以完成基本的身份传递功能,该功能只要是Linux系统即可以使用,通用性很强。但随之而来的是,UDS仍然不能解决一些业务相关的问题,包括:However, although UDS can complete the basic identity transfer function, this function can be used as long as it is a Linux system and is very versatile. But along with it, UDS still cannot solve some business-related problems, including:
a、UDS还有一种方式是使用SO_PEERCRED机制,可以融合身份和数据传递,但需要额外增加一次系统调用来获取身份,这会造成通信性能的损失,从而降低了通信效率;a. Another way of UDS is to use the SO_PEERCRED mechanism, which can integrate identity and data transmission, but requires an additional system call to obtain the identity, which will cause a loss of communication performance and thus reduce communication efficiency;
b、身份信息只能是UID/GID/PID,需要业务代码进行映射才可以实现业务需要的逻辑;b. Identity information can only be UID/GID/PID, and business code needs to be mapped to implement the logic required by the business;
c、信息传递在内核实现,需要额外的系统调用来传递身份信息,降低了IPC通信的确定性。c. Information transfer is implemented in the kernel, requiring additional system calls to transfer identity information, which reduces the certainty of IPC communication.
(3)基于binder驱动传递身份信息(3) Transfer identity information based on binder driver
由于通用的UDS传递身份引入的问题,Linux主线引入了基于binder驱动的进程间通信方式。该通信方式在安卓(Android)系统中使用广泛。binder提供了一种通用的IPC框架,起初由open binder引入,并由Google定制广泛使用于安卓中的IPC场景。binder于Linux 3.19合入主线。Android将binder封装成java本地接口(java native interface,JNI)给上层应用使用。JNI接口会使用驱动层接口,即/dev/binder。binder驱动在内核将调用者身份信息注入到IPC数据中。该方案解决了上述第二种方式中的问题a。基于binder的通信方式合并了数据报文和发起端身份信息,接收端可以通过get calling UID类接口访问到对端的身份信息。Due to the problems introduced by the universal UDS transfer identity, the Linux mainline introduced an inter-process communication method based on the binder driver. This communication method is widely used in Android systems. binder provides a universal IPC framework, initially introduced by open binder and customized by Google for widespread use in IPC scenarios in Android. The binder was merged into the mainline in Linux 3.19. Android encapsulates binder into a java native interface (java native interface, JNI) for use by upper-layer applications. The JNI interface will use the driver layer interface, which is /dev/binder. The binder driver injects caller identity information into IPC data in the kernel. This solution solves problem a in the second way above. The binder-based communication method combines the data message and the identity information of the initiator. The receiving end can access the identity information of the peer through the get calling UID class interface.
但binder方案仍然无法处理上述第二种方式中提及的问题b和问题c,即:binder仍然只能传输UID/GID/PID类操作系统提供的逻辑概念信息。安卓在使用时为每个进程均赋予了独一无二的UID来解决了该问题。但此类解决方案并非一个通用解决方案,并不适用于车载操作系统;binder的身份信息获取逻辑在内核,增加了内核处理时间,对性能仍然不够友好。由于binder已合并入内核主线,所以可维护性得以缓解,但要再向内核推入类似的功能困难较大。However, the binder solution still cannot handle the problems b and c mentioned in the second method above, that is: the binder can still only transmit the logical concept information provided by the UID/GID/PID operating system. Android solves this problem by giving each process a unique UID. However, this type of solution is not a universal solution and is not suitable for vehicle operating systems; the identity information acquisition logic of binder is in the kernel, which increases the kernel processing time and is still not performance friendly enough. Since binder has been merged into the kernel mainline, maintainability has been alleviated, but it is more difficult to push similar functions into the kernel.
综上所述,现有的一些身份认证机制的方案多基于内核获取对端进程的UID/GID/PID信息,通常会引入以下问题:1)无法和业务通信融合,需要额外的通信从内核获取对应进程的信息;2)只能传递操作系统已有的逻辑概念,例如UID/GID/PID,无法实现与业务紧密结合,在身份使用时,仍然需要一次查表映射;3)身份认证过程在内核实现,引入多次系统调用,降低性能,且引入内核修改,维护较困难。To sum up, some existing identity authentication mechanism solutions are mostly based on the kernel to obtain the UID/GID/PID information of the peer process, which usually introduces the following problems: 1) It cannot be integrated with business communication and requires additional communication to obtain it from the kernel. Information corresponding to the process; 2) It can only transfer the existing logical concepts of the operating system, such as UID/GID/PID, and cannot be closely integrated with the business. When using the identity, a table lookup mapping is still required; 3) The identity authentication process is Kernel implementation introduces multiple system calls, which reduces performance, and introduces kernel modifications, making maintenance difficult.
基于此,本申请实施例提供了一种应用可信身份的确认方法、管理单元及设备,可以解决以上三个问题,具体地,本申请实施例完全基于用户态软件的中间件可信基构建与目标应用的身份连接,对内核无依赖,更灵活;此外,基于构建的身份连接,通信数据可以和身份数据融合,节省了通信次数,提升了设备性能。Based on this, the embodiment of the present application provides a method, management unit and device for confirming an application's trusted identity, which can solve the above three problems. Specifically, the embodiment of the present application is entirely based on the middleware trusted base of user-mode software. The identity connection with the target application has no dependence on the kernel and is more flexible; in addition, based on the built-in identity connection, communication data can be integrated with identity data, saving the number of communications and improving device performance.
下面结合附图,对本申请的实施例进行描述。本领域普通技术人员可知,随着技术的发展和新场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。The embodiments of the present application are described below with reference to the accompanying drawings. Persons of ordinary skill in the art know that with the development of technology and the emergence of new scenarios, the technical solutions provided in the embodiments of this application are also applicable to similar technical problems.
具体请参阅图1,图1为本申请实施例提供的应用可信身份的确认方法一个流程示意图,具体可以包括如下步骤:Please refer to Figure 1 for details. Figure 1 is a schematic flowchart of a method for confirming an application's trusted identity provided by an embodiment of the present application. Specifically, it may include the following steps:
101、中间件可信基建立与目标应用之间的身份连接,中间件可信基为事先构建的用户态软件,目标应用至少包括第一应用和第二应用。101. The middleware trust base establishes an identity connection with the target application. The middleware trust base is user-mode software built in advance. The target application at least includes a first application and a second application.
首先,本申请实施例会事先构建一个中间件可信基,该中间件可信基也可称为identity manager,为一种用户态软件,该中间件可信基本身是可信的。First, the embodiment of this application will build a middleware trust base in advance. The middleware trust base can also be called identity manager, which is a kind of user-mode software. The middleware trust base itself is trustworthy.
在本申请实施例中,一个操作系统对应构建有一个中间件可信基,在构建好中间件可信基之后,中间件可信基就可以建立与相关应用(可称为目标应用、目标进程等,为便于 阐述,均以应用为例进行说明)之间的身份连接。在本申请实施例中,该目标应用至少包括两个不同的应用,可称为第一应用和第二应用。具体地,在本申请的一些实施方式中,目标应用可以是指属于同一操作系统中的任意一个或多个应用(例如,可以是所有应用),在这种情况下,第一应用和第二应用也就是指属于同一操作系统内的应用程序。In this embodiment of the present application, a middleware trust base is constructed corresponding to an operating system. After the middleware trust base is constructed, the middleware trust base can be established and related to related applications (which can be called target applications, target processes). etc., for ease of explanation, applications are used as examples to illustrate the identity connection between). In this embodiment of the present application, the target application includes at least two different applications, which may be called a first application and a second application. Specifically, in some embodiments of the present application, the target application may refer to any one or more applications (for example, it may be all applications) belonging to the same operating system. In this case, the first application and the second application Applications refer to applications that belong to the same operating system.
具体地,中间件可信基在启动时,会与属于该操作系统内的所有应用的进程建立用于标记身份的通信通道,如图2所示,该通信通道可称为身份通道,在本申请实施例中,建立身份连接的方式有多种,包括但不限于:Specifically, when the middleware trust base is started, it will establish a communication channel for marking identities with the processes belonging to all applications in the operating system. As shown in Figure 2, this communication channel can be called an identity channel. In this article In the application embodiment, there are multiple ways to establish identity connections, including but not limited to:
(1)中间件可信基借助执行管理建立与目标应用之间的身份连接。(1) The middleware trust base establishes an identity connection with the target application through execution management.
在这种建立身份连接的方式下,中间件可信基可以借助执行管理(执行管理是一个服务进程)来建立与目标应用之间的身份连接。例如,执行管理可以通知中间件可信基有哪些APP进程启动了,然后中间件可信基再主动发起身份连接。In this way of establishing an identity connection, the middleware trusted base can use execution management (execution management is a service process) to establish an identity connection with the target application. For example, execution management can notify the middleware trust base which APP processes have been started, and then the middleware trust base can actively initiate identity connections.
为便于理解上述过程,下面以车载平台软件业务为例对借助执行管理建立身份连接进行说明,具体的过程可以是:车载平台软件业务进程均由执行管理拉起。执行管理的角色类似于Android的zygote进程,执行管理通过fork-exec系统调用,最终拉起业务进程。在拉起APP进程的过程当中,执行管理协助建立起身份通道。具体请参阅图3,其创建流程如下:In order to facilitate understanding of the above process, the following uses the vehicle platform software business as an example to illustrate the establishment of identity connection with the help of execution management. The specific process can be as follows: The vehicle platform software business processes are all started by execution management. The role of execution management is similar to Android's zygote process. Execution management is called through the fork-exec system and ultimately starts the business process. During the process of launching the APP process, the execution management assists in establishing the identity channel. Please refer to Figure 3 for details. The creation process is as follows:
①执行管理调用fork系统调用创建子进程,此时仍是执行管理的代码在运行;① The execution management calls the fork system call to create a child process. At this time, the execution management code is still running;
②执行管理子进程打开该APP进程的身份连接通道;② Execute the management sub-process to open the identity connection channel of the APP process;
③该子进程向中间件可信基发起IPC通信,通知中间件可信基将要拉起某个APP进程;③The sub-process initiates IPC communication to the middleware trusted base, notifying the middleware trusted base that it is about to launch an APP process;
④中间件可信基尝试打开该APP进程的身份连接通道。④The middleware trust base attempts to open the identity connection channel of the APP process.
(2)中间件可信基借助目标应用的配置文件建立与目标应用之间的身份连接。(2) The middleware trust base uses the configuration file of the target application to establish an identity connection with the target application.
在这种建立身份连接的方式下,中间件可信基可以借助配置文件来建立与目标应用之间的身份连接。例如,中间件可信基可以静态获取当前平台需要启动的APP进程信息,进而发起身份连接。In this way of establishing an identity connection, the middleware trusted base can use the configuration file to establish an identity connection with the target application. For example, the middleware trust base can statically obtain the APP process information that needs to be started on the current platform, and then initiate an identity connection.
为便于理解上述过程,下面以车载平台软件业务为例对借助执行管理建立身份连接进行说明,具体过程可以是:In order to facilitate understanding of the above process, the following uses the vehicle platform software business as an example to illustrate the establishment of identity connection through execution management. The specific process can be:
车载平台软件业务进程具备各自的配置文件。该配置文件由软件打包集成时,安装在车载平台的根文件系统中,该文件处于只读文件系统中,且启动时,会随整系统校验确保其完整性。中间件可信基和APP进程均可以基于此配置文件,获取APP进程身份连接的信息。由于操作系统的强制访问控制(mandatory access control,MAC)策略规定了APP进程只能访问对应其身份的身份连接通道,所以本申请实施例创建的身份连接也是安全可信的,具体可参阅图4,其创建流程如下:The vehicle platform software business process has its own configuration file. When the configuration file is packaged and integrated by the software, it is installed in the root file system of the vehicle platform. The file is in a read-only file system, and when it is started, it will be verified with the entire system to ensure its integrity. Both the middleware trust base and the APP process can obtain the identity connection information of the APP process based on this configuration file. Since the mandatory access control (MAC) policy of the operating system stipulates that the APP process can only access the identity connection channel corresponding to its identity, the identity connection created by the embodiment of this application is also safe and trustworthy. Please refer to Figure 4 for details. , its creation process is as follows:
①启动时,中间件可信基遍历同一操作系统下所有APP进程的配置文件,并为每个APP进程打开其身份连接通道,尝试与APP建立身份连接;① When starting, the middleware trust base traverses the configuration files of all APP processes under the same operating system, opens its identity connection channel for each APP process, and attempts to establish an identity connection with the APP;
②APP进程首次通信时,通过读取配置文件中的身份连接信息,打开其自身的身份连接通道,从而与中间件可信基建立可信的安全身份通道。② When the APP process communicates for the first time, it opens its own identity connection channel by reading the identity connection information in the configuration file, thereby establishing a trusted secure identity channel with the middleware trust base.
需要说明的是,一旦中间件可信基与同一操作系统下的所有应用进程建立了身份连接之后,则内核可信基提供的身份信息就可以转移到该中间件可信基中。It should be noted that once the middleware trust base establishes identity connections with all application processes under the same operating system, the identity information provided by the kernel trust base can be transferred to the middleware trust base.
102、中间件可信基通过第一身份通道接收第一应用发送的第一请求,第一请求用于表征第一应用请求与第二应用进行通信。102. The middleware trusted base receives the first request sent by the first application through the first identity channel, where the first request is used to represent the first application's request to communicate with the second application.
中间件可信基在建立好与目标应用之间的身份连接之后,整个操作系统就可经由中间件可信基来中转各个应用的身份信息。在本申请实施例中,当一个应用进程(可称为第一应用,即APP1,也可称为发起端进程)要同另外一个应用进程(可称为第二应用,即APP2,也可称为接收端进程)发生通信时,接收端进程需要能够判断发起端进程的身份,如果发起端进程是身份不明的进程,为了通信安全,接收端进程则会拒绝与其通信。因此,在通信初始化时,发起端进程并不能直接与接收端进程通信。如果发起端试图直接访问,则会被接收端直接拒绝通信。此时就要求,发起端进程的身份能够安全的传输到接收端进程。但又不能直接通过两个应用进程之间的通信通道载荷来传输,因为如果采用这种传递方式,则一个不可信的进程或者一个恶意进程可以额任意地调整通信载荷来仿冒其他的应用进程,从而会使得接收端进程无法做出正确、可靠的判断。因此,在通信初始化时,第一应用需要与中间件可信基进行通信,以经由该中间件可信基尝试与第二应用建立通信通道。After the middleware trust base establishes the identity connection with the target application, the entire operating system can transfer the identity information of each application through the middleware trust base. In this embodiment of the present application, when an application process (can be called the first application, that is, APP1, also can be called the initiating end process) wants to communicate with another application process (can be called the second application, that is, APP2, can also be called When communication occurs with a receiving process), the receiving process needs to be able to determine the identity of the initiating process. If the initiating process is an unidentified process, for the sake of communication security, the receiving process will refuse to communicate with it. Therefore, during communication initialization, the initiating process cannot communicate directly with the receiving process. If the initiating end attempts to access directly, the communication will be directly rejected by the receiving end. At this time, it is required that the identity of the initiating process can be safely transmitted to the receiving process. But it cannot be transmitted directly through the communication channel load between two application processes, because if this transmission method is used, an untrustworthy process or a malicious process can arbitrarily adjust the communication load to imitate other application processes. This will prevent the receiving process from making correct and reliable judgments. Therefore, during communication initialization, the first application needs to communicate with the middleware trusted base to attempt to establish a communication channel with the second application via the middleware trusted base.
具体地,中间件可信基可以通过在建立身份连接时建立的第一身份通道接收第一应用发送的第一请求,该第一请求也可以称为通信初始化请求,用于表征第一应用请求与第二应用进行通信。需要注意的是,该第一身份通道是与第一应用对应的身份通道。Specifically, the middleware trusted base may receive the first request sent by the first application through the first identity channel established when establishing the identity connection. The first request may also be called a communication initialization request and is used to characterize the first application request. Communicate with the second application. It should be noted that the first identity channel is an identity channel corresponding to the first application.
103、中间件可信基根据第一请求得到第二请求,第二请求中包括第一应用的身份信息。103. The middleware trusted base obtains the second request according to the first request, and the second request includes the identity information of the first application.
中间件可信基在接收到第一应用发送的第一请求(即通信初始化请求)之后,会进一步根据该第一请求得到第二请求,该第二请求中包括有第一应用的身份信息。After receiving the first request (ie, communication initialization request) sent by the first application, the middleware trusted base will further obtain a second request based on the first request. The second request includes the identity information of the first application.
需要说明的是,在本申请的一些实施方式中,中间件可信基基于第一请求得到第二请求的方式可以是:中间件可信基在第一请求中注入第一应用的身份信息,从而得到包含有第一应用的身份信息的第二请求。It should be noted that in some implementations of the present application, the way in which the middleware trusted base obtains the second request based on the first request may be: the middleware trusted base injects the identity information of the first application into the first request, Thus, a second request containing the identity information of the first application is obtained.
104、中间件可信基通过第二身份通道将第二请求向第二应用发送。104. The middleware trusted base sends the second request to the second application through the second identity channel.
之后,中间件可信基会通过在建立身份连接时建立的第二身份通道将该第二请求向第二应用发送。需要注意的是,该第二身份通道是与第二应用对应的身份通道。在本申请的一些实施方式中,中间件可信基可以基于自身维护的APP ID来确定第二应用具体是哪个应用,如图5所示。Afterwards, the middleware trusted base will send the second request to the second application through the second identity channel established when establishing the identity connection. It should be noted that the second identity channel is an identity channel corresponding to the second application. In some implementations of the present application, the middleware trust base can determine which application the second application is based on the APP ID maintained by itself, as shown in Figure 5.
105、第二应用基于第二请求中的身份信息决定是否与第一应用建立第一通信通道。105. The second application determines whether to establish a first communication channel with the first application based on the identity information in the second request.
第二应用在接收到中间件可信基发送的第二请求后,会从第二请求的数据报文中获得第一应用的身份信息,并根据该身份信息决定是否与第一应用建立通信通道,该通信通道可称为第一通信通道(即安全通道)。After receiving the second request sent by the middleware trusted base, the second application will obtain the identity information of the first application from the data message of the second request, and decide whether to establish a communication channel with the first application based on the identity information. , this communication channel can be called the first communication channel (ie, safe channel).
这里需要注意的是,由于该中间件可信基本身是可信的,这推导出经由该中间件可信基转发的请求中的身份信息也是可信的。所以第二应用可以基于第一应用的身份信息进行判断。另外,中间件可信基与通信两端进程之间的第一通信通道是初始化时由系统执行管理与中间件可信基共同建立的。由于系统的执行管理与本申请所述的中间件可信基属于同 一安全级别,所以经由这两个通道发送的数据请求也是可信的。It should be noted here that since the middleware trust base itself is trustworthy, it follows that the identity information in the request forwarded via the middleware trust base is also trustworthy. Therefore, the second application can make a judgment based on the identity information of the first application. In addition, the first communication channel between the middleware trust base and the processes at both ends of the communication is jointly established by the system execution management and the middleware trust base during initialization. Since the execution management of the system belongs to the same security level as the middleware trust base described in this application, data requests sent through these two channels are also trustworthy.
由上述步骤可知,本申请实施例提供的应用可信身份的确认方法是基于构建的中间件可信基建立与各应用进程之间的身份连接,更加灵活;并且进程在通信初始化阶段,是由中间件可信基在通信初始化请求中注入发起端进程的身份信息(即通信数据与身份数据进行了融合),来使得接收端进程识别该发起端进程是否为可靠应用进程,从而无需额外的身份传输过程,节约了通信次数,提升了通信性能;此外,该中间件可信基完全为用户态软件,对内核依赖少,更具普适性。It can be seen from the above steps that the application trusted identity confirmation method provided by the embodiment of the application is based on the constructed middleware trusted base to establish the identity connection with each application process, which is more flexible; and in the communication initialization stage, the process is The middleware trust base injects the identity information of the initiating process into the communication initialization request (that is, the communication data and the identity data are fused), so that the receiving process can identify whether the initiating process is a reliable application process, thereby eliminating the need for additional identities. The transmission process saves the number of communications and improves communication performance; in addition, the middleware trust base is completely user-mode software, which has less dependence on the kernel and is more universal.
需要说明的是,在本申请的一些实施方式中,为了避免恶意进程在通信过程中,对身份连接发起攻击,例如试图创建他人的身份连接以发起仿冒攻击,或者在通信过程中恶意篡改中间件可信基注入的身份信息等。上述所涉及的通道(如,第一身份通道、第二身份通道、第一通信通道等)访问权限必须受到限制,具体地,第一身份通道的访问权限受到第一限制,该第一限制至少包括如下任意一种:不能创建或访问第三应用与中间件可信基之间的身份连接,其中,第三应用与第一应用为不同的应用;或,不能访问第二通信通道上传递的数据,其中,第二通信通道为与所述第一通信通道不同的通信通道。类似地,第二身份通道的访问权限受到第二限制,该第二限制至少包括如下任意一种:不能创建或访问第四应用与中间件可信基之间的身份连接,其中,该第四应用与第二应用为不同的应用;或,不能访问第二通信通道上传递的数据,其中,该第二通信通道为与第一通信通道不同的通信通道。第一通信通道的访问权限受到第三限制,第三限制至少包括如下任意一种:不能创建或访问目标应用与中间件可信基之间的身份连接;或,不能访问第二通信通道上传递的数据,其中,该第二通信通道为与第一通信通道不同的通信通道。It should be noted that in some implementations of this application, in order to prevent malicious processes from launching attacks on the identity connection during the communication process, for example, trying to create someone else's identity connection to launch a counterfeit attack, or maliciously tampering with the middleware during the communication process Identity information injected by the trusted base, etc. The access rights of the above-mentioned channels (such as the first identity channel, the second identity channel, the first communication channel, etc.) must be restricted. Specifically, the access rights of the first identity channel are subject to a first restriction, and the first restriction is at least Including any of the following: the inability to create or access the identity connection between the third application and the middleware trusted base, where the third application and the first application are different applications; or the inability to access the data passed on the second communication channel. Data, wherein the second communication channel is a communication channel different from the first communication channel. Similarly, the access permission of the second identity channel is subject to a second restriction, and the second restriction includes at least any of the following: the identity connection between the fourth application and the middleware trusted base cannot be created or accessed, wherein the fourth The application and the second application are different applications; or the data transmitted on the second communication channel cannot be accessed, wherein the second communication channel is a communication channel different from the first communication channel. The access rights of the first communication channel are subject to a third restriction, which includes at least one of the following: the inability to create or access the identity connection between the target application and the middleware trusted base; or the inability to access the transfer on the second communication channel. data, wherein the second communication channel is a communication channel different from the first communication channel.
也就是说,上述所述的各个通道不能创建或访问其他进程与中间件可信基之间的身份连接,确保身份机制安全可信;此外,各个通道也不能访问其他进程之间的通信数据,确保安全通信通道内的数据安全,避免篡改和信息泄露。在本申请的一些实施方式中,为了达到以上目的,本申请实施例可以采用Linux内核提供的访问控制机制,对所有的通信通道实施保护,包括但不限于:In other words, each channel mentioned above cannot create or access identity connections between other processes and the middleware trusted base to ensure that the identity mechanism is safe and trustworthy; in addition, each channel cannot access communication data between other processes. Ensure data security within secure communication channels to avoid tampering and information leakage. In some implementations of this application, in order to achieve the above objectives, embodiments of this application can use the access control mechanism provided by the Linux kernel to protect all communication channels, including but not limited to:
a、采用内核的MAC机制,例如安全增强型Linux(security-enhanced Linux,SELinux),对应用进程的行为加以限制。只允许其访问与自身有关的通道(如,管道、UDS、共享内存等),包括与Identity Manager的身份连接、与其他进程建立的安全通信通道等。a. Use the kernel's MAC mechanism, such as security-enhanced Linux (SELinux), to restrict the behavior of application processes. It is only allowed to access channels related to itself (such as pipes, UDS, shared memory, etc.), including identity connections with Identity Manager, secure communication channels established with other processes, etc.
b、采用自主访问控制(discretionary access control,DAC)的方式,例如构建APP沙盒,每个APP采用不同的用户运行,达到隔离的效果。从而能保证每个进程只能访问与自身有关的通道。b. Adopt discretionary access control (DAC), such as building an APP sandbox and running each APP with a different user to achieve isolation. This ensures that each process can only access channels related to itself.
综上所述,本申请实施例综合考虑到了现有方法的不足,提出的基于中间件可信基进行应用可信身份的确认方法可以与通信框架整合,实现数据通信和身份传递的融合;并且,基于纯用户态的中间件可信基,避免过多、过久地陷入内核操作,提升了通信性能和确定性;最后,本申请实施例完全贴合业务的ID体系,避免直接使用UID等操作系统逻辑概念,更具灵活性。In summary, the embodiments of this application take into account the shortcomings of existing methods, and the proposed method for confirming application trusted identity based on a middleware trust base can be integrated with the communication framework to achieve the integration of data communication and identity transfer; and , based on a pure user-mode middleware trust base, avoids being trapped in kernel operations too much and for too long, and improves communication performance and certainty; finally, the embodiment of this application fully conforms to the business ID system and avoids the direct use of UID and other operations. System logic concept, more flexible.
由于智慧城市、智能驾驶等领域中都可以用到本申请实施例中的所述的应用可信身份 的确定方法来保证数据安全,下面对一个典型的落地到产品的应用场景进行介绍。Since the application trusted identity determination method described in the embodiments of this application can be used in smart cities, smart driving and other fields to ensure data security, a typical application scenario implemented in products is introduced below.
在数字安全领域,访问控制可以作为避免恶意入侵的重要手段。在入侵发生时,也能作为控制入侵者获取更高级别资源的韧性手段。所以,针对软件系统中需要使用到的关键资源进行访问控制是安全领域一项非常重要的技术。而访问控制必须基于可信的身份机制,才可以有效实施。在互联网领域,可信身份通常是基于证书体系以及密码学来实现。但是在车载软件这类对可靠性实时性要求非常高的场景,完全基于证书体系或密码学的身份机制并不完全适用。本发明针对车载软件的特征,基于用户态实现了完整的可信身份机制。本发明的应用系统框架如图6所示,本申请实施例提供的应用可信身份的确认方法可在图6中的IAM模块中实现。In the field of digital security, access control can be an important means to avoid malicious intrusions. When an invasion occurs, it can also be used as a resilient means to control the intruder's access to higher-level resources. Therefore, access control for key resources that need to be used in software systems is a very important technology in the security field. Access control must be based on a trusted identity mechanism to be effectively implemented. In the Internet field, trusted identities are usually implemented based on certificate systems and cryptography. However, in scenarios such as vehicle-mounted software that require very high reliability and real-time performance, an identity mechanism based entirely on a certificate system or cryptography is not fully applicable. In view of the characteristics of vehicle-mounted software, the present invention implements a complete trusted identity mechanism based on user mode. The application system framework of the present invention is shown in Figure 6. The application trusted identity confirmation method provided by the embodiment of the present application can be implemented in the IAM module in Figure 6.
需要说明的是,本申请涉及的技术不仅仅局限于自动驾驶平台,还包括一切在用户态可信基构建访问控制场景,包括但不限于工业控制、铁路、航空等各类对数字安全有高规格要求的系统和方案,属于一种通用型的用户态安全身份传递机制。几乎可以适用于任何场景,具备很好的可定制型和可扩展性。It should be noted that the technology involved in this application is not limited to autonomous driving platforms, but also includes all access control scenarios built on user-mode trusted bases, including but not limited to industrial control, railways, aviation and other types of applications that have a high level of digital security. The systems and solutions required by the specifications belong to a universal user-space secure identity transfer mechanism. It can be applied to almost any scenario and is highly customizable and scalable.
在上述实施例的基础上,为了更好的实施本申请实施例的上述方案,下面还提供用于实施上述方案的相关单元。具体参阅图7,图7为本申请实施例提供的管理单元的一个结构示意图,该管理单元700具体可以包括:建立模块701、第一发送模块702、获取模块703以及第二发送模块704,其中,建立模块701,用于建立与目标应用之间的身份连接,该目标应用至少包括第一应用和第二应用;第一发送模块702,用于通过第一身份通道接收该第一应用发送的第一请求,该第一请求用于表征该第一应用请求与第二应用进行通信,该第一身份通道与该第一应用对应;获取模块703,用于根据该第一请求得到第二请求,该第二请求中包括该第一应用的身份信息;第二发送模块704,用于通过第二身份通道将该第二请求向该第二应用发送,以使得该第二应用基于该第二请求中该身份信息决定是否与该第一应用建立第一通信通道,该第二身份通道与该第二应用对应。On the basis of the above embodiments, in order to better implement the above solutions in the embodiments of the present application, relevant units for implementing the above solutions are also provided below. Specifically referring to Figure 7, Figure 7 is a schematic structural diagram of a management unit provided by an embodiment of the present application. The management unit 700 may specifically include: a creation module 701, a first sending module 702, an acquisition module 703, and a second sending module 704, where , the establishment module 701 is used to establish an identity connection with the target application, which includes at least a first application and a second application; the first sending module 702 is used to receive the information sent by the first application through the first identity channel. The first request is used to represent that the first application requests communication with the second application, and the first identity channel corresponds to the first application; the acquisition module 703 is used to obtain the second request according to the first request. , the second request includes the identity information of the first application; the second sending module 704 is configured to send the second request to the second application through the second identity channel, so that the second application is based on the second The identity information in the request determines whether to establish a first communication channel with the first application, and the second identity channel corresponds to the second application.
在一种可能的设计中,建立模块701,具体用于:借助执行管理建立与该目标应用之间的身份连接。In one possible design, the establishment module 701 is specifically configured to establish an identity connection with the target application through execution management.
在一种可能的设计中,建立模块701,具体用于:借助该目标应用的配置文件建立与该目标应用之间的身份连接。In one possible design, the establishment module 701 is specifically configured to: establish an identity connection with the target application using the configuration file of the target application.
在一种可能的设计中,获取模块703,具体用于:在该第一请求中注入该第一应用的身份信息,得到该第二请求。In one possible design, the acquisition module 703 is specifically configured to inject the identity information of the first application into the first request to obtain the second request.
在一种可能的设计中,第一身份通道的访问权限受到第一限制,该第一限制至少包括如下任意一种:不能创建或访问第三应用与该中间件可信基之间的身份连接,该第三应用与该第一应用为不同的应用;或,不能访问第二通信通道上传递的数据,该第二通信通道为与该第一通信通道不同的通信通道。In a possible design, the access rights of the first identity channel are subject to a first restriction, which first restriction includes at least any of the following: an identity connection between a third application and the middleware trusted base cannot be created or accessed , the third application and the first application are different applications; or, the data transmitted on the second communication channel cannot be accessed, and the second communication channel is a communication channel different from the first communication channel.
在一种可能的设计中,第二身份通道的访问权限受到第二限制,该第二限制至少包括如下任意一种:不能创建或访问第四应用与该中间件可信基之间的身份连接,该第四应用与该第二应用为不同的应用;或,不能访问第二通信通道上传递的数据,该第二通信通道为与该第一通信通道不同的通信通道。In a possible design, the access rights of the second identity channel are subject to a second restriction, and the second restriction includes at least any of the following: the identity connection between the fourth application and the middleware trusted base cannot be created or accessed. , the fourth application and the second application are different applications; or, the data transmitted on the second communication channel cannot be accessed, and the second communication channel is a communication channel different from the first communication channel.
在一种可能的设计中,第一通信通道的访问权限受到第三限制,该第三限制至少包括如下任意一种:不能创建或访问该目标应用与该中间件可信基之间的身份连接;或,不能访问第二通信通道上传递的数据,该第二通信通道为与该第一通信通道不同的通信通道。In a possible design, the access permission of the first communication channel is subject to a third restriction, and the third restriction includes at least any of the following: the identity connection between the target application and the middleware trusted base cannot be created or accessed. ; Or, the data transmitted on the second communication channel cannot be accessed, and the second communication channel is a communication channel different from the first communication channel.
在一种可能的设计中,第一应用以及该第二应用属于同一操作系统内的应用程序。In a possible design, the first application and the second application belong to application programs in the same operating system.
需要说明的是,管理单元700中各模块/单元之间的信息交互、执行过程等内容,与本申请中图1对应的方法实施例基于同一构思,具体内容可参见本申请前述所示的方法实施例中的叙述,此处不再赘述。It should be noted that the information interaction, execution process, etc. between the modules/units in the management unit 700 are based on the same concept as the method embodiment corresponding to Figure 1 in this application. For specific content, please refer to the method shown above in this application. The descriptions in the embodiments will not be repeated here.
接下来介绍本申请实施例提供的一种设备,请参阅图8,图8为本申请实施例提供的设备的一种结构示意图,设备800上可以部署有图7对应实施例中所描述的管理单元700,用于实现图7对应实施例中管理单元700的功能,具体的,设备800由一个或多个服务器实现,设备800可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上中央处理器(central processing units,CPU)822和存储器832,一个或一个以上存储应用程序842或数据844的存储介质830(例如一个或一个以上海量存储设备)。其中,存储器832和存储介质830可以是短暂存储或持久存储。存储在存储介质830的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对设备800中的一系列指令操作。更进一步地,中央处理器822可以设置为与存储介质830通信,在设备800上执行存储介质830中的一系列指令操作。Next, a device provided by an embodiment of the present application is introduced. Please refer to Figure 8. Figure 8 is a schematic structural diagram of a device provided by an embodiment of the present application. The management described in the corresponding embodiment of Figure 7 can be deployed on the device 800. Unit 700 is used to implement the functions of the management unit 700 in the corresponding embodiment of Figure 7. Specifically, the device 800 is implemented by one or more servers. The device 800 may vary greatly due to different configurations or performance, and may include one or more servers. One or more central processing units (CPU) 822 and memory 832, and one or more storage media 830 (such as one or more mass storage devices) storing application programs 842 or data 844. Among them, the memory 832 and the storage medium 830 may be short-term storage or persistent storage. The program stored in the storage medium 830 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations on the device 800 . Furthermore, the central processor 822 may be configured to communicate with the storage medium 830 and execute a series of instruction operations in the storage medium 830 on the device 800 .
设备800还可以包括一个或一个以上电源826,一个或一个以上有线或无线网络接口850,一个或一个以上输入输出接口858,和/或,一个或一个以上操作系统841,例如Windows ServerTM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTM等等。 Device 800 may also include one or more power supplies 826, one or more wired or wireless network interfaces 850, one or more input and output interfaces 858, and/or, one or more operating systems 841, such as Windows Server™, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM and many more.
本申请实施例中,中央处理器822,用于执行图1对应实施例中应用可信身份的确认方法,具体内容可参见本申请前述所示的方法实施例中的叙述,此处不再赘述。In this embodiment of the present application, the central processor 822 is used to execute the trusted identity confirmation method in the corresponding embodiment of Figure 1. For specific content, please refer to the description in the method embodiments shown above in this application, and will not be described again here. .
需要说明的是,中央处理器822执行上述各个步骤的具体方式,与本申请中图1对应的方法实施例基于同一构思,其带来的技术效果也与本申请上述实施例相同,具体内容可参见本申请前述所示的方法实施例中的叙述,此处不再赘述。It should be noted that the specific manner in which the central processor 822 executes each of the above steps is based on the same concept as the method embodiment corresponding to Figure 1 in this application, and the technical effects it brings are also the same as the above-mentioned embodiments in this application. The specific content can be Please refer to the descriptions in the method embodiments shown above in this application, which will not be described again here.
本申请实施例中还提供一种计算机可读存储介质,该计算机可读存储介质中存储有用于进行信号处理的程序,当其在计算机上运行时,使得计算机执行如前述图1所示实施例描述的中间件可信基所执行的步骤。An embodiment of the present application also provides a computer-readable storage medium, which stores a program for signal processing. When it is run on a computer, it causes the computer to execute the embodiment shown in Figure 1 Describes the steps performed by the middleware trustbase.
本申请实施例提供的设备具体可以为芯片,芯片包括:处理单元和通信单元,所述处理单元例如可以是处理器,所述通信单元例如可以是输入/输出接口、管脚或电路等。该处理单元可执行存储单元存储的计算机执行指令,以使设备内的芯片执行上述图1所示实施例描述的中间件可信基所执行的步骤。The device provided by the embodiment of the present application may specifically be a chip. The chip may include: a processing unit and a communication unit. The processing unit may be, for example, a processor. The communication unit may be, for example, an input/output interface, a pin, or a circuit. The processing unit can execute computer execution instructions stored in the storage unit, so that the chip in the device performs the steps performed by the middleware trusted base described in the embodiment shown in FIG. 1 .
可选地,所述存储单元为所述芯片内的存储单元,如寄存器、缓存等,所述存储单元还可以是所述无线接入设备端内的位于所述芯片外部的存储单元,如只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)等。Optionally, the storage unit is a storage unit within the chip, such as a register, cache, etc. The storage unit may also be a storage unit located outside the chip in the wireless access device, such as Read-only memory (ROM) or other types of static storage devices that can store static information and instructions, random access memory (random access memory, RAM), etc.
另外需说明的是,以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件 说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。另外,本申请提供的装置实施例附图中,模块之间的连接关系表示它们之间具有通信连接,具体可以实现为一条或多条通信总线或信号线。In addition, it should be noted that the device embodiments described above are only illustrative. The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physically separate. The physical unit can be located in one place, or it can be distributed across multiple network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the device embodiments provided in this application, the connection relationship between modules indicates that there are communication connections between them, which can be specifically implemented as one or more communication buses or signal lines.
通过以上的实施方式的描述,所属领域的技术人员可以清楚地了解到本申请可借助软件加必需的通用硬件的方式来实现,当然也可以通过专用硬件包括专用集成电路、专用CPU、专用存储器、专用元器件等来实现。一般情况下,凡由计算机程序完成的功能都可以很容易地用相应的硬件来实现,而且,用来实现同一功能的具体硬件结构也可以是多种多样的,例如模拟电路、数字电路或专用电路等。但是,对本申请而言更多情况下软件程序实现是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在可读取的存储介质中,如计算机的软盘、U盘、移动硬盘、ROM、RAM、磁碟或者光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机或者网络设备等)执行本申请各个实施例所述的方法。Through the above description of the embodiments, those skilled in the art can clearly understand that the present application can be implemented by software plus necessary general hardware. Of course, it can also be implemented by dedicated hardware including dedicated integrated circuits, dedicated CPUs, dedicated memories, Special components, etc. to achieve. In general, all functions performed by computer programs can be easily implemented with corresponding hardware. Moreover, the specific hardware structures used to implement the same function can also be diverse, such as analog circuits, digital circuits or special-purpose circuits. circuit etc. However, for this application, software program implementation is a better implementation in most cases. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product in essence or that contributes to the existing technology. The computer software product is stored in a readable storage medium, such as a computer floppy disk. , U disk, mobile hard disk, ROM, RAM, magnetic disk or optical disk, etc., including several instructions to cause a computer device (which can be a personal computer or network device, etc.) to execute the method described in each embodiment of the application.
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product.
所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、设备或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存储的任何可用介质或者是包含一个或多个可用介质集成的设备、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(solid state disk,SSD))等。The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in the embodiments of the present application are generated in whole or in part. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another, e.g., the computer instructions may be transmitted over a wired connection from a website, computer, or data center. (such as coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website, computer, device or data center. The computer-readable storage medium may be any available medium that a computer can store, or a data storage device such as a device integrated with one or more available media, a data center, or the like. The available media may be magnetic media (eg, floppy disk, hard disk, tape), optical media (eg, DVD), or semiconductor media (eg, solid state disk (SSD)), etc.

Claims (20)

  1. 一种应用可信身份的确认方法,其特征在于,包括:A method for confirming an application's trusted identity, which is characterized by including:
    中间件可信基建立与目标应用之间的身份连接,所述中间件可信基为事先构建的用户态软件,所述目标应用至少包括第一应用和第二应用;The middleware trust base establishes an identity connection with the target application. The middleware trust base is user-mode software built in advance. The target application at least includes a first application and a second application;
    所述中间件可信基通过第一身份通道接收所述第一应用发送的第一请求,所述第一请求用于表征所述第一应用请求与第二应用进行通信,所述第一身份通道与所述第一应用对应;The middleware trusted base receives the first request sent by the first application through the first identity channel. The first request is used to represent the first application's request to communicate with the second application. The first identity The channel corresponds to the first application;
    所述中间件可信基根据所述第一请求得到第二请求,所述第二请求中包括所述第一应用的身份信息;The middleware trusted base obtains a second request according to the first request, and the second request includes the identity information of the first application;
    所述中间件可信基通过第二身份通道将所述第二请求向所述第二应用发送,以使得所述第二应用基于所述第二请求中所述身份信息决定是否与所述第一应用建立第一通信通道,所述第二身份通道与所述第二应用对应。The middleware trusted base sends the second request to the second application through a second identity channel, so that the second application decides whether to communicate with the third application based on the identity information in the second request. An application establishes a first communication channel, and the second identity channel corresponds to the second application.
  2. 根据权利要求1所述的方法,其特征在于,所述中间件可信基建立与目标应用之间的身份连接包括:The method according to claim 1, characterized in that establishing an identity connection between the middleware trusted base and the target application includes:
    所述中间件可信基借助执行管理建立与所述目标应用之间的身份连接。The middleware trusted base establishes an identity connection with the target application by means of execution management.
  3. 根据权利要求1所述的方法,其特征在于,所述中间件可信基建立与目标应用之间的身份连接包括:The method according to claim 1, characterized in that establishing an identity connection between the middleware trusted base and the target application includes:
    所述中间件可信基借助所述目标应用的配置文件建立与所述目标应用之间的身份连接。The middleware trusted base establishes an identity connection with the target application by means of the configuration file of the target application.
  4. 根据权利要求1-3中任一项所述的方法,其特征在于,所述中间件可信基根据所述第一请求得到第二请求包括:The method according to any one of claims 1-3, wherein the middleware trusted base obtains the second request according to the first request including:
    所述中间件可信基在所述第一请求中注入所述第一应用的身份信息,得到所述第二请求。The middleware trusted base injects the identity information of the first application into the first request to obtain the second request.
  5. 根据权利要求1-4中任一项所述的方法,其特征在于,所述第一身份通道的访问权限受到第一限制,所述第一限制至少包括如下任意一种:The method according to any one of claims 1-4, characterized in that the access authority of the first identity channel is subject to a first restriction, and the first restriction at least includes any one of the following:
    不能创建或访问第三应用与所述中间件可信基之间的身份连接,所述第三应用与所述第一应用为不同的应用;An identity connection between a third application and the middleware trusted base cannot be created or accessed, and the third application and the first application are different applications;
    或,or,
    不能访问第二通信通道上传递的数据,所述第二通信通道为与所述第一通信通道不同的通信通道。Data transferred on the second communication channel, which is a different communication channel than the first communication channel, cannot be accessed.
  6. 根据权利要求1-5中任一项所述的方法,其特征在于,所述第二身份通道的访问权限受到第二限制,所述第二限制至少包括如下任意一种:The method according to any one of claims 1-5, characterized in that the access rights of the second identity channel are subject to a second restriction, and the second restriction at least includes any one of the following:
    不能创建或访问第四应用与所述中间件可信基之间的身份连接,所述第四应用与所述第二应用为不同的应用;An identity connection between a fourth application and the middleware trusted base cannot be created or accessed, and the fourth application and the second application are different applications;
    或,or,
    不能访问第二通信通道上传递的数据,所述第二通信通道为与所述第一通信通道不同的通信通道。Data transferred on the second communication channel, which is a different communication channel than the first communication channel, cannot be accessed.
  7. 根据权利要求1-6中任一项所述的方法,其特征在于,所述第一通信通道的访问权限受到第三限制,所述第三限制至少包括如下任意一种:The method according to any one of claims 1-6, characterized in that the access authority of the first communication channel is subject to a third restriction, and the third restriction at least includes any one of the following:
    不能创建或访问所述目标应用与所述中间件可信基之间的身份连接;An identity connection between the target application and the middleware trust base cannot be created or accessed;
    或,or,
    不能访问第二通信通道上传递的数据,所述第二通信通道为与所述第一通信通道不同的通信通道。Data transferred on the second communication channel, which is a different communication channel than the first communication channel, cannot be accessed.
  8. 根据权利要求1-7中任一项所述的方法,其特征在于,The method according to any one of claims 1-7, characterized in that,
    所述第一应用以及所述第二应用属于同一操作系统内的应用程序。The first application and the second application belong to application programs in the same operating system.
  9. 一种管理单元,其特征在于,包括:A management unit is characterized by including:
    建立模块,用于建立与目标应用之间的身份连接,所述目标应用至少包括第一应用和第二应用;An establishment module, configured to establish an identity connection with a target application, where the target application at least includes a first application and a second application;
    第一发送模块,用于通过第一身份通道接收所述第一应用发送的第一请求,所述第一请求用于表征所述第一应用请求与第二应用进行通信,所述第一身份通道与所述第一应用对应;A first sending module, configured to receive a first request sent by the first application through a first identity channel. The first request is used to represent that the first application requests communication with the second application. The first identity The channel corresponds to the first application;
    获取模块,用于根据所述第一请求得到第二请求,所述第二请求中包括所述第一应用的身份信息;An acquisition module, configured to obtain a second request according to the first request, where the second request includes the identity information of the first application;
    第二发送模块,用于通过第二身份通道将所述第二请求向所述第二应用发送,以使得所述第二应用基于所述第二请求中所述身份信息决定是否与所述第一应用建立第一通信通道,所述第二身份通道与所述第二应用对应。A second sending module, configured to send the second request to the second application through a second identity channel, so that the second application decides whether to communicate with the third application based on the identity information in the second request. An application establishes a first communication channel, and the second identity channel corresponds to the second application.
  10. 根据权利要求9所述的管理单元,其特征在于,所述建立模块,具体用于:The management unit according to claim 9, characterized in that the establishment module is specifically used for:
    借助执行管理建立与所述目标应用之间的身份连接。Establish an identity connection with the target application using execution management.
  11. 根据权利要求9所述的管理单元,其特征在于,所述建立模块,具体用于:The management unit according to claim 9, characterized in that the establishment module is specifically used for:
    借助所述目标应用的配置文件建立与所述目标应用之间的身份连接。Establish an identity connection with the target application using the configuration file of the target application.
  12. 根据权利要求9-11中任一项所述的管理单元,其特征在于,所述获取模块,具体用于:The management unit according to any one of claims 9-11, characterized in that the acquisition module is specifically used for:
    在所述第一请求中注入所述第一应用的身份信息,得到所述第二请求。Inject the identity information of the first application into the first request to obtain the second request.
  13. 根据权利要求9-12中任一项所述的管理单元,其特征在于,所述第一身份通道的访问权限受到第一限制,所述第一限制至少包括如下任意一种:The management unit according to any one of claims 9-12, characterized in that the access rights of the first identity channel are subject to a first restriction, and the first restriction at least includes any one of the following:
    不能创建或访问第三应用与所述管理单元之间的身份连接,所述第三应用与所述第一应用为不同的应用;The identity connection between the third application and the management unit cannot be created or accessed, and the third application and the first application are different applications;
    或,or,
    不能访问第二通信通道上传递的数据,所述第二通信通道为与所述第一通信通道不同的通信通道。Data transferred on the second communication channel, which is a different communication channel than the first communication channel, cannot be accessed.
  14. 根据权利要求9-13中任一项所述的管理单元,其特征在于,所述第二身份通道的访问权限受到第二限制,所述第二限制至少包括如下任意一种:The management unit according to any one of claims 9-13, characterized in that the access rights of the second identity channel are subject to a second restriction, and the second restriction at least includes any one of the following:
    不能创建或访问第四应用与所述管理单元之间的身份连接,所述第四应用与所述第二应用为不同的应用;The identity connection between the fourth application and the management unit cannot be created or accessed, and the fourth application and the second application are different applications;
    或,or,
    不能访问第二通信通道上传递的数据,所述第二通信通道为与所述第一通信通道不同的通信通道。Data transferred on the second communication channel, which is a different communication channel than the first communication channel, cannot be accessed.
  15. 根据权利要求9-14中任一项所述的管理单元,其特征在于,所述第一通信通道的访问权限受到第三限制,所述第三限制至少包括如下任意一种:The management unit according to any one of claims 9-14, characterized in that the access authority of the first communication channel is subject to a third restriction, and the third restriction at least includes any one of the following:
    不能创建或访问所述目标应用与所述管理单元之间的身份连接;An identity connection between the target application and the management unit cannot be created or accessed;
    或,or,
    不能访问第二通信通道上传递的数据,所述第二通信通道为与所述第一通信通道不同的通信通道。Data transferred on the second communication channel, which is a different communication channel than the first communication channel, cannot be accessed.
  16. 根据权利要求9-15中任一项所述的管理单元,其特征在于,所述第一应用以及所述第二应用属于同一操作系统内的应用程序。The management unit according to any one of claims 9 to 15, characterized in that the first application and the second application belong to application programs in the same operating system.
  17. 一种设备,包括处理器和存储器,所述处理器与所述存储器耦合,其特征在于,A device including a processor and a memory, the processor being coupled to the memory, characterized in that:
    所述存储器,用于存储程序;The memory is used to store programs;
    所述处理器,用于执行所述存储器中的程序,使得所述设备执行如权利要求1-8中任一项所述的方法。The processor is configured to execute a program in the memory, so that the device executes the method according to any one of claims 1-8.
  18. 一种计算机可读存储介质,包括程序,当其在计算机上运行时,使得计算机执行如权利要求1-8中任一项所述的方法。A computer-readable storage medium includes a program that, when run on a computer, causes the computer to perform the method according to any one of claims 1-8.
  19. 一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行如权利要求1-8中任一项所述的方法。A computer program product containing instructions that, when run on a computer, cause the computer to perform the method according to any one of claims 1-8.
  20. 一种芯片,所述芯片包括处理器与数据接口,所述处理器通过所述数据接口读取存储器上存储的指令,执行如权利要求1-8中任一项所述的方法。A chip. The chip includes a processor and a data interface. The processor reads instructions stored in a memory through the data interface and executes the method according to any one of claims 1-8.
PCT/CN2022/137827 2022-03-22 2022-12-09 Method for determining trusted identity of application, and management unit and device WO2023179102A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210283816.4A CN114844672B (en) 2022-03-22 2022-03-22 Method, management unit and equipment for confirming application trusted identity
CN202210283816.4 2022-03-22

Publications (1)

Publication Number Publication Date
WO2023179102A1 true WO2023179102A1 (en) 2023-09-28

Family

ID=82561985

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/137827 WO2023179102A1 (en) 2022-03-22 2022-12-09 Method for determining trusted identity of application, and management unit and device

Country Status (2)

Country Link
CN (1) CN114844672B (en)
WO (1) WO2023179102A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114844672B (en) * 2022-03-22 2023-08-22 华为技术有限公司 Method, management unit and equipment for confirming application trusted identity

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107277794A (en) * 2017-06-09 2017-10-20 中国联合网络通信集团有限公司 Set up the method, device and mobile terminal of communication connection
WO2018010957A1 (en) * 2016-07-12 2018-01-18 Deutsche Telekom Ag Method for providing an enhanced level of authentication related to a secure software client application provided by an application distribution entity in order to be transmitted to a client computing device; system, application distribution entity, software client application, and client computing device for providing an enhanced level of authentication related to a secure software client application, program and computer program product
US20190068566A1 (en) * 2017-06-27 2019-02-28 Uniken, Inc. Network-based key distribution system, method, and apparatus
US20190147234A1 (en) * 2017-11-15 2019-05-16 Qualcomm Technologies, Inc. Learning disentangled invariant representations for one shot instance recognition
CN111367617A (en) * 2020-02-29 2020-07-03 苏州浪潮智能科技有限公司 Computing resource trusted management linkage system and method
CN113012008A (en) * 2020-09-15 2021-06-22 支付宝(杭州)信息技术有限公司 Identity management method, device and equipment based on trusted hardware
CN114844672A (en) * 2022-03-22 2022-08-02 华为技术有限公司 Application trusted identity confirmation method, management unit and equipment

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100459563C (en) * 2003-11-21 2009-02-04 维豪信息技术有限公司 Identification gateway and its data treatment method
CN102347959B (en) * 2011-11-18 2014-07-23 运软网络科技(上海)有限公司 Resource access system and method based on identity and session
CN105468462B (en) * 2014-08-14 2020-11-03 腾讯科技(深圳)有限公司 Method and system for interprocess communication identity verification and communication between application software
CN106936774B (en) * 2015-12-29 2020-02-18 中国电信股份有限公司 Authentication method and system in trusted execution environment
CN108667780B (en) * 2017-03-31 2021-05-14 华为技术有限公司 Identity authentication method, system, server and terminal
CN108200075B (en) * 2018-01-17 2021-07-13 上海方付通商务服务有限公司 Identity authentication method, system, terminal and storage medium
CN108632243A (en) * 2018-03-13 2018-10-09 全球能源互联网研究院有限公司 Trustable network communication means based on safety chip hardware algorithm module and device
CN108600222B (en) * 2018-04-24 2021-01-29 北京握奇智能科技有限公司 Communication method, system and terminal of client application and trusted application
CN109862041B (en) * 2019-03-27 2021-06-15 深圳市网心科技有限公司 Digital identity authentication method, equipment, device, system and storage medium
CN110765449A (en) * 2019-10-25 2020-02-07 山东超越数控电子股份有限公司 Identity authentication method, equipment and medium based on security chip
CN112825521A (en) * 2019-11-21 2021-05-21 树根互联技术有限公司 Trusted identity management method, system, equipment and storage medium for block chain application
CN112822176B (en) * 2020-12-31 2021-10-26 北方工业大学 Remote APP identity authentication method
CN112671798B (en) * 2020-12-31 2022-10-04 北京明朝万达科技股份有限公司 Service request method, device and system in Internet of vehicles
CN112685708A (en) * 2021-01-07 2021-04-20 支付宝(杭州)信息技术有限公司 Trusted device and trusted system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018010957A1 (en) * 2016-07-12 2018-01-18 Deutsche Telekom Ag Method for providing an enhanced level of authentication related to a secure software client application provided by an application distribution entity in order to be transmitted to a client computing device; system, application distribution entity, software client application, and client computing device for providing an enhanced level of authentication related to a secure software client application, program and computer program product
CN107277794A (en) * 2017-06-09 2017-10-20 中国联合网络通信集团有限公司 Set up the method, device and mobile terminal of communication connection
US20190068566A1 (en) * 2017-06-27 2019-02-28 Uniken, Inc. Network-based key distribution system, method, and apparatus
US20190147234A1 (en) * 2017-11-15 2019-05-16 Qualcomm Technologies, Inc. Learning disentangled invariant representations for one shot instance recognition
CN111367617A (en) * 2020-02-29 2020-07-03 苏州浪潮智能科技有限公司 Computing resource trusted management linkage system and method
CN113012008A (en) * 2020-09-15 2021-06-22 支付宝(杭州)信息技术有限公司 Identity management method, device and equipment based on trusted hardware
CN114844672A (en) * 2022-03-22 2022-08-02 华为技术有限公司 Application trusted identity confirmation method, management unit and equipment

Also Published As

Publication number Publication date
CN114844672A (en) 2022-08-02
CN114844672B (en) 2023-08-22

Similar Documents

Publication Publication Date Title
US11838841B2 (en) System, apparatus and method for scalable internet of things (IOT) device on-boarding with quarantine capabilities
US10581803B1 (en) Application-aware connection rules for network access client
CN102047262B (en) Authentication for distributed secure content management system
US20070143408A1 (en) Enterprise to enterprise instant messaging
US9286465B1 (en) Method and apparatus for federated single sign on using authentication broker
CN108028840B (en) Enabling secure peer-to-peer connection establishment
JP2000003348A (en) Device for remotely executing command
US10834131B2 (en) Proactive transport layer security identity verification
CN110401640B (en) Trusted connection method based on trusted computing dual-system architecture
US11032280B1 (en) Proxy for controlling access to services
WO2023065969A1 (en) Access control method, apparatus, and system
GB2439838A (en) Mutual authentication procedure for Trusted Platform Modules with exchange of credentials
WO2023179102A1 (en) Method for determining trusted identity of application, and management unit and device
US20240146728A1 (en) Access control method, access control system, and related device
US10681085B2 (en) Quick transport layer security/secure sockets layer connection for internet of things devices
CN112769568A (en) Security authentication communication system and method in fog computing environment and Internet of things equipment
CN113271289A (en) Method, system and computer storage medium for resource authorization and access
US20200092264A1 (en) End-point assisted gateway decryption without man-in-the-middle
US8676998B2 (en) Reverse network authentication for nonstandard threat profiles
CN109040225A (en) A kind of dynamic port desktop access management method and system
CN112087427A (en) Communication verification method, electronic device, and storage medium
CN114301967B (en) Control method, device and equipment for narrowband Internet of things
WO2022151736A1 (en) Method for determining trusted terminal and related device
US11621952B2 (en) Remote login processing method, apparatus, device and storage medium for unmanned vehicle
CN115623013A (en) Strategy information synchronization method, system and related product

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22933152

Country of ref document: EP

Kind code of ref document: A1