技术领域Technical Field
本发明涉及互联网通信领域,尤其涉及多方交互数据安全传输方式领域,具体是指一种针对多方交互数据实现可信传输与反向授权处理的系统、方法、装置、处理器及其计算机可读存储介质。The present invention relates to the field of Internet communications, and in particular to the field of secure transmission of multi-party interactive data, and specifically refers to a system, method, device, processor and computer-readable storage medium thereof for implementing trusted transmission and reverse authorization processing of multi-party interactive data.
背景技术Background technique
目前多方交互数据安全传输方式主要采用TLS(Transport Layer Security,安全传输层协议),虽然TLS为互联网通信提供安全及数据完整性保障,但是无法控制数据使用方的访问权限。传统的访问控制通常是数据使用方向数据提供方申请访问权限,这种方式存在管理方面的挑战。在反向授权模式中,数据提供方可以精确定义他们的数据只能被特定授权用户使用,简化管理的同时更加适用于安全性要求较高的场景。反向授权可通过RBAC(Role-Based Access Control,基于角色的访问控制)、ABAC(Attribute basedaccess control,基于属性的访问控制)等技术实现。然而,在多方交互数据安全传输与访问控制方面,仍存在一些缺点。关于数据安全传输,在TLS中,当使用ECDH(Elliptic CurveDiffie–Hellman,椭圆曲线迪菲-赫尔曼)密钥交换方法时,其生成的密钥通常以明文形式存储在内存中,一旦操作系统遭受攻击或者存在安全漏洞,这些存储在内存中的密钥则会被恶意软件或攻击者获取。同时,在反向授权模式中,RBAC和ABCA可以限制数据只能被特定授权用户使用,但是无法限制数据只能用于特定分析目的、禁止数据复制或外部传输等精细化应用。At present, the main method for secure transmission of multi-party interactive data is TLS (Transport Layer Security). Although TLS provides security and data integrity for Internet communications, it cannot control the access rights of data users. Traditional access control usually requires data users to apply for access rights from data providers, which has management challenges. In the reverse authorization mode, data providers can accurately define that their data can only be used by specific authorized users, which simplifies management and is more suitable for scenarios with higher security requirements. Reverse authorization can be achieved through technologies such as RBAC (Role-Based Access Control) and ABAC (Attribute based access control). However, there are still some shortcomings in the secure transmission and access control of multi-party interactive data. Regarding secure data transmission, in TLS, when the ECDH (Elliptic Curve Diffie–Hellman) key exchange method is used, the generated keys are usually stored in plain text in memory. Once the operating system is attacked or there is a security vulnerability, these keys stored in memory will be obtained by malware or attackers. At the same time, in the reverse authorization mode, RBAC and ABCA can restrict data to be used only by specific authorized users, but cannot restrict data to be used only for specific analysis purposes, prohibit data copying or external transmission, and other refined applications.
申请号为202210823034.5的中国专利公开了远程认证方法、装置、设备、存储介质及程序产品,该专利方法包括向用户提供多种密钥建立模式,分别为密钥传输模式、密钥协商模式以及公钥分发模式,在密钥协商模式中,该专利首先基于第一临时公钥、第二临时公钥生成主密钥,然后基于主密钥和第一密码散列生成会话密钥。虽然该专利通过SGX实现了系统层次安全的密钥协商生成,但是未考虑数据访问权限问题。申请号为202211733513.4的中国专利公开了在可信计算平台中处理数据的方法及管理装置,该专利主要通过第一用户数据密钥和TEE密钥加密数据,从而保障数据安全,而非密钥协商方式实现数据安全传输。此外,该专利也未实现精细化反向授权。申请号为202010251319.7的中国专利公开了基于TEE的密钥服务资源安全扩展方法及系统,该专利主要通过通过在TEE提供的安全隔离计算环境对密码服务框架进行扩展,并与操作系统内核的互动,使得密码服务框架具备主动检测和安全加载系统硬件密码服务资源的能力,但是没有考虑可信执行环境下数据访问权限问题。由上可见,如何实现多方交互数据的可信传输与反向授权,在系统安全层面保障数据可信传输,同时精细化反向授权模式下数据访问及使用权限是本领域有待解决的问题。The Chinese patent with application number 202210823034.5 discloses a remote authentication method, device, equipment, storage medium and program product. The patent method includes providing users with multiple key establishment modes, namely key transmission mode, key negotiation mode and public key distribution mode. In the key negotiation mode, the patent first generates a master key based on the first temporary public key and the second temporary public key, and then generates a session key based on the master key and the first password hash. Although the patent implements system-level secure key negotiation generation through SGX, it does not consider the issue of data access rights. The Chinese patent with application number 202211733513.4 discloses a method and management device for processing data in a trusted computing platform. The patent mainly encrypts data through the first user data key and the TEE key to ensure data security, rather than realizing secure data transmission through non-key negotiation. In addition, the patent also does not implement refined reverse authorization. The Chinese patent application number 202010251319.7 discloses a method and system for secure extension of key service resources based on TEE. The patent mainly extends the cryptographic service framework through the secure isolated computing environment provided by TEE, and interacts with the operating system kernel, so that the cryptographic service framework has the ability to actively detect and securely load system hardware cryptographic service resources, but does not consider the issue of data access rights in a trusted execution environment. As can be seen from the above, how to achieve trusted transmission and reverse authorization of multi-party interactive data, ensure trusted data transmission at the system security level, and refine data access and usage rights under the reverse authorization mode are issues to be solved in this field.
发明内容Summary of the invention
本发明的目的是克服了上述现有技术的缺点,提供了一种满足数据可信度高、操作简便、适用范围较为广泛的针对多方交互数据实现可信传输与反向授权处理的系统、方法、装置、处理器及其计算机可读存储介质。The purpose of the present invention is to overcome the shortcomings of the above-mentioned prior art and to provide a system, method, device, processor and computer-readable storage medium thereof that realizes trusted transmission and reverse authorization processing of multi-party interactive data, which has high data credibility, simple operation and a wide range of applications.
为了实现上述目的,本发明的针对多方交互数据实现可信传输与反向授权处理的系统、方法、装置、处理器及其计算机可读存储介质如下:In order to achieve the above objectives, the system, method, device, processor and computer-readable storage medium for implementing trusted transmission and reverse authorization processing for multi-party interactive data of the present invention are as follows:
该针对多方交互数据实现可信传输与反向授权处理的系统,其主要特点是,所述的系统包括:The main features of the system for implementing trusted transmission and reverse authorization processing for multi-party interactive data are as follows:
数据发送方,基于数据接收方访问请求配置安全策略清单,并为数据接收方分配附带权限标签的临时密钥;The data sender configures a security policy list based on the data receiver's access request and allocates a temporary key with a permission tag to the data receiver;
数据接收方,基于远程认证机制使数据发送方硬件和软件环境为可信执行环境,数据接收方和数据发送方基于可行执行环境共同构建可信传输通道,共享一份通信密钥;数据接收方在通过身份验证后,按照清单并使用临时密钥合规操作数据。The data receiver, based on the remote authentication mechanism, makes the hardware and software environment of the data sender a trusted execution environment. The data receiver and the data sender jointly build a trusted transmission channel based on the feasible execution environment and share a communication key. After passing the identity authentication, the data receiver operates the data in compliance with the list and using the temporary key.
较佳地,所述的数据发送方包括:Preferably, the data sender includes:
数据发送密钥管理模块,用于生成并存储对称加密密钥、临时密钥、通信密钥,使用密钥执行数据加解密操作;The data transmission key management module is used to generate and store symmetric encryption keys, temporary keys, and communication keys, and use the keys to perform data encryption and decryption operations;
远程认证模块,与所述的数据接收方相连接,用于提供远程认证对接服务,生成证明报告并发送给接收方校验;A remote authentication module, connected to the data receiver, is used to provide remote authentication docking services, generate a certification report and send it to the receiver for verification;
可信传输模块,与所述的数据接收方和数据发送密钥管理模块相连接,用于确认使用的TLS版本和选择的加密套件,在数据发送方内通过ECDH密钥交换算法共享同一份通信密钥;A trusted transmission module, connected to the data receiver and the data sending key management module, is used to confirm the TLS version used and the selected encryption suite, and share the same communication key within the data sender through the ECDH key exchange algorithm;
数据加密模块,与所述的数据发送密钥管理模块相连接,用于在数据发送方内执行加密密钥生成、存储与使用,并使用数据发送方内的加密算法加密数据,将数据加密后存储于数据发送方内部;A data encryption module, connected to the data transmission key management module, is used to generate, store and use encryption keys in the data transmitter, encrypt data using the encryption algorithm in the data transmitter, and store the encrypted data in the data transmitter;
反向授权模块,与所述的数据接收方和数据发送密钥管理模块相连接,用于自定义接收方安全策略清单,并为接收方生成附带权限标签的临时密钥与身份证明令牌;A reverse authorization module, connected to the data receiver and the data transmission key management module, is used to customize the receiver's security policy list and generate a temporary key and identity token with an authority tag for the receiver;
可信执行模块,用于建立可信执行环境,提供与外界隔离的安全执行环境。The trusted execution module is used to establish a trusted execution environment and provide a secure execution environment isolated from the outside world.
较佳地,所述的远程认证模块提供远程认证对接服务,生成证明报告并发送给数据接收方校验;数据发送方被验证可信后,在数据发送方内通过ECDH密钥交换算法共享同一份通信密钥。Preferably, the remote authentication module provides a remote authentication docking service, generates a certification report and sends it to the data receiver for verification; after the data sender is verified to be credible, the same communication key is shared within the data sender through the ECDH key exchange algorithm.
较佳地,所述的数据发送方在可信执行环境中自定义安全策略清单,明确数据可访问范围;为数据接收方动态授权,为数据接收方生成临时密钥和身份证明令牌,临时密钥附带具体的权限标签,通过可信通道将授权信息发送给数据接收方;根据业务需求或访问行为合法性判断,数据发送方调整安全策略清单并在数据发送方中为数据接收方分发新的临时密钥。Preferably, the data sender customizes the security policy list in the trusted execution environment to clarify the scope of data access; dynamically authorizes the data recipient, generates a temporary key and identity token for the data recipient, and the temporary key is accompanied by a specific permission label, and the authorization information is sent to the data recipient through a trusted channel; based on business needs or the legitimacy of the access behavior, the data sender adjusts the security policy list and distributes a new temporary key to the data recipient in the data sender.
较佳地,所述的授权信息包括临时密钥、令牌、权限文件;所述的安全策略清单包括数据可访问范围。Preferably, the authorization information includes a temporary key, a token, and a permission file; and the security policy list includes a data accessible scope.
较佳地,所述的数据接收方包括:Preferably, the data receiver includes:
数据接收密钥管理模块,用于安全存储、使用对称加密密钥、临时密钥、通信密钥;Data receiving key management module, used for secure storage and use of symmetric encryption keys, temporary keys, and communication keys;
远程认证模块,与所述的数据发送方相连接,用于向数据发送方发送远程认证请求,向可信第三方查询的硬件芯片证书验证认证报告,验证通过则构建可信传输通道;A remote authentication module is connected to the data sender and is used to send a remote authentication request to the data sender and verify the authentication report of the hardware chip certificate queried by a trusted third party. If the verification is successful, a trusted transmission channel is established;
可信传输模块,与所述的数据发送方和数据接收密钥管理模块相连接,用于确认使用的TLS版本和选择的加密套件,获得通信密钥,构建可信传输通道;A trusted transmission module, connected to the data sender and the data receiving key management module, is used to confirm the TLS version used and the selected encryption suite, obtain the communication key, and build a trusted transmission channel;
数据解密模块,与所述的数据接收密钥管理模块相连接,用于使用通信密钥解密密文数据流,获得明文数据。The data decryption module is connected to the data receiving key management module and is used to decrypt the ciphertext data stream using the communication key to obtain the plaintext data.
较佳地,所述的数据接收方发起远程认证请求,数据发送方调用ATTESTATION命令,并使用芯片密钥签名认证报告,发送至数据接收方处;数据接收方使用芯片ID向安全处理器厂商查询芯片证书,使用芯片证书验证认证报告;数据接收方完成远程认证后,明确数据发送方环境可信,在数据发送方内使用ECDH密钥协议生成并与数据接收方共享通信密钥,构建可信传输信道完毕。Preferably, the data receiver initiates a remote authentication request, the data sender calls the ATTESTATION command, and uses the chip key to sign the authentication report and sends it to the data receiver; the data receiver uses the chip ID to query the chip certificate from the security processor manufacturer, and uses the chip certificate to verify the authentication report; after the data receiver completes the remote authentication, it is clear that the data sender's environment is trustworthy, and the ECDH key protocol is used within the data sender to generate and share the communication key with the data receiver, thus completing the construction of the trusted transmission channel.
该利用上述系统实现针对多方交互数据进行可信传输与反向授权处理的方法,其主要特点是,所述的方法包括以下步骤:The method for implementing trusted transmission and reverse authorization processing for multi-party interactive data using the above system is mainly characterized in that the method comprises the following steps:
(1)在数据发送方建立可信环境;(1) Establish a trusted environment at the data sender;
(2)数据发送方随机生成对称加密密钥,对数据库进行数据加密存储;(2) The data sender randomly generates a symmetric encryption key and encrypts the data in the database for storage;
(3)数据接收方发起认证请求,数据发送方调用命令,使用芯片密钥签名认证报告,发送至数据接收方,基于远程认证构建可信传输;(3) The data receiver initiates an authentication request, the data sender calls the command, uses the chip key to sign the authentication report, and sends it to the data receiver, thus building a trusted transmission based on remote authentication;
(4)数据接收方向数据发送方发送协商反向授权权限范围;(4) The data receiving party sends a negotiated reverse authorization authority scope to the data sending party;
(5)数据发送方在可信执行环境中自定义数据访问策略清单,明确数据可访问范围;(5) The data sender customizes the data access policy list in the trusted execution environment to clarify the scope of data access;
(6)双方协商反向授权权限范围,数据发送方为数据接收方动态授权;(6) Both parties negotiate the scope of reverse authorization authority, and the data sender dynamically authorizes the data receiver;
(7)数据发送方将授权信息安全传输至数据接收方;(7) The data sender securely transmits the authorization information to the data receiver;
(8)数据接收方请求访问数据;(8) The data recipient requests access to the data;
(9)基于数据接收方访问请求中的令牌与临时密钥进行权限认证;(9) Authenticate permissions based on the token and temporary key in the data recipient's access request;
(10)数据发送方基于安全策略清单执行数据操作;(10) The data sender performs data operations based on the security policy list;
(11)数据发送方通过可信传输通道将受限数据流传输至数据接收方;(11) The data sender transmits the restricted data stream to the data receiver through a trusted transmission channel;
(12)数据接收方使用通信密钥对密文数据流进行解密,获得明文数据;(12) The data receiver uses the communication key to decrypt the ciphertext data stream and obtain the plaintext data;
(13)数据发送方调整数据访问策略清单并为数据接收方生成新的临时密钥。(13) The data sender adjusts the data access policy list and generates a new temporary key for the data receiver.
较佳地,所述的步骤(3)具体包括以下步骤:Preferably, the step (3) specifically comprises the following steps:
(3.1)数据接收方发起认证请求,数据发送方调用ATTESTATION命令,并使用芯片密钥签名认证报告,发送至数据接收方;(3.1) The data receiver initiates an authentication request, the data sender calls the ATTESTATION command, and uses the chip key to sign the authentication report and send it to the data receiver;
(3.2)数据接收方使用芯片ID向安全处理器厂商查询芯片证书,使用芯片证书验证认证报告;(3.2) The data receiver uses the chip ID to query the chip certificate from the security processor manufacturer and uses the chip certificate to verify the authentication report;
(3.3)数据接收方完成远程认证后,明确数据发送方环境可信,在数据发送方内使用ECDH密钥协议生成并与数据接收方共享通信密钥,可信传输信道构建完毕。(3.3) After the data receiver completes the remote authentication, it is clear that the data sender's environment is trustworthy. The data sender uses the ECDH key protocol to generate and share the communication key with the data receiver, and the trusted transmission channel is established.
较佳地,所述的步骤(6)具体包括以下步骤:Preferably, the step (6) specifically comprises the following steps:
双方协商反向授权权限范围,数据发送方基于数据发送方为数据接收方动态授权,为数据接收方生成临时密钥和身份证明令牌,临时密钥附带具体的权限标签。The two parties negotiate the scope of reverse authorization permissions. The data sender dynamically authorizes the data receiver based on the data sender, generates a temporary key and identity token for the data receiver, and the temporary key is accompanied by a specific permission label.
较佳地,所述的步骤(7)具体包括以下步骤:Preferably, the step (7) specifically comprises the following steps:
数据发送方通过国密SM3算法计算权限文件哈希值,并对哈希值与权限文件进行数字签名;The data sender calculates the hash value of the permission file using the national secret SM3 algorithm and digitally signs the hash value and permission file;
数据发送方通过可信传输通道将授权信息与签名发送给数据接收方,数据接收方需验证权限文件。The data sender sends the authorization information and signature to the data receiver through a trusted transmission channel, and the data receiver needs to verify the authority file.
较佳地,所述的步骤(9)具体包括以下步骤:Preferably, the step (9) specifically comprises the following steps:
基于数据接收方访问请求中的令牌与临时密钥进行权限认证,数据发送方通过令牌验证数据接收方身份合法性,如身份认证通过,则根据安全策略配置清单验证临时密钥附带的权限标签是否一致。The data sender uses the token to verify the legitimacy of the data recipient's identity. If the identity authentication is successful, the security policy configuration list is used to verify whether the permission label attached to the temporary key is consistent.
较佳地,所述的步骤(10)具体包括以下步骤:Preferably, the step (10) specifically comprises the following steps:
如果权限标签与安全策略配置清单一致,数据发送方则根据临时密钥和安全策略清单确认数据接收方所需数据范围,并且基于安全策略清单执行数据操作。If the permission label is consistent with the security policy configuration list, the data sender confirms the data scope required by the data receiver based on the temporary key and the security policy list, and performs data operations based on the security policy list.
该用于实现针对多方交互数据进行可信传输与反向授权处理的装置,其主要特点是,所述的装置包括:The main feature of the device for implementing trusted transmission and reverse authorization processing for multi-party interactive data is that the device comprises:
处理器,被配置成执行计算机可执行指令;a processor configured to execute computer-executable instructions;
存储器,存储一个或多个计算机可执行指令,所述的计算机可执行指令被所述的处理器执行时,实现上述的实现针对多方交互数据进行可信传输与反向授权处理的方法的各个步骤。The memory stores one or more computer executable instructions. When the computer executable instructions are executed by the processor, the steps of the method for implementing the trusted transmission and reverse authorization processing of multi-party interactive data are implemented.
该用于实现针对多方交互数据进行可信传输与反向授权处理的处理器,其主要特点是,所述的处理器被配置成执行计算机可执行指令,所述的计算机可执行指令被所述的处理器执行时,实现上述的实现针对多方交互数据进行可信传输与反向授权处理的方法的各个步骤。The processor for implementing trusted transmission and reverse authorization processing for multi-party interactive data has the main feature that the processor is configured to execute computer-executable instructions. When the computer-executable instructions are executed by the processor, the various steps of the above-mentioned method for implementing trusted transmission and reverse authorization processing for multi-party interactive data are implemented.
该计算机可读存储介质,其主要特点是,其上存储有计算机程序,所述的计算机程序可被处理器执行以实现上述的实现针对多方交互数据进行可信传输与反向授权处理的方法的各个步骤。The main feature of the computer-readable storage medium is that a computer program is stored thereon, and the computer program can be executed by a processor to implement the various steps of the above-mentioned method for realizing trusted transmission and reverse authorization processing for multi-party interactive data.
采用了本发明的针对多方交互数据实现可信传输与反向授权处理的系统、方法、装置、处理器及其计算机可读存储介质,实现多方交互数据的可信传输与反向授权,在系统安全层面保障数据可信传输,精细化反向授权模式下数据访问及使用权限。The system, method, device, processor and computer-readable storage medium of the present invention are used to implement trusted transmission and reverse authorization processing of multi-party interactive data, realize trusted transmission and reverse authorization of multi-party interactive data, ensure trusted data transmission at the system security level, and refine data access and usage permissions under the reverse authorization mode.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为本发明的针对多方交互数据实现可信传输与反向授权处理的系统的结构示意图。FIG1 is a schematic diagram of the structure of a system for implementing trusted transmission and reverse authorization processing for multi-party interactive data according to the present invention.
图2为本发明的实现针对多方交互数据进行可信传输与反向授权处理的方法的流程图。FIG. 2 is a flow chart of a method for implementing trusted transmission and reverse authorization processing for multi-party interactive data according to the present invention.
具体实施方式Detailed ways
为了能够更清楚地描述本发明的技术内容,下面结合具体实施例来进行进一步的描述。In order to more clearly describe the technical content of the present invention, further description is given below in conjunction with specific embodiments.
本发明的该针对多方交互数据实现可信传输与反向授权处理的系统,其中包括:The system of the present invention for implementing trusted transmission and reverse authorization processing for multi-party interactive data includes:
数据发送方,基于数据接收方访问请求配置安全策略清单,并为数据接收方分配附带权限标签的临时密钥;The data sender configures a security policy list based on the data receiver's access request and allocates a temporary key with a permission tag to the data receiver;
数据接收方,基于远程认证机制使数据发送方硬件和软件环境为可信执行环境,数据接收方和数据发送方基于可行执行环境共同构建可信传输通道,共享一份通信密钥;数据接收方在通过身份验证后,按照清单并使用临时密钥合规操作数据。The data receiver, based on the remote authentication mechanism, makes the hardware and software environment of the data sender a trusted execution environment. The data receiver and the data sender jointly build a trusted transmission channel based on the feasible execution environment and share a communication key. After passing the identity authentication, the data receiver operates the data in compliance with the list and using the temporary key.
作为本发明的优选实施方式,所述的数据发送方包括:As a preferred embodiment of the present invention, the data sender includes:
数据发送密钥管理模块,用于生成并存储对称加密密钥、临时密钥、通信密钥,使用密钥执行数据加解密操作;The data transmission key management module is used to generate and store symmetric encryption keys, temporary keys, and communication keys, and use the keys to perform data encryption and decryption operations;
远程认证模块,与所述的数据接收方相连接,用于提供远程认证对接服务,生成证明报告并发送给接收方校验;A remote authentication module, connected to the data receiver, is used to provide remote authentication docking services, generate a certification report and send it to the receiver for verification;
可信传输模块,与所述的数据接收方和数据发送密钥管理模块相连接,用于确认使用的TLS版本和选择的加密套件,在数据发送方内通过ECDH密钥交换算法共享同一份通信密钥;A trusted transmission module, connected to the data receiver and the data sending key management module, is used to confirm the TLS version used and the selected encryption suite, and share the same communication key within the data sender through the ECDH key exchange algorithm;
数据加密模块,与所述的数据发送密钥管理模块相连接,用于在数据发送方内执行加密密钥生成、存储与使用,并使用数据发送方内的加密算法加密数据,将数据加密后存储于数据发送方内部;A data encryption module, connected to the data transmission key management module, is used to generate, store and use encryption keys in the data transmitter, encrypt data using the encryption algorithm in the data transmitter, and store the encrypted data in the data transmitter;
反向授权模块,与所述的数据接收方和数据发送密钥管理模块相连接,用于自定义接收方安全策略清单,并为接收方生成附带权限标签的临时密钥与身份证明令牌;A reverse authorization module, connected to the data receiver and the data transmission key management module, is used to customize the receiver's security policy list and generate a temporary key and identity token with an authority tag for the receiver;
可信执行模块,用于建立可信执行环境,提供与外界隔离的安全执行环境。The trusted execution module is used to establish a trusted execution environment and provide a secure execution environment isolated from the outside world.
作为本发明的优选实施方式,所述的远程认证模块提供远程认证对接服务,生成证明报告并发送给数据接收方校验;数据发送方被验证可信后,在数据发送方内通过ECDH密钥交换算法共享同一份通信密钥。As a preferred embodiment of the present invention, the remote authentication module provides a remote authentication docking service, generates a certification report and sends it to the data recipient for verification; after the data sender is verified to be credible, the same communication key is shared within the data sender through the ECDH key exchange algorithm.
作为本发明的优选实施方式,所述的数据发送方在可信执行环境中自定义安全策略清单,明确数据可访问范围;为数据接收方动态授权,为数据接收方生成临时密钥和身份证明令牌,临时密钥附带具体的权限标签,通过可信通道将授权信息发送给数据接收方;根据业务需求或访问行为合法性判断,数据发送方调整安全策略清单并在数据发送方中为数据接收方分发新的临时密钥。As a preferred implementation mode of the present invention, the data sender customizes the security policy list in the trusted execution environment to clarify the scope of data access; dynamically authorizes the data recipient, generates a temporary key and an identity token for the data recipient, and the temporary key is accompanied by a specific permission label, and the authorization information is sent to the data recipient through a trusted channel; based on business needs or the legitimacy of the access behavior, the data sender adjusts the security policy list and distributes a new temporary key to the data recipient in the data sender.
作为本发明的优选实施方式,所述的授权信息包括临时密钥、令牌、权限文件;所述的安全策略清单包括数据可访问范围。As a preferred implementation mode of the present invention, the authorization information includes a temporary key, a token, and a permission file; and the security policy list includes a data accessible scope.
作为本发明的优选实施方式,所述的数据接收方包括:As a preferred embodiment of the present invention, the data receiver includes:
数据接收密钥管理模块,用于安全存储、使用对称加密密钥、临时密钥、通信密钥;Data receiving key management module, used for secure storage and use of symmetric encryption keys, temporary keys, and communication keys;
远程认证模块,与所述的数据发送方相连接,用于向数据发送方发送远程认证请求,向可信第三方查询的硬件芯片证书验证认证报告,验证通过则构建可信传输通道;A remote authentication module is connected to the data sender and is used to send a remote authentication request to the data sender and verify the authentication report of the hardware chip certificate queried by a trusted third party. If the verification is successful, a trusted transmission channel is established;
可信传输模块,与所述的数据发送方和数据接收密钥管理模块相连接,用于确认使用的TLS版本和选择的加密套件,获得通信密钥,构建可信传输通道;A trusted transmission module, connected to the data sender and the data receiving key management module, is used to confirm the TLS version used and the selected encryption suite, obtain the communication key, and build a trusted transmission channel;
数据解密模块,与所述的数据接收密钥管理模块相连接,用于使用通信密钥解密密文数据流,获得明文数据。The data decryption module is connected to the data receiving key management module and is used to decrypt the ciphertext data stream using the communication key to obtain the plaintext data.
作为本发明的优选实施方式,所述的数据接收方发起远程认证请求,数据发送方调用ATTESTATION命令,并使用芯片密钥签名认证报告,发送至数据接收方处;数据接收方使用芯片ID向安全处理器厂商查询芯片证书,使用芯片证书验证认证报告;数据接收方完成远程认证后,明确数据发送方环境可信,在数据发送方内使用ECDH密钥协议生成并与数据接收方共享通信密钥,构建可信传输信道完毕。As a preferred embodiment of the present invention, the data recipient initiates a remote authentication request, the data sender calls the ATTESTATION command, and uses the chip key to sign the authentication report and sends it to the data recipient; the data recipient uses the chip ID to query the chip certificate from the security processor manufacturer, and uses the chip certificate to verify the authentication report; after the data recipient completes the remote authentication, it is clear that the data sender's environment is trustworthy, and the ECDH key protocol is used within the data sender to generate and share the communication key with the data recipient, thus completing the construction of a trusted transmission channel.
本发明的该利用上述系统实现针对多方交互数据进行可信传输与反向授权处理的方法,其中包括以下步骤:The method of the present invention using the above system to implement trusted transmission and reverse authorization processing for multi-party interactive data includes the following steps:
(1)在数据发送方建立可信环境;(1) Establish a trusted environment at the data sender;
(2)数据发送方随机生成对称加密密钥,对数据库进行数据加密存储;(2) The data sender randomly generates a symmetric encryption key and encrypts the data in the database for storage;
(3)数据接收方发起认证请求,数据发送方调用命令,使用芯片密钥签名认证报告,发送至数据接收方,基于远程认证构建可信传输;(3) The data receiver initiates an authentication request, the data sender calls the command, uses the chip key to sign the authentication report, and sends it to the data receiver, thus building a trusted transmission based on remote authentication;
(4)数据接收方向数据发送方发送协商反向授权权限范围;(4) The data receiving party sends a negotiated reverse authorization authority scope to the data sending party;
(5)数据发送方在可信执行环境中自定义数据访问策略清单,明确数据可访问范围;(5) The data sender customizes the data access policy list in the trusted execution environment to clarify the scope of data access;
(6)双方协商反向授权权限范围,数据发送方为数据接收方动态授权;(6) Both parties negotiate the scope of reverse authorization authority, and the data sender dynamically authorizes the data receiver;
(7)数据发送方将授权信息安全传输至数据接收方;(7) The data sender securely transmits the authorization information to the data receiver;
(8)数据接收方请求访问数据;(8) The data recipient requests access to the data;
(9)基于数据接收方访问请求中的令牌与临时密钥进行权限认证;(9) Authenticate permissions based on the token and temporary key in the data recipient's access request;
(10)数据发送方基于安全策略清单执行数据操作;(10) The data sender performs data operations based on the security policy list;
(11)数据发送方通过可信传输通道将受限数据流传输至数据接收方;(11) The data sender transmits the restricted data stream to the data receiver through a trusted transmission channel;
(12)数据接收方使用通信密钥对密文数据流进行解密,获得明文数据;(12) The data receiver uses the communication key to decrypt the ciphertext data stream and obtain the plaintext data;
(13)数据发送方调整数据访问策略清单并为数据接收方生成新的临时密钥。(13) The data sender adjusts the data access policy list and generates a new temporary key for the data receiver.
作为本发明的优选实施方式,所述的步骤(3)具体包括以下步骤:As a preferred embodiment of the present invention, the step (3) specifically comprises the following steps:
(3.1)数据接收方发起认证请求,数据发送方调用ATTESTATION命令,并使用芯片密钥签名认证报告,发送至数据接收方;(3.1) The data receiver initiates an authentication request, the data sender calls the ATTESTATION command, and uses the chip key to sign the authentication report and send it to the data receiver;
(3.2)数据接收方使用芯片ID向安全处理器厂商查询芯片证书,使用芯片证书验证认证报告;(3.2) The data receiver uses the chip ID to query the chip certificate from the security processor manufacturer and uses the chip certificate to verify the authentication report;
(3.3)数据接收方完成远程认证后,明确数据发送方环境可信,在数据发送方内使用ECDH密钥协议生成并与数据接收方共享通信密钥,可信传输信道构建完毕。(3.3) After the data receiver completes the remote authentication, it is clear that the data sender's environment is trustworthy. The data sender uses the ECDH key protocol to generate and share the communication key with the data receiver, and the trusted transmission channel is established.
作为本发明的优选实施方式,所述的步骤(6)具体包括以下步骤:As a preferred embodiment of the present invention, the step (6) specifically comprises the following steps:
双方协商反向授权权限范围,数据发送方为数据接收方动态授权,为数据接收方生成临时密钥和身份证明令牌,临时密钥附带具体的权限标签。The two parties negotiate the scope of reverse authorization permissions. The data sender dynamically authorizes the data receiver and generates a temporary key and identity token for the data receiver. The temporary key is accompanied by a specific permission label.
作为本发明的优选实施方式,所述的步骤(7)具体包括以下步骤:As a preferred embodiment of the present invention, the step (7) specifically comprises the following steps:
数据发送方通过国密SM3算法计算权限文件哈希值,并对哈希值与权限文件进行数字签名;The data sender calculates the hash value of the permission file using the national secret SM3 algorithm and digitally signs the hash value and permission file;
数据发送方通过可信传输通道将授权信息与签名发送给数据接收方,数据接收方需验证权限文件。The data sender sends the authorization information and signature to the data receiver through a trusted transmission channel, and the data receiver needs to verify the authority file.
作为本发明的优选实施方式,所述的步骤(9)具体包括以下步骤:As a preferred embodiment of the present invention, the step (9) specifically comprises the following steps:
基于数据接收方访问请求中的令牌与临时密钥进行权限认证,数据发送方通过令牌验证数据接收方身份合法性,如身份认证通过,则根据安全策略配置清单验证临时密钥附带的权限标签是否一致。The data sender uses the token to verify the legitimacy of the data recipient's identity. If the identity authentication is successful, the security policy configuration list is used to verify whether the permission label attached to the temporary key is consistent.
作为本发明的优选实施方式,所述的步骤(10)具体包括以下步骤:As a preferred embodiment of the present invention, the step (10) specifically comprises the following steps:
如果权限标签与安全策略配置清单一致,数据发送方则根据临时密钥和安全策略清单确认数据接收方所需数据范围,并且基于安全策略清单执行数据操作。If the permission label is consistent with the security policy configuration list, the data sender confirms the data scope required by the data receiver based on the temporary key and the security policy list, and performs data operations based on the security policy list.
本发明的该用于实现针对多方交互数据进行可信传输与反向授权处理的装置,其中所述的装置包括:The device for implementing trusted transmission and reverse authorization processing for multi-party interactive data of the present invention, wherein the device comprises:
处理器,被配置成执行计算机可执行指令;a processor configured to execute computer-executable instructions;
存储器,存储一个或多个计算机可执行指令,所述的计算机可执行指令被所述的处理器执行时,实现上述的实现针对多方交互数据进行可信传输与反向授权处理的方法的各个步骤。The memory stores one or more computer executable instructions. When the computer executable instructions are executed by the processor, the steps of the method for implementing the trusted transmission and reverse authorization processing of multi-party interactive data are implemented.
本发明的该用于实现针对多方交互数据进行可信传输与反向授权处理的处理器,其中所述的处理器被配置成执行计算机可执行指令,所述的计算机可执行指令被所述的处理器执行时,实现上述的实现针对多方交互数据进行可信传输与反向授权处理的方法的各个步骤。The processor of the present invention is used to implement trusted transmission and reverse authorization processing for multi-party interaction data, wherein the processor is configured to execute computer-executable instructions. When the computer-executable instructions are executed by the processor, the various steps of the above-mentioned method for implementing trusted transmission and reverse authorization processing for multi-party interaction data are implemented.
本发明的该计算机可读存储介质,其上存储有计算机程序,所述的计算机程序可被处理器执行以实现上述的实现针对多方交互数据进行可信传输与反向授权处理的方法的各个步骤。The computer-readable storage medium of the present invention stores a computer program thereon, and the computer program can be executed by a processor to implement the various steps of the above-mentioned method for realizing trusted transmission and reverse authorization processing for multi-party interactive data.
本发明的具体实施方式中,提出一种多方交互数据的可信传输与反向授权方法,用以实现多方交互数据的可信传输与反向授权,在系统安全层面保障数据可信传输,精细化反向授权模式下数据访问及使用权限。In a specific embodiment of the present invention, a method for trusted transmission and reverse authorization of multi-party interactive data is proposed to achieve trusted transmission and reverse authorization of multi-party interactive data, ensure trusted data transmission at the system security level, and refine data access and usage permissions under the reverse authorization mode.
一种多方交互数据的可信传输与反向授权方法,是由基于TEE(TrustedExecution Environment,可信执行环境)的可信传输与反向授权方法组成。TEE是整个发明的基础技术,TEE是可信执行环境的简称,它是指在计算设备的主处理器中设立的一个隔离且安全的区域。TEE设计的主要目的是在硬件和固件级别提供一个独立的安全区域,以保护敏感数据和代码免受同一设备的非可信软件的干扰和攻击。A trusted transmission and reverse authorization method for multi-party interactive data consists of a trusted transmission and reverse authorization method based on TEE (Trusted Execution Environment). TEE is the basic technology of the entire invention. TEE is the abbreviation of trusted execution environment, which refers to an isolated and secure area established in the main processor of a computing device. The main purpose of TEE design is to provide an independent security area at the hardware and firmware level to protect sensitive data and code from interference and attacks by untrusted software on the same device.
如图1所示,图1示出了本发明的一种多方交互数据的可信传输与反向授权的模块示意图,数据发送方构建可信执行环境TEE,包含密钥管理、远程认证、可信传输、数据加密、权限管理以及可行执行模块。数据接收方包含密钥管理、远程认证与可信传输模块。As shown in Figure 1, Figure 1 shows a module schematic diagram of a trusted transmission and reverse authorization of multi-party interactive data of the present invention. The data sender builds a trusted execution environment TEE, which includes key management, remote authentication, trusted transmission, data encryption, permission management and feasible execution modules. The data receiver includes key management, remote authentication and trusted transmission modules.
下面对数据发送方中的每个模块逐一进行详细说明。Each module in the data sender is described in detail below.
密钥管理:生成本方密钥对,可不定时更新。生成并存储对称加密密钥、临时密钥、通信密钥,使用密钥执行数据加解密操作。Key management: Generates a local key pair, which can be updated from time to time. Generates and stores symmetric encryption keys, temporary keys, and communication keys, and uses keys to perform data encryption and decryption operations.
远程认证:提供远程认证对接服务,生成证明报告并发送给数据接收方校验,目的是使得数据接收方确信数据发送方内软件组件在可信且隔离的环境中执行。Remote authentication: Provides remote authentication docking services, generates certification reports and sends them to the data recipient for verification, with the aim of ensuring that the data recipient is confident that the software components within the data sender are executed in a trusted and isolated environment.
可信传输:确认使用的TLS版本和选择的加密套件,在数据发送方内通过ECDH密钥交换算法共享同一份通信密钥。Trusted transmission: Confirm the TLS version used and the selected encryption suite, and share the same communication key through the ECDH key exchange algorithm within the data sender.
数据加密:在数据发送方内执行加密密钥生成、存储与使用,并使用数据发送方内的加密算法加密数据,将数据加密后存储于数据发送方内部。Data encryption: Encryption key generation, storage and use are performed within the data sender, and the data is encrypted using the encryption algorithm within the data sender. The encrypted data is stored within the data sender.
反向授权:自定义数据接收方安全策略清单,并为数据接收方生成附带权限标签的临时密钥与身份证明令牌,精细化反向授权模式下数据接收方数据访问及使用权限,并可根据业务需求更新或撤销数据接收方访问权限。Reverse authorization: Customize the data recipient's security policy list and generate a temporary key and identity token with a permission label for the data recipient, refine the data recipient's data access and usage permissions under the reverse authorization mode, and update or revoke the data recipient's access permissions based on business needs.
可信执行:建立可信执行环境,提供与外界隔离的安全执行环境,保护期内代码与数据不会泄露或恶意篡改,保证所有操作均可信执行。Trusted Execution: Establish a trusted execution environment and provide a secure execution environment isolated from the outside world. During the protection period, code and data will not be leaked or maliciously tampered with, ensuring that all operations can be executed reliably.
本发明应用于数据发送方包括:The present invention is applied to the data sender including:
建立可信环境。数据发送方在硬件支持TEE功能的设备上部署一个或多个可信应用(Trusted Application,TA)。TA负责在隔离且受保护的内存区域中处理敏感数据和执行安全操作,在远程认证中向数据接收方发送可信验证报告。Establish a trusted environment. The data sender deploys one or more trusted applications (TA) on a device whose hardware supports the TEE function. The TA is responsible for processing sensitive data and performing security operations in an isolated and protected memory area, and sending a trusted verification report to the data receiver during remote authentication.
数据加密存储。数据发送方在数据发送方内执行加密密钥生成、存储与使用,并使用数据发送方内的加密算法加密数据,将数据加密后存储于数据发送方内部,只有TA能够解密和访问这些数据。Data encryption storage. The data sender generates, stores and uses encryption keys within the data sender, and encrypts the data using the encryption algorithm within the data sender. The encrypted data is stored within the data sender, and only the sender can decrypt and access the data.
可信传输通道共建。数据发送方提供远程认证对接服务,生成证明报告并发送给数据接收方校验,目的是使得数据接收方确信数据发送方内软件组件在可信且隔离的环境中执行,数据发送方被验证可信后,在数据发送方内通过ECDH密钥交换算法共享同一份通信密钥,其中密钥均在数据发送方中生成、存储及使用。Co-construction of trusted transmission channels. The data sender provides remote authentication docking services, generates a certification report and sends it to the data receiver for verification. The purpose is to make the data receiver assure that the software components in the data sender are executed in a trusted and isolated environment. After the data sender is verified to be trustworthy, the data sender shares the same communication key through the ECDH key exchange algorithm, where the keys are generated, stored and used in the data sender.
安全策略清单配置。数据发送方在可信执行环境中自定义数据访问策略清单,明确数据可访问范围,如特定记录或字段,数据可访问方式,如读取、计算、不可复制,以及数据访问时间限制等。Security policy list configuration. The data sender customizes the data access policy list in the trusted execution environment to specify the data access scope, such as specific records or fields, data access methods, such as reading, computing, and non-copying, as well as data access time limits.
动态授权及授权信息安全传输。双方协商反向授权权限范围,数据发送方为数据接收方动态授权,会为数据接收方生成临时密钥和令牌,临时密钥附带具体的权限标签,如不可复制、一次性使用以及访问特定数据范围等。通过可信通道将授权信息发送给数据接收方,授权信息包含临时密钥、令牌、权限文件。Dynamic authorization and secure transmission of authorization information. The two parties negotiate the scope of reverse authorization permissions. The data sender dynamically authorizes the data receiver and generates a temporary key and token for the data receiver. The temporary key is accompanied by specific permission tags, such as non-copyable, one-time use, and access to a specific data range. The authorization information is sent to the data receiver through a trusted channel. The authorization information includes the temporary key, token, and permission file.
权限认证与数据操作。数据发送方会基于数据接收方令牌和临时密钥认证其身份与访问权限,数据接收方可在安全策略清单规定范围内执行数据访问与操作。Permission authentication and data operations. The data sender will authenticate the identity and access rights of the data receiver based on the data receiver's token and temporary key. The data receiver can perform data access and operations within the scope specified in the security policy list.
权限更新与撤销。根据业务需求或访问行为合法性判断,数据发送方可以在任何时候调整安全策略清单,并在数据发送方中为数据接收方分发新的临时密钥。安全策略清单包含数据可访问范围,如定记录或字段,数据可访问方式,如读取、计算、不可复制,以及数据访问时间限制等。Permission update and revocation. Based on business needs or the legality of access behavior, the data sender can adjust the security policy list at any time and distribute new temporary keys to the data receiver in the data sender. The security policy list includes the data access scope, such as a certain record or field, the data access method, such as reading, calculation, non-copying, and data access time limit.
数据接收方的模块如下:The modules of the data receiver are as follows:
密钥管理:生成本地密钥对,可不定时更新。安全存储、使用对称加密密钥、临时密钥、通信密钥。Key management: Generate local key pairs, which can be updated from time to time. Securely store and use symmetric encryption keys, temporary keys, and communication keys.
远程认证:向数据发送方发送远程认证请求,以确保数据发送方内软件组件在可信且隔离的环境中执行。Remote Attestation: Send a remote attestation request to the data sender to ensure that the software components within the data sender are executed in a trusted and isolated environment.
可信传输:确认使用的TLS版本和选择的加密套件,获得通信密钥,构建可信传输通道。Trusted transmission: Confirm the TLS version used and the selected encryption suite, obtain the communication key, and build a trusted transmission channel.
数据解密:使用通信密钥解密密文数据流,获得明文数据。Data decryption: Use the communication key to decrypt the ciphertext data stream to obtain the plaintext data.
本发明应用于数据接收方包括:The present invention is applied to a data receiver including:
远程认证与可信传输通道构建。数据接收方发送认证请求,数据发送方设备经过远程认证机制向数据接收方发送可信认证报告。数据接收方向可信第三方查询TEE硬件芯片证书验证认证报告,验证通过则构建可信传输通道。Remote authentication and trusted transmission channel construction. The data receiver sends an authentication request, and the data sender's device sends a trusted authentication report to the data receiver through the remote authentication mechanism. The data receiver queries the trusted third party for the TEE hardware chip certificate verification authentication report. If the verification is successful, a trusted transmission channel is established.
请求访问与受限数据流传输。数据接收方发送访问请求,请求包含其身份证明令牌与附带权限标签的临时密钥。基于身份证明和权限标签,数据接收方只能进行合法数据访问行为,数据接收方获得受限数据流。Request access and restricted data flow transmission. The data receiver sends an access request, which contains its identity token and a temporary key with a permission tag. Based on the identity token and permission tag, the data receiver can only perform legal data access behaviors, and the data receiver obtains a restricted data flow.
数据接收方发起远程认证请求,数据发送方调用ATTESTATION命令,并使用芯片密钥签名认证报告,发送至数据接收方处,数据接收方使用芯片ID向安全处理器厂商查询芯片证书,最后使用芯片证书验证认证报告;数据接收方完成远程认证后,明确数据发送方环境可信,在数据发送方内使用ECDH密钥协议生成并与数据接收方共享通信密钥,可信传输信道构建完毕。The data receiver initiates a remote authentication request, the data sender calls the ATTESTATION command, and uses the chip key to sign the authentication report and sends it to the data receiver. The data receiver uses the chip ID to query the chip certificate from the security processor manufacturer, and finally uses the chip certificate to verify the authentication report. After the data receiver completes the remote authentication, it is clear that the data sender's environment is trustworthy, and the ECDH key protocol is used within the data sender to generate and share the communication key with the data receiver, and the trusted transmission channel is built.
数据接收方,基于远程认证机制确保发送方硬件和软件环境为可信执行环境,数据接收方和数据发送方基于可信执行环境共同构建可信传输通道,共享一份通信密钥,其中密钥生成、存储与使用均在可信执行环境中进行。The data receiver ensures that the sender's hardware and software environment is a trusted execution environment based on the remote authentication mechanism. The data receiver and the data sender jointly build a trusted transmission channel based on the trusted execution environment and share a communication key. The key generation, storage and use are all performed in the trusted execution environment.
如图2所示,图2示出了示出了本发明的一种多方交互数据的可信传输与反向授权方法的流程图。具体步骤如下:As shown in FIG2 , FIG2 shows a flow chart of a method for trusted transmission and reverse authorization of multi-party interactive data of the present invention. The specific steps are as follows:
1.建立可信环境。在数据发送方处的支持TEE功能的硬件设备上部署一个或多个可信应用TA,构建数据安全传输与反向授权的可信执行环境。1. Establish a trusted environment. Deploy one or more trusted applications TA on the hardware device that supports TEE function at the data sender to build a trusted execution environment for secure data transmission and reverse authorization.
2.数据加密存储。数据发送方随机生成对称加密密钥key,对称加密算法采用国密SM4算法,加密过程可表示为SM4(data,key)→ct。其中data为原始数据,ct为密文。2. Data encryption storage. The data sender randomly generates a symmetric encryption key key. The symmetric encryption algorithm uses the national secret SM4 algorithm. The encryption process can be expressed as SM4 (data, key) → ct. Data is the original data and ct is the ciphertext.
密文存储于数据发送方内部,只有TA能够解密和访问这些数据。The ciphertext is stored inside the data sender, and only the sender can decrypt and access the data.
3.基于远程认证构建可信传输。数据接收方发起认证请求,数据发送方调用ATTESTATION命令,并使用芯片密钥签名认证报告,发送至数据接收方。数据接收方使用芯片ID向安全处理器厂商查询芯片证书,最后使用芯片证书验证认证报告。数据接收方完成远程认证后,明确数据发送方环境可信,在数据发送方内使用ECDH密钥协议生成并与数据接收方共享通信密钥,可信传输信道构建完毕。3. Build trusted transmission based on remote authentication. The data receiver initiates an authentication request, the data sender calls the ATTESTATION command, and uses the chip key to sign the authentication report and send it to the data receiver. The data receiver uses the chip ID to query the chip certificate from the security processor manufacturer, and finally uses the chip certificate to verify the authentication report. After the data receiver completes the remote authentication, it is clear that the data sender's environment is trusted, and the ECDH key protocol is used in the data sender to generate and share the communication key with the data receiver, and the trusted transmission channel is built.
4.协商反向授权权限范围。数据接收方向数据发送方发送协商反向授权权限范围,说明数据使用目的、数据访问要求、数据操作范围。4. Negotiate the scope of reverse authorization authority. The data receiver sends the data sender a negotiated reverse authorization authority scope, stating the purpose of data use, data access requirements, and data operation scope.
5.安全策略清单配置。数据发送方在可信执行环境中自定义数据访问策略清单,明确数据可访问范围,如特定记录或字段,数据可访问方式,如读取、计算、不可复制等,以及数据访问时间限制等。5. Security policy list configuration. The data sender customizes the data access policy list in the trusted execution environment to clarify the data access scope, such as specific records or fields, data access methods, such as reading, computing, and non-copying, as well as data access time limits.
6.动态授权。双方协商反向授权权限范围,数据发送方基于TEE为数据接收方动态授权,会为数据接收方生成临时密钥和身份证明令牌,临时密钥附带具体的权限标签,如不可复制、一次性使用以及访问特定数据范围等。6. Dynamic authorization. The two parties negotiate the scope of reverse authorization permissions. The data sender dynamically authorizes the data receiver based on TEE and generates a temporary key and identity token for the data receiver. The temporary key comes with specific permission tags, such as non-copyable, one-time use, and access to specific data ranges.
7.授权信息安全传输。授权信息包含临时密钥、令牌与权限文件。数据发送方通过国密SM3算法计算权限文件哈希值,并对哈希值与权限文件进行数字签名。数据发送方通过可信传输通道将授权信息与签名发送给数据接收方,数据接收方需验证权限文件。7. Secure transmission of authorization information. Authorization information includes temporary keys, tokens, and permission files. The data sender calculates the hash value of the permission file using the national encryption SM3 algorithm and digitally signs the hash value and permission file. The data sender sends the authorization information and signature to the data receiver through a trusted transmission channel, and the data receiver needs to verify the permission file.
8.请求访问。数据接收方请求访问数据,请求中包含令牌和附带权限标签的临时密钥。8. Request access. The data recipient requests access to the data, and the request includes a token and a temporary key with a permission tag.
9.权限认证。基于数据接收方访问请求中的令牌与临时密钥进行权限认证,数据发送方首先通过令牌验证数据接收方身份合法性,如身份认证通过,则根据安全策略配置清单验证临时密钥附带的权限标签是否一致。9. Permission authentication. Permission authentication is performed based on the token and temporary key in the data recipient's access request. The data sender first verifies the legitimacy of the data recipient's identity through the token. If the identity authentication passes, the permission label attached to the temporary key is verified to be consistent according to the security policy configuration list.
10.数据操作。如果权限标签与安全策略配置清单一致,数据发送方则可根据临时密钥和安全策略清单确认数据接收方所需数据范围,并且基于安全策略清单执行数据操作。10. Data operation. If the permission label is consistent with the security policy configuration list, the data sender can confirm the data scope required by the data receiver based on the temporary key and the security policy list, and perform data operations based on the security policy list.
11.受限数据流传输。数据发送方通过可信传输通道将受限数据流传输至数据接收方。11. Restricted data stream transmission: The data sender transmits the restricted data stream to the data receiver through a trusted transmission channel.
12.数据解密。数据接收方使用通信密钥对密文数据流进行解密,获得明文数据。12. Data decryption. The data receiver uses the communication key to decrypt the ciphertext data stream and obtain the plaintext data.
13.权限更新与撤销。根据业务需求或访问行为合法性判断,数据发送方可以在任何时候调整数据访问策略清单并在数据发送方中为数据接收方生成新的临时密钥。13. Update and revocation of permissions. Based on business needs or the legality of access behavior, the data sender can adjust the data access policy list at any time and generate a new temporary key for the data receiver in the data sender.
本申请公开了一种多方交互数据的可信传输与反向授权方法,数据接收方基于远程认证机制确保数据发送方硬件和软件环境为可信执行环境,双方基于TEE共同构建可信传输通道,在TEE内通过ECDH密钥交换算法共享同一份通信密钥。数据加密传输前密钥生成、存储和使用都在TEE内进行,避免密钥被操作系统或其他非可信应用获取。数据加密过程也在TEE内部执行,确保密钥和明文数据仅在受硬件保护的环境中处理,在系统安全层面保障数据可信传输。数据发送方基于TEE自定义安全策略清单,该清单详细描述数据接收方授权的数据操作的范围,包含可执行与限制的操作行为,如数据访问权限、数据处理方式、数据使用目的等,并为数据接收方分配附带权限标签的临时密钥和身份证明令牌。鉴于数据安全策略清单与临时密钥,只允许通过身份验证和授权的数据接收方解密,并在安全策略清单下合规使用数据,精细化反向授权模式下数据访问及使用权限。The present application discloses a trusted transmission and reverse authorization method for multi-party interactive data. The data receiver ensures that the hardware and software environment of the data sender is a trusted execution environment based on a remote authentication mechanism. The two parties jointly build a trusted transmission channel based on TEE and share the same communication key through the ECDH key exchange algorithm in TEE. Before data encryption transmission, key generation, storage and use are all performed in TEE to prevent the key from being obtained by the operating system or other non-trusted applications. The data encryption process is also executed inside TEE to ensure that the key and plaintext data are only processed in an environment protected by hardware, and to ensure the trusted transmission of data at the system security level. The data sender customizes the security policy list based on TEE, which describes in detail the scope of data operations authorized by the data receiver, including executable and restricted operation behaviors, such as data access rights, data processing methods, data use purposes, etc., and assigns a temporary key and identity token with a permission label to the data receiver. In view of the data security policy list and temporary key, only the data receiver who has passed identity authentication and authorization is allowed to decrypt, and use the data in compliance with the security policy list, and refine the data access and use rights under the reverse authorization mode.
本实施例的具体实现方案可以参见上述实施例中的相关说明,此处不再赘述。The specific implementation scheme of this embodiment can refer to the relevant description in the above embodiment, which will not be repeated here.
可以理解的是,上述各实施例中相同或相似部分可以相互参考,在一些实施例中未详细说明的内容可以参见其他实施例中相同或相似的内容。It can be understood that the same or similar parts of the above embodiments can be referenced to each other, and the contents not described in detail in some embodiments can refer to the same or similar contents in other embodiments.
需要说明的是,在本发明的描述中,术语“第一”、“第二”等仅用于描述目的,而不能理解为指示或暗示相对重要性。此外,在本发明的描述中,除非另有说明,“多个”的含义是指至少两个。It should be noted that, in the description of the present invention, the terms "first", "second", etc. are only used for descriptive purposes and cannot be understood as indicating or implying relative importance. In addition, in the description of the present invention, unless otherwise specified, the meaning of "plurality" refers to at least two.
流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。Any process or method description in a flowchart or otherwise described herein may be understood to represent a module, segment or portion of code that includes one or more executable instructions for implementing the steps of a specific logical function or process, and the scope of the preferred embodiments of the present invention includes alternative implementations in which functions may not be performed in the order shown or discussed, including performing functions in a substantially simultaneous manner or in the reverse order depending on the functions involved, which should be understood by those skilled in the art to which the embodiments of the present invention belong.
应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行装置执行的软件或固件来实现。例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。It should be understood that the various parts of the present invention can be implemented by hardware, software, firmware or a combination thereof. In the above-mentioned embodiment, a plurality of steps or methods can be implemented by software or firmware stored in a memory and executed by a suitable instruction execution device. For example, if implemented by hardware, as in another embodiment, it can be implemented by any one of the following technologies known in the art or their combination: a discrete logic circuit having a logic gate circuit for implementing a logic function for a data signal, a dedicated integrated circuit having a suitable combination of logic gate circuits, a programmable gate array (PGA), a field programmable gate array (FPGA), etc.
本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,相应的程序可以存储于一种计算机可读存储介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。A person skilled in the art may understand that all or part of the steps in the method for implementing the above-mentioned embodiment may be completed by instructing related hardware through a program, and the corresponding program may be stored in a computer-readable storage medium, which, when executed, includes one or a combination of the steps of the method embodiment.
此外,在本发明各个实施例中的各功能单元可以集成在一个处理模块中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。In addition, each functional unit in each embodiment of the present invention may be integrated into a processing module, or each unit may exist physically separately, or two or more units may be integrated into one module. The above-mentioned integrated module may be implemented in the form of hardware or in the form of a software functional module. If the integrated module is implemented in the form of a software functional module and sold or used as an independent product, it may also be stored in a computer-readable storage medium.
上述提到的存储介质可以是只读存储器,磁盘或光盘等。The storage medium mentioned above can be a read-only memory, a magnetic disk or an optical disk, etc.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, the description with reference to the terms "one embodiment", "some embodiments", "examples", "specific examples", or "some examples" means that the specific features, structures, materials or characteristics described in conjunction with the embodiment or example are included in at least one embodiment or example of the present invention. In this specification, the schematic representations of the above terms do not necessarily refer to the same embodiment or example. Moreover, the specific features, structures, materials or characteristics described may be combined in any one or more embodiments or examples in a suitable manner.
采用了本发明的针对多方交互数据实现可信传输与反向授权处理的系统、方法、装置、处理器及其计算机可读存储介质,实现多方交互数据的可信传输与反向授权,在系统安全层面保障数据可信传输,精细化反向授权模式下数据访问及使用权限。The system, method, device, processor and computer-readable storage medium of the present invention are used to implement trusted transmission and reverse authorization processing of multi-party interactive data, realize trusted transmission and reverse authorization of multi-party interactive data, ensure trusted data transmission at the system security level, and refine data access and usage permissions under the reverse authorization mode.
在此说明书中,本发明已参照其特定的实施例作了描述。但是,很显然仍可以作出各种修改和变换而不背离本发明的精神和范围。因此,说明书和附图应被认为是说明性的而非限制性的。In this specification, the present invention has been described with reference to specific embodiments thereof. However, it is apparent that various modifications and variations may be made without departing from the spirit and scope of the present invention. Therefore, the specification and drawings should be regarded as illustrative rather than restrictive.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410426508.1ACN118337430A (en) | 2024-04-10 | 2024-04-10 | System, method, device, processor and storage medium for realizing trusted transmission and reverse authorization processing for multiparty interaction data |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410426508.1ACN118337430A (en) | 2024-04-10 | 2024-04-10 | System, method, device, processor and storage medium for realizing trusted transmission and reverse authorization processing for multiparty interaction data |
| Publication Number | Publication Date |
|---|---|
| CN118337430Atrue CN118337430A (en) | 2024-07-12 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410426508.1APendingCN118337430A (en) | 2024-04-10 | 2024-04-10 | System, method, device, processor and storage medium for realizing trusted transmission and reverse authorization processing for multiparty interaction data |
| Country | Link |
|---|---|
| CN (1) | CN118337430A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119128951A (en)* | 2024-11-14 | 2024-12-13 | 山东锐通信息科技有限公司 | A multi-party supervision data management method |
| CN119416204A (en)* | 2024-11-05 | 2025-02-11 | 上海零数众合信息科技有限公司 | Data migration method, device, equipment, storage medium and product based on trusted execution environment |
| CN120105462A (en)* | 2025-04-30 | 2025-06-06 | 北京数字认证股份有限公司 | Data circulation method, system, electronic device and storage medium |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN119416204A (en)* | 2024-11-05 | 2025-02-11 | 上海零数众合信息科技有限公司 | Data migration method, device, equipment, storage medium and product based on trusted execution environment |
| CN119128951A (en)* | 2024-11-14 | 2024-12-13 | 山东锐通信息科技有限公司 | A multi-party supervision data management method |
| CN120105462A (en)* | 2025-04-30 | 2025-06-06 | 北京数字认证股份有限公司 | Data circulation method, system, electronic device and storage medium |
| Publication | Publication Date | Title |
|---|---|---|
| US12143476B2 (en) | Method of data transfer, a method of controlling use of data and cryptographic device | |
| US12003634B2 (en) | Systems and methods for encrypted content management | |
| JP7364674B2 (en) | Secure over-the-air firmware upgrades | |
| CN110214440B (en) | Computing system, method for transmitting protected data and readable storage medium | |
| AU2016287728B2 (en) | Confidential authentication and provisioning | |
| US8059818B2 (en) | Accessing protected data on network storage from multiple devices | |
| RU2325693C2 (en) | Methods of authentication of potentials members, which were invited to join the group | |
| CN110249336B (en) | Addressing trusted execution environments using signing keys | |
| US20080010242A1 (en) | Device authentication method using broadcast encryption (BE) | |
| JP2006505041A (en) | Secure integration and use of device-specific security data | |
| CN113614720A (en) | Apparatus and method for dynamically configuring access control of trusted applications | |
| CN113726733B (en) | Encryption intelligent contract privacy protection method based on trusted execution environment | |
| CN118337430A (en) | System, method, device, processor and storage medium for realizing trusted transmission and reverse authorization processing for multiparty interaction data | |
| CN110235134B (en) | Addressing trusted execution environments using clean room provisioning | |
| CA3160107A1 (en) | Secure enclave implementation of proxied cryptographic keys | |
| CA3172049A1 (en) | Exporting remote cryptographic keys | |
| CN101118579A (en) | A method and system for verifying permission | |
| CN118713833A (en) | Quantum-resistant security enhancements for the Open Identity Connection Protocol | |
| KR100970552B1 (en) | How to generate a security key using a non-certificate public key | |
| JP2005175992A (en) | Certificate distribution system and certificate distribution method | |
| CN111510918B (en) | Communication method, system, apparatus, electronic device, and readable storage medium | |
| Zhang et al. | Improved CP-ABE Algorithm Based on Identity and Access Control | |
| ALnwihel et al. | A Novel Cloud Authentication Framework | |
| CN119652527A (en) | Secure communication method, robot, server, and storage medium | |
| CN119071038A (en) | Single sign-on method, system, device, equipment and medium based on quantum key |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |