Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of a data migration method based on a trusted execution environment according to a first embodiment of the present invention, where the embodiment is applicable to a case of data migration between trusted applications in a trusted data space based on an old version of a security chip, and specifically may be a case of migrating trusted application data from an old environment to a new environment. The method may be performed by a trusted execution environment-based data migration apparatus, which may be implemented in hardware and/or software, and which may be configured in an electronic device to which a first trusted application in a first trusted execution environment belongs.
As shown in fig. 1, the method includes:
And S110, sending a remote certification request to a second trusted application program in the second trusted execution environment, so that the second trusted application program can generate and feed back a remote authentication report based on the remote certification request.
S120, carrying out safe and reliable verification on the remote authentication report, and after verification is passed, sending a data key acquisition request to the second trusted application program so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request.
S130, sending an encrypted data acquisition request to the second trusted application program so that the second trusted application program can generate and feed back encrypted data according to the encrypted data acquisition request.
And S140, carrying out association storage on the data key communication ciphertext and the encrypted data.
Wherein the trusted execution environment (Trusted Execution Environment, TEE) is a stand-alone, secure computing environment intended to provide protection for sensitive data and code. TEE is typically present within the device's main processor, isolated from the operating system and other applications, to ensure protection from malware or other attacks while handling sensitive operations. The technology is widely applied to scenes requiring high security guarantee, such as data space, mobile payment, digital rights management, identity verification, password storage and the like. By providing an isolated, secure execution space, TEE technology enhances the security and data privacy protection of the device as a whole.
The first trusted execution environment may be a new environment to receive migration data, the first trusted application may be an application deployed in the first trusted execution environment, the second trusted execution environment may be an old environment in which encrypted data is currently located, from which data migration to other trusted execution environments is to be performed, and the second trusted application may be an application deployed in the first trusted execution environment. It should be noted that the first trusted application and the second trusted application are the same program deployed in different environments and of the same or different versions, for example, the first trusted application is an application a of version V2.0, and the second trusted application is an application a of version V1.0.
Wherein both the first trusted application and the second trusted application establish SSL (Secure Sockets Layer ) network connections for data transmission.
To ensure data migration security, security verification of the trusted execution environment is performed between a first trusted application of the first trusted execution environment and a second trusted application of the second trusted execution environment prior to data migration. In particular, application integrity verification and verification of application name or type may be included.
Illustratively, the first trusted application sends a remote attestation request to the second trusted application, and the second trusted application generates a remote attestation report based on the remote attestation request after receiving the remote attestation request.
In one embodiment, the second trusted application may generate the remote authentication report based on the remote attestation request by determining a random number based on the remote attestation request, sending the authentication report request and the random number to the application manager to provide the application manager with the remote authentication report generated by the application manager based on the authentication report request and the random number, and feeding the remote authentication report back to the second trusted application.
The remote certification request is subjected to request analysis to obtain a random number, the random number is randomly generated by the first trusted application program, and the remote certification request is generated based on the random number, so that the random number randomly generated by the first trusted application program is carried in the remote certification request. The second trusted application program sends an authentication report request and a random number to the application program manager, the application program manager obtains the integrity information of the operation environment report and the second trusted application program and carries the random number, the integrity information is added in the operation environment authentication report, the operation environment private key is adopted to sign the report information, a remote authentication report is obtained, the remote authentication report is returned to the second trusted application program, and the second trusted application program sends the remote authentication report to the first trusted application program.
The first trusted application performs secure trusted verification of information in the remote authentication report. The first trusted application program obtains environment authentication information from the environment authentication service according to a measurement value in the remote authentication report, requests a related certificate from a marine light chip CA (CERTIFICATE AUTHORITY) according to a chip ID (identity) in the remote authentication report, and performs safe and trusted verification on the information in the remote authentication report according to the environment authentication information and the related certificate.
After the first trusted application program passes the security and trust verification on the remote authentication report, the first trusted application program sends a data key acquisition request to the second trusted application program so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request.
It should be noted that, because the data encryption keys corresponding to the data of different application programs are different, for example, the data encryption key corresponding to the data a is the key a, and the data encryption key corresponding to the data B is the key B, before the data key is obtained, the first trusted application program may obtain the data list from the second trusted application program, and based on the data list, combine with the actual data migration requirement of the first trusted application program, obtain the data encryption key in a targeted manner.
In an alternative embodiment, the first trusted application sends a data key acquisition request to the second trusted application, so that the second trusted application generates and feeds back a data key communication ciphertext according to the data key acquisition request, and the method includes:
And a step a1 of sending a data list acquisition request to a second trusted application program so that the second trusted application program can generate and feed back a data list according to the data list acquisition request, wherein the data list comprises at least one movable data identifier.
The first trusted application program sends a data list acquisition request to the second trusted application program, and the second trusted application program performs data retrieval on data stored in the database after receiving the data list acquisition request to obtain stored data related to the second trusted application program and generate a data list. The application data corresponding to at least one application may be stored in the database of each environment. The second trusted application may generate, according to the retrieved data related to the second trusted application, a data identifier corresponding to each data, and store the data identifier as a migratable identifier in the data list. Because the data are different, the movable identifiers corresponding to the different data are different and can be used for representing the uniqueness of the data.
And a2, generating a data key acquisition request according to the movable data identifier in the data list.
The first trusted application program generates a data key acquisition request one by one for different data according to the movable data identification in the data list and the actual data migration requirement of the first trusted application program.
And a step a3 of sending a data key acquisition request to the second trusted application program so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request.
The first trusted application sends data key acquisition requests one by one to the second trusted application. After receiving the data key acquisition request, the second trusted application program queries the key from the key storage database to obtain the requested data key communication ciphertext, and feeds the data key communication ciphertext back to the first trusted application program.
In the trusted execution environment, in order to ensure the security of key storage, the key is usually stored in an encrypted manner, while the key capable of being decrypted is usually decrypted based on the derivative key of the own virtual machine, and in other environments, decryption processing cannot be performed, thereby ensuring the security of key storage. Therefore, the second trusted application needs to perform key decryption processing in its own virtual machine environment before feeding back the key to the first trusted application.
In a specific embodiment, the second trusted application performs the generation of the ciphertext for the data key communication in the following manner:
and b1, acquiring the data key seal ciphertext by the second trusted application program according to the data key acquisition request.
And the second trusted application program queries the data key seal ciphertext corresponding to the data key acquisition request from the database storing the key according to the data key acquisition request. The data key seal ciphertext can be an encryption key after encryption based on a derivative key of the self virtual machine.
And b2, performing deblocking processing on the data key seal ciphertext based on the seal key derived from the equipment to which the data key plaintext is attached.
The data key plaintext is a data key obtained by decrypting the data key seal ciphertext by the second trusted application program based on the seal key derived from the device to which the second trusted application program belongs.
And the second trusted application program decrypts the data key seal ciphertext based on the seal key derived from the equipment to which the second trusted application program belongs to obtain a data key plaintext.
And b3, encrypting the data key plaintext based on the communication key which is obtained by negotiating with the first trusted execution environment in advance to obtain the data key communication ciphertext.
It should be noted that, to ensure the security of the key transmission process, the first trusted execution environment and the second trusted execution environment negotiate in advance to obtain the communication key and store the communication key in their own environments respectively.
The second trusted application program encrypts the data key plaintext based on a communication key which is obtained by negotiating with the first trusted execution environment in advance to obtain a data key communication ciphertext, and feeds the data key communication ciphertext back to the first trusted application program.
After receiving the data key communication ciphertext, the first trusted application program decrypts the data key communication ciphertext based on the communication key pre-negotiated with the second trusted execution environment to obtain a data key plaintext, and stores the decrypted data key plaintext.
In order to further improve the storage security of the data key plaintext, after decrypting the data key communication ciphertext based on the communication key pre-negotiated with the second trusted execution environment to obtain the data key plaintext, the method further comprises the steps that the first trusted application program encrypts the data key plaintext based on a seal key derived from the device to which the first trusted application program belongs to obtain a data key seal ciphertext, and the data key seal ciphertext is stored.
The first trusted application transmits an encrypted data acquisition request to the second trusted application, and the second trusted application acquires encrypted data from a database storing the encrypted data according to the encrypted data acquisition request and transmits the acquired encrypted data to the first trusted application. The first trusted application stores the data key seal ciphertext in association with the encrypted data.
After completing the task of data migration from the second trusted execution environment to the first trusted execution environment, a person, platform, or system associated with the presence of an acquisition requirement and acquisition rights for the migrated data may initiate a data acquisition request to a first trusted application of the first trusted execution environment.
In an alternative embodiment, after completing the data migration task, the method further comprises:
and c1, responding to the data acquisition request, and decrypting the data key communication ciphertext based on the communication key which is obtained by negotiating with the second trusted execution environment in advance to obtain a data key plaintext.
After receiving the data acquisition request, verifying the identity authority of the request initiator so as to verify whether the request initiator has the data acquisition authority. If so, decrypting the data key communication ciphertext based on the communication key which is obtained by negotiating with the second trusted execution environment in advance to obtain a data key plaintext, and if not, sending the non-authority prompt related information to a request initiator of the data acquisition request.
And c2, decrypting the encrypted data by adopting the data key plaintext to obtain plaintext data.
And step c3, feeding back plaintext data.
And sending the plaintext data to a request initiator of the data acquisition request.
The technical scheme of the embodiment of the invention realizes the function of trusted application program data migration of the trusted data space through the trusted virtual machine technology based on the security chip, specifically, after the environment verification of the two-party trusted execution environment is carried out, a data key acquisition request is sent to a second trusted application program to be migrated so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request, an encrypted data acquisition request is sent to the second trusted application program so that the second trusted application program can generate and feed back encrypted data according to the encrypted data acquisition request, and the data key communication ciphertext and the encrypted data are stored in a correlated way, thereby improving the data migration efficiency and the data storage security. The technical scheme requires that the trusted application program data is encrypted and stored by using a random key, and then the data encryption key is encrypted and stored by using a seal key derived based on a trusted execution environment, so that only the unsealing and resealing treatment is needed to be carried out on the trusted application program data encryption key during data migration, and seamless access and use of the data in new and old environments are realized.
Example two
Fig. 2 is a flowchart of a data migration method based on a trusted execution environment according to a second embodiment of the present invention, where the embodiment is applicable to a case of data migration between trusted applications in a trusted data space based on an old version of a security chip, and specifically may be a case of migrating trusted application data from an old environment to a new environment. The method may be performed by a trusted execution environment-based data migration apparatus, which may be implemented in hardware and/or software, and which may be configured in an electronic device to which a second trusted application in a second trusted execution environment belongs.
As shown in fig. 2, the method includes:
S210, acquiring a remote certification request sent by a first trusted application in the first trusted execution environment, and generating a remote authentication report according to the remote certification request.
And S220, feeding back a remote authentication report to the first trusted application program so that the first trusted application program can perform safe and reliable verification on the remote authentication report, and generating and feeding back a data key acquisition request after verification is passed.
And S230, generating a data key communication ciphertext according to the data key acquisition request, and sending the data key communication ciphertext to the first trusted application program.
S240, acquiring an encrypted data acquisition request sent by the first trusted application program, and generating encrypted data according to the encrypted data acquisition request.
S250, sending the encrypted data to the first trusted application program so that the first trusted application program can store the data key communication ciphertext and the encrypted data in an associated mode.
The first trusted execution environment may be a new environment to receive migration data, the first trusted application may be an application deployed in the first trusted execution environment, the second trusted execution environment may be an old environment in which encrypted data is currently located, from which data migration to other trusted execution environments is to be performed, and the second trusted application may be an application deployed in the first trusted execution environment. It should be noted that the first trusted application and the second trusted application are the same program deployed in different environments and of the same or different versions, for example, the first trusted application is an application a of version V2.0, and the second trusted application is an application a of version V1.0.
The SSL network connection is established by both the first trusted application program and the second trusted application program for data transmission.
Illustratively, the first trusted application sends a remote attestation request to the second trusted application, and the second trusted application generates a remote attestation report based on the remote attestation request after receiving the remote attestation request.
In an alternative embodiment, generating a remote authentication report based on the remote attestation request includes:
step d1, determining a random number according to the remote proving request.
And d2, sending an authentication report request and a random number to the application manager so as to enable the application manager to generate a remote authentication report according to the authentication report request and the random number and feed back the remote authentication report to the second trusted application.
The remote certification request is subjected to request analysis to obtain a random number, the random number is randomly generated by the first trusted application program, and the remote certification request is generated based on the random number, so that the random number randomly generated by the first trusted application program is carried in the remote certification request. The second trusted application program sends an authentication report request and a random number to the application program manager, the application program manager obtains the integrity information of the operation environment report and the second trusted application program and carries the random number, the integrity information is added in the operation environment authentication report, the operation environment private key is adopted to sign the report information, a remote authentication report is obtained, the remote authentication report is returned to the second trusted application program, and the second trusted application program sends the remote authentication report to the first trusted application program.
The first trusted application performs secure trusted verification of information in the remote authentication report. The method comprises the steps of obtaining environment authentication information from environment authentication service according to a measurement value in a remote authentication report by a first trusted application program, requesting a relevant certificate from a sea light chip CA center according to a chip ID in the remote authentication report, and carrying out safe and trusted verification on the information in the remote authentication report according to the environment authentication information and the relevant certificate.
After the first trusted application program passes the security and trust verification on the remote authentication report, the first trusted application program sends a data key acquisition request to the second trusted application program so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request.
It should be noted that, because the data encryption keys corresponding to the data of different application programs are different, for example, the data encryption key corresponding to the data a is the key a, and the data encryption key corresponding to the data B is the key B, before the data key is obtained, the first trusted application program may obtain the data list from the second trusted application program, and based on the data list, combine with the actual data migration requirement of the first trusted application program, obtain the data encryption key in a targeted manner.
In an alternative embodiment, generating a data key communication ciphertext according to a data key acquisition request and sending the data key communication ciphertext to a first trusted application, includes:
and e1, acquiring a data list acquisition request sent by the first trusted application program, and generating a data list according to the data list acquisition request, wherein the data list comprises at least one movable data identifier.
The first trusted application program sends a data list acquisition request to the second trusted application program, and the second trusted application program performs data retrieval on data stored in the database after receiving the data list acquisition request to obtain stored data related to the second trusted application program and generate a data list. The application data corresponding to at least one application may be stored in the database of each environment. The second trusted application may generate, according to the retrieved data related to the second trusted application, a data identifier corresponding to each data, and store the data identifier as a migratable identifier in the data list. Because the data are different, the movable identifiers corresponding to the different data are different and can be used for representing the uniqueness of the data.
And e2, sending the data list to the first trusted application program so that the first trusted application program can generate and feed back a data key acquisition request according to the migratable data identifier in the data list.
The second trusted application sends a data manifest to the first trusted application. The first trusted application program generates a data key acquisition request one by one for different data according to the movable data identification in the data list and the actual data migration requirement of the first trusted application program.
And e3, acquiring the data key seal ciphertext according to the data key acquisition request.
And the second trusted application program queries the data key seal ciphertext corresponding to the data key acquisition request from the database storing the key according to the data key acquisition request. The data key seal ciphertext can be an encryption key after encryption based on a derivative key of the self virtual machine.
And e4, performing deblocking processing on the data key seal ciphertext based on the seal key derived from the equipment to which the data key plaintext is attached.
And the second trusted application program decrypts the data key seal ciphertext based on the seal key derived from the equipment to which the second trusted application program belongs to obtain a data key plaintext.
And e5, encrypting the data key plaintext based on the communication key which is obtained by negotiating with the first trusted execution environment in advance to obtain a data key communication ciphertext, and sending the data key communication ciphertext to the first trusted application program.
It should be noted that, to ensure the security of the key transmission process, the first trusted execution environment and the second trusted execution environment negotiate in advance to obtain the communication key and store the communication key in their own environments respectively.
The second trusted application program encrypts the data key plaintext based on a communication key which is obtained by negotiating with the first trusted execution environment in advance to obtain a data key communication ciphertext, and feeds the data key communication ciphertext back to the first trusted application program.
After receiving the data key communication ciphertext, the first trusted application program decrypts the data key communication ciphertext based on the communication key pre-negotiated with the second trusted execution environment to obtain a data key plaintext, and stores the decrypted data key plaintext.
In order to further improve the storage security of the data key plaintext, after decrypting the data key communication ciphertext based on the communication key pre-negotiated with the second trusted execution environment to obtain the data key plaintext, the method further comprises the steps that the first trusted application program encrypts the data key plaintext based on a seal key derived from the device to which the first trusted application program belongs to obtain a data key seal ciphertext, and the data key seal ciphertext is stored.
The first trusted application transmits an encrypted data acquisition request to the second trusted application, and the second trusted application acquires encrypted data from a database storing the encrypted data according to the encrypted data acquisition request and transmits the acquired encrypted data to the first trusted application. The first trusted application stores the data key seal ciphertext in association with the encrypted data.
After completing the task of data migration from the second trusted execution environment to the first trusted execution environment, a person, platform, or system associated with the presence of an acquisition requirement and acquisition rights for the migrated data may initiate a data acquisition request to a first trusted application of the first trusted execution environment.
In an alternative embodiment, after completing the data migration task, the method further comprises:
And f1, responding to the data acquisition request, and decrypting the data key communication ciphertext based on the communication key obtained by negotiating with the second trusted execution environment in advance to obtain a data key plaintext.
After receiving the data acquisition request, verifying the identity authority of the request initiator so as to verify whether the request initiator has the data acquisition authority. If so, decrypting the data key communication ciphertext based on the communication key which is obtained by negotiating with the second trusted execution environment in advance to obtain a data key plaintext, and if not, sending the non-authority prompt related information to a request initiator of the data acquisition request.
And f2, decrypting the encrypted data by adopting the data key plaintext to obtain plaintext data.
And f3, feeding back plaintext data.
And sending the plaintext data to a request initiator of the data acquisition request.
The technical scheme of the embodiment of the invention realizes the function of trusted application program data migration of the trusted data space through the trusted virtual machine technology based on the security chip, specifically, after the environment verification of the two-party trusted execution environment is carried out, a data key acquisition request is sent to a second trusted application program to be migrated so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request, an encrypted data acquisition request is sent to the second trusted application program so that the second trusted application program can generate and feed back encrypted data according to the encrypted data acquisition request, and the data key communication ciphertext and the encrypted data are stored in a correlated way, thereby improving the data migration efficiency and the data storage security. The technical scheme requires that the trusted application program data is encrypted and stored by using a random key, and then the data encryption key is encrypted and stored by using a seal key derived based on a trusted execution environment, so that only the unsealing and resealing treatment is needed to be carried out on the trusted application program data encryption key during data migration, and seamless access and use of the data in new and old environments are realized.
Example III
Fig. 3 is a schematic flow interaction diagram of a data migration method based on a trusted execution environment according to a second embodiment of the present invention. The present embodiment provides a preferred example based on the above-described embodiments. The first trusted execution environment is a new environment, the second trusted execution environment is an old environment, the purpose is to migrate data of a second trusted application program in the old environment into the new environment, and the specific interaction subject is that the first trusted application program in the new environment and the second trusted application program in the old environment interact with each other. As shown in fig. 3, the specific implementation steps are as follows:
s31, the first trusted application (new environment) sends a remote attestation request to the second trusted application (old environment).
And S32, the second trusted application program generates a remote authentication report according to the remote proving request.
The second trusted application program performs request analysis on the remote certification request to obtain a random number, wherein the random number is randomly generated by the first trusted application program and the remote certification request is generated based on the random number, so that the random number randomly generated by the first trusted application program is carried in the remote certification request. The application program manager obtains the operation environment report and the integrity information of the second trusted application program, carries the random number, adds the integrity information in the operation environment authentication report, signs the report information by using an operation environment private key to obtain a remote authentication report, and returns the remote authentication report to the second trusted application program.
And S33, the second trusted application program sends a remote authentication report to the first trusted application program.
S34, the first trusted application program performs safe and trusted verification on the remote authentication report, and if verification is passed, a data list acquisition request is generated.
The first trusted application performs secure trusted verification of information in the remote authentication report. The first trusted application program obtains environment authentication information from the environment authentication service according to a measurement value in the remote authentication report, requests a related certificate from a marine light chip CA (CERTIFICATE AUTHORITY) according to a chip ID (identity) in the remote authentication report, and performs safe and trusted verification on the information in the remote authentication report according to the environment authentication information and the related certificate.
And S35, the first trusted application program sends a data list acquisition request to the second trusted application program.
S36, the second trusted application program generates a data list according to the data list acquisition request.
And S37, the second trusted application program sends the data list to the first trusted application program.
S38, the first trusted application program traverses the data list, and generates a data key acquisition request according to the migratable data identification in the data list.
And S39, the first trusted application program sends a data key acquisition request to the second trusted application program.
And S310, the second trusted application program queries the data key according to the data key acquisition request to acquire the data key seal ciphertext.
And S311, the second trusted application program performs deblocking processing on the data key seal ciphertext based on the seal key derived from the equipment to which the second trusted application program belongs, so as to obtain a data key plaintext.
S312, the second trusted application program adopts the communication key to encrypt the data key plaintext to obtain the data key communication ciphertext.
The communication key is obtained by pre-negotiating the first trusted execution environment and the second trusted execution environment and is periodically stored in each own environment.
And S313, the second trusted application program sends the data key communication ciphertext to the first trusted application program.
S314, the first trusted application program sends an encrypted data acquisition request to the second trusted application program.
S315, the second trusted application acquires the encrypted data according to the encrypted data acquisition request.
S316, the second trusted application transmits the encrypted data to the first trusted application.
And S317, the first trusted application program stores the data key communication ciphertext and the encrypted data in an associated manner.
Alternatively, the first trusted application may also store the ciphertext for the data key communication and the encrypted data separately, which is not limited in this embodiment.
Example IV
Fig. 4 is a schematic structural diagram of a data migration device based on a trusted execution environment according to a fourth embodiment of the present invention. The data migration device based on the trusted execution environment provided by the embodiment of the invention is applicable to the situation of data migration between trusted applications in a trusted data space based on new and old versions of a security chip, and particularly can be the situation of migrating trusted application data from an old environment to a new environment, and the data migration device based on the trusted execution environment can be implemented in the form of hardware and/or software, and can be configured in a first trusted application in a first trusted execution environment, as shown in fig. 4, and specifically comprises a certification request sending module 401, a security verification module 402, an acquisition request sending module 403 and a data storage module 404. Wherein,
A certification request sending module 401, configured to send a remote certification request to a second trusted application in a second trusted execution environment, so that the second trusted application generates and feeds back a remote authentication report based on the remote certification request;
The security verification module 402 is configured to perform security and trust verification on the remote authentication report, and send a data key acquisition request to the second trusted application after the verification is passed, so that the second trusted application generates and feeds back a data key communication ciphertext according to the data key acquisition request;
An acquisition request sending module 403, configured to send an encrypted data acquisition request to the second trusted application, so that the second trusted application generates and feeds back encrypted data according to the encrypted data acquisition request;
and the data storage module 404 is used for carrying out associated storage on the data key communication ciphertext and the encrypted data.
The technical scheme of the embodiment of the invention realizes the function of trusted application program data migration of the trusted data space through the trusted virtual machine technology based on the security chip, specifically, after the environment verification of the two-party trusted execution environment is carried out, a data key acquisition request is sent to a second trusted application program to be migrated so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request, an encrypted data acquisition request is sent to the second trusted application program so that the second trusted application program can generate and feed back encrypted data according to the encrypted data acquisition request, and the data key communication ciphertext and the encrypted data are stored in a correlated way, thereby improving the data migration efficiency and the data storage security. The technical scheme requires that the trusted application program data is encrypted and stored by using a random key, and then the data encryption key is encrypted and stored by using a seal key derived based on a trusted execution environment, so that only the unsealing and resealing treatment is needed to be carried out on the trusted application program data encryption key during data migration, and seamless access and use of the data in new and old environments are realized.
Optionally, the security verification module 402 includes:
The list acquisition unit is used for sending a data list acquisition request to the second trusted application program so that the second trusted application program can generate and feed back a data list according to the data list acquisition request, wherein the data list comprises at least one movable data identifier;
a key request generating unit, configured to generate a data key obtaining request according to the migratable data identifier in the data list;
The acquisition request sending unit is used for sending the data key acquisition request to the second trusted application program so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request;
The generation mode of the data key communication ciphertext is as follows:
Acquiring a data key seal ciphertext by the second trusted application program according to the data key acquisition request;
Unpacking the data key seal ciphertext based on the seal key derived from the equipment to which the data key belongs to obtain a data key plaintext;
and encrypting the data key plaintext based on a communication key which is obtained by negotiating with the first trusted execution environment in advance to obtain a data key communication ciphertext.
Optionally, the apparatus further includes:
The decryption processing module is used for responding to the data acquisition request, and performing decryption processing on the data key communication ciphertext based on the communication key which is obtained by negotiating with the second trusted execution environment in advance to obtain a data key plaintext;
the data decryption module is used for decrypting the encrypted data by adopting the data key plaintext to obtain plaintext data;
and the plaintext feedback module is used for feeding back plaintext data.
Optionally, the apparatus further includes:
The seal ciphertext generation module is used for decrypting the data key communication ciphertext based on the communication key which is obtained by negotiating with the second trusted execution environment in advance to obtain a data key plaintext, and then encrypting the data key plaintext based on a seal key which is derived from equipment to which the data key plaintext belongs to obtain a data key seal ciphertext;
and the seal ciphertext storage module is used for storing the data key seal ciphertext.
The data migration device based on the trusted execution environment provided by the embodiment of the invention can execute the data migration method based on the trusted execution environment provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example five
Fig. 5 is a schematic structural diagram of a data migration device based on a trusted execution environment according to a fifth embodiment of the present invention. The data migration device based on the trusted execution environment provided by the embodiment of the invention can be applied to the situation of data migration between trusted applications in a trusted data space based on new and old versions of a security chip, particularly the situation of migration of trusted application data from an old environment to a new environment, and can be implemented in the form of hardware and/or software, and the data migration device based on the trusted execution environment can be configured in a second trusted application in a second trusted execution environment, as shown in fig. 5, and specifically comprises a certification request acquisition module 501, an authentication report feedback module 502, a key generation module 503, a data acquisition module 504 and an encrypted data feedback module 505. Wherein,
A certification request acquisition module 501, configured to acquire a remote certification request sent by a first trusted application in a first trusted execution environment, and generate a remote authentication report according to the remote certification request;
an authentication report feedback module 502, configured to feed back the remote authentication report to the first trusted application, so that the first trusted application performs secure and trusted verification on the remote authentication report, and after verification passes, generates and feeds back a data key acquisition request;
a key generating module 503, configured to generate a data key communication ciphertext according to the data key obtaining request, and send the data key communication ciphertext to the first trusted application;
A data acquisition module 504, configured to acquire an encrypted data acquisition request sent by the first trusted application, and generate encrypted data according to the encrypted data acquisition request;
And the encrypted data feedback module 505 is configured to send the encrypted data to the first trusted application, so that the first trusted application can store the data key communication ciphertext and the encrypted data in an associated manner.
The technical scheme of the embodiment of the invention realizes the function of trusted application program data migration of the trusted data space through the trusted virtual machine technology based on the security chip, specifically, after the environment verification of the two-party trusted execution environment is carried out, a data key acquisition request is sent to a second trusted application program to be migrated so that the second trusted application program can generate and feed back a data key communication ciphertext according to the data key acquisition request, an encrypted data acquisition request is sent to the second trusted application program so that the second trusted application program can generate and feed back encrypted data according to the encrypted data acquisition request, and the data key communication ciphertext and the encrypted data are stored in a correlated way, thereby improving the data migration efficiency and the data storage security. The technical scheme requires that the trusted application program data is encrypted and stored by using a random key, and then the data encryption key is encrypted and stored by using a seal key derived based on a trusted execution environment, so that only the unsealing and resealing treatment is needed to be carried out on the trusted application program data encryption key during data migration, and seamless access and use of the data in new and old environments are realized.
Optionally, the key generating module 503 includes:
The list request acquisition unit is used for acquiring a data list acquisition request sent by the first trusted application program and generating a data list according to the data list acquisition request, wherein the data list comprises at least one movable data identifier;
The list sending unit is used for sending the data list to the first trusted application program so that the first trusted application program can generate and feed back a data key acquisition request according to the movable data identification in the data list;
The seal key acquisition unit is used for acquiring a data key seal ciphertext according to the data key acquisition request;
The key unpacking unit is used for unpacking the data key seal ciphertext based on the seal key derived from the equipment to which the key unpacking unit belongs to obtain a data key plaintext;
And the communication ciphertext sending unit is used for encrypting the data key plaintext based on a communication key which is obtained by negotiating with the first trusted execution environment in advance to obtain a data key communication ciphertext and sending the data key communication ciphertext to the first trusted application program.
Optionally, the certification request acquisition module 501 includes:
a random number generation unit for determining a random number according to the remote attestation request;
And the random number sending unit is used for sending an authentication report request and the random number to the application program manager so that the application program manager can generate a remote authentication report according to the authentication report request and the random number and feed back the remote authentication report to the second trusted application program.
The data migration device based on the trusted execution environment provided by the embodiment of the invention can execute the data migration method based on the trusted execution environment provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example six
Fig. 6 shows a schematic diagram of an electronic device 60 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 6, the electronic device 60 includes at least one processor 61, and a memory, such as a Read Only Memory (ROM) 62, a Random Access Memory (RAM) 63, etc., communicatively connected to the at least one processor 61, in which the memory stores a computer program executable by the at least one processor, and the processor 61 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 62 or the computer program loaded from the storage unit 68 into the Random Access Memory (RAM) 63. In the RAM 63, various programs and data required for the operation of the electronic device 60 may also be stored. The processor 61, the ROM 62 and the RAM 63 are connected to each other via a bus 64. An input/output (I/O) interface 65 is also connected to bus 64.
Various components in the electronic device 60 are connected to the I/O interface 65, including an input unit 66, such as a keyboard, mouse, etc., an output unit 67, such as various types of displays, speakers, etc., a storage unit 68, such as a magnetic disk, optical disk, etc., and a communication unit 69, such as a network card, modem, wireless communication transceiver, etc. The communication unit 69 allows the electronic device 60 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
Processor 61 can be a variety of general-purpose and/or special-purpose processing components having processing and computing capabilities. Some examples of processor 61 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 61 performs the various methods and processes described above, such as a data migration method based on a trusted execution environment.
In some embodiments, the trusted execution environment-based data migration method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 68. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 60 via the ROM 62 and/or the communication unit 69. When the computer program is loaded into RAM 63 and executed by processor 61, one or more of the steps of the trusted execution environment-based data migration method described above may be performed. Alternatively, in other embodiments, processor 61 may be configured to perform the trusted execution environment-based data migration method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include being implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be a special or general purpose programmable processor, operable to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user and a keyboard and a pointing device (e.g., a mouse or a trackball) by which the user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user, for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback), and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a Local Area Network (LAN), a Wide Area Network (WAN), a blockchain network, and the Internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.