CN114201748B - Method for verifying trust of data source in scene of calculation moving to data end under high trust environment - Google Patents
Method for verifying trust of data source in scene of calculation moving to data end under high trust environment Download PDFInfo
- Publication number
- CN114201748B CN114201748B CN202111529683.6A CN202111529683A CN114201748B CN 114201748 B CN114201748 B CN 114201748B CN 202111529683 A CN202111529683 A CN 202111529683A CN 114201748 B CN114201748 B CN 114201748B
- Authority
- CN
- China
- Prior art keywords
- data
- detection
- source
- user
- detection result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000004364 calculation method Methods 0.000 title claims abstract description 43
- 238000001514 detection method Methods 0.000 claims abstract description 144
- 238000012795 verification Methods 0.000 claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 4
- 238000004458 analytical method Methods 0.000 claims description 23
- 238000005070 sampling Methods 0.000 claims description 8
- 238000005259 measurement Methods 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000013139 quantization Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 2
- GETQKLUOZMYHGE-UHFFFAOYSA-N 2-[[3-(3,6-dichlorocarbazol-9-yl)-2-hydroxypropyl]amino]-2-(hydroxymethyl)propane-1,3-diol Chemical compound ClC1=CC=C2N(CC(O)CNC(CO)(CO)CO)C3=CC=C(Cl)C=C3C2=C1 GETQKLUOZMYHGE-UHFFFAOYSA-N 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011897 real-time detection Methods 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The scheme discloses a method for verifying the trust of a data source in a scene of calculating and moving to a data end under a high trusted environment, which comprises the following steps: s1, loading computing application and a detection algorithm in a trusted execution environment; s2, the computing application reads the source data and performs operation processing based on the source data; detecting source data by a detection algorithm; s3, signing the detection result, and then sending the detection result and the calculation result to a data user together or respectively; s4, verifying the signature by the data user, if the verification is passed, the detection result is legal, otherwise, the detection result is illegal; and S5, after the validity is confirmed, the data user confirms whether the source data used by the computing application are compliant according to the detection result. According to the scheme, the remote data user can perform high-credibility data credibility detection on the premise that the data owner is not credible and the data cannot go out of the local area of the data owner, and the dilemma that the current data cannot go out of the local requirement and the legal compliance of the data used by the data user in credible verification calculation cannot be met at the same time is effectively solved.
Description
Technical Field
The invention belongs to the technical field of internet credibility, and particularly relates to a method for verifying credibility of a data source in a scene of calculating and moving to a data end under a high credibility environment.
Background
In order to alleviate the high cost of data transfer to the computing end and prevent privacy disclosure problem of data transfer beyond the data owner, a data access technology with "data immobility" as a core is increasingly widely used in large data processing. The technology still has certain defects, such as that related data and calculation are deployed in a service side range or a cloud controlled by the service side, because the data cannot be locally and privacy-preserving effect, the calculation of a data end is like the same black box, the user cannot touch the actually used data or the calculation process, the details of the calculation process cannot be known, the credibility of the calculation itself cannot be confirmed and verified, the validity and credibility of the data used in the calculation process cannot be confirmed and verified, the valid data expected by the data user cannot be really used in the calculation process, and only the service provider can be unconditionally trusted.
Information security method and system based on data access process under high-credibility environment, which are proposed by applicant before, are as follows: CN113282946B proposes a solution to this technical problem, namely, high-trust signing at the hardware level of the operational state in the process of operation, the data used. If the data user suspects that the data owner provides wrong data in the calculation process, the data user public key can be used for verifying the signature, the hash value of the data actually used in the calculation process is confirmed, then the hash value and the corresponding data owner data signature are sent to a third party audit arbitration mechanism, the third party arbitration mechanism firstly verifies the validity of the hash value based on the data owner public key submitted in advance by the data owner, determines that the hash value is indeed signed by the data owner, then the third party arbitration mechanism asks the data owner to submit the used data used in the calculation process, calculates the hash value of the submitted data, verifies whether the hash value is identical to the data hash value, and finally judges whether the data provided corresponding to the hash value is valid and legal. The method realizes that the data user verifies and traces the validity of the actual use data on the premise of not contacting the data.
The above solution, although it proposes a solution, has certain limitations such as: 1. the scheme needs to send the data to a third party, and cannot be applicable to a scene where the data cannot be locally displayed; 2. the verification object of the scheme is the whole use data, a large amount of data is needed for calculation in some scenes, a large amount of time is needed for verifying the data, the problem of low flexibility exists, the verification process is complex, and excessive delay of calculation can be caused by simultaneous operation of verification and calculation.
Disclosure of Invention
The invention aims to solve the problems and provides a method for verifying the trust of a data source in a scene of calculating and moving to a data end under a high-trust environment.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
a method for verifying the trust of a data source in a scene of a calculation shift-to-data end under a high-trust environment comprises the following steps:
s1, loading corresponding computing application and detection algorithm in a trusted execution environment according to a request of a data user, and receiving a signature private key of the data user based on secure encryption connection between the data user and the trusted execution environment;
s2, the computing application reads the source data and performs operation processing based on the read source data;
the detection algorithm detects the source data read by the computing application in a local trusted execution environment;
s3, signing the detection result by using a signature private key, and then sending the detection result and the calculation result to a data user together or respectively;
s4, verifying the signature by the data user, if the verification is passed, the detection result is legal, otherwise, the detection result is illegal;
and S5, after confirming that the detection result is legal, the data user confirms whether the source data used by the computing application are compliant or not according to the detection result.
In the above method for verifying trust of a data source in a scene of moving to a data end in a high-trust environment, step S1 includes:
s11, loading a detection algorithm in a trusted execution environment, carrying out hash measurement on memory data loaded with the detection algorithm to generate a measured value, signing the measured value by chip hardware, and then sending the signed measured value to a data user;
s12, the data user verifies the measured value signature and verifies whether the detection algorithm is compliant or not based on a remote authentication process;
s13, after the remote verification is successful, establishing encryption security connection between the data user and the trusted execution environment of the data owner, and sending a signature private key of the data user to the trusted execution environment through the security encryption connection.
The computing application may be an application local to the data owner or may be a computing application sent by the data consumer to the data owner, without limitation.
The detection algorithm may be sent to the data owner for the data consumer or by a third party authorized by the data consumer.
The calculation result can be directly sent to the data user, or can be sent to the data user after being signed, encrypted and the like, for example, the calculation result can be processed in a mode of using a comparison file mentioned in the background art.
In the above method for verifying the trust of the data source in the scene of the data end by calculating and moving to the high trusted environment, in step S13 or S1, the data user sends the public signature key to the trusted execution environment, so that the data owner verifies the signed detection result.
In the above-mentioned method for verifying the trust of the data source in the scene of moving to the data end under the high trust environment, in step S13, the data user sends the encryption key to the trust execution environment at the same time;
in step S3, the detection result is encrypted by using an encryption key and then signed by using a signature private key, and the detection result and the calculation result are sent to a data user together or respectively;
in step S4, the data user verifies the signature, and if the verification is passed, the data user further decrypts the signature with the encryption key to obtain a detection result.
In the above-mentioned method for verifying the trust of the data source in the scene of moving to the data end under the high trust environment, in step S3, the hash value of the detection result is calculated in the trusted execution environment, and the hash value is signed by using the signature private key and then is sent to the data user together with the calculation result or respectively;
in step S4, the data user verifies the signature, and requests the corresponding detection result from the data owner after the verification is passed, so that the data owner sends the corresponding detection result to the data user, the data user calculates the hash value of the detection result sent by the data owner, verifies whether the hash value is consistent with the hash value obtained by the signature verification, and if so, considers that the detection result is legal;
alternatively, in step S3, the detection result may be directly transmitted to the data consumer together with the calculation result.
In the above-mentioned method for verifying the trust of the data source in the scene of the data end by calculation in the high-trust environment, the detection rule of the detection algorithm is determined by the data user or is determined by the negotiation of the data user and the data owner.
In the method for verifying the trust of the data source in the scene of the data end, which is calculated and moved to under the high trusted environment, the detection algorithm is operated by the trusted execution environment of the data owner sent by the data user or the detection algorithm at the data owner designated by the data user.
In the method for verifying the credibility of the data source in the scene of the data end, which is calculated and moved in the high credibility environment, the detection rule comprises a sampling mode, a sampling frequency, an analysis mode and a relation between an analysis result and a credibility percentage of the source data read by the calculation application;
in the step S3, the detection result is a reliability percentage report of the sampled data;
in step S4, if the reliability of the reliability report obtained by the data user is higher than the set threshold, the source data is considered to be compliant, otherwise, the source data is not considered to be compliant.
In the method for verifying the trust of the data source in the scene of the data end in the calculation and shift mode under the high-trust environment, the analysis mode of the detection algorithm on the sampled data comprises whether the sampled data meets the preset condition or whether the content, the type and the format of the sampled data meet the expectations.
In the above method for verifying trust of computing and moving to a data source in a data end scene under a high trusted environment, the step S3 further includes:
the data owner judges the file size of the detection report, and if the file size is larger than the file set value, the data owner does not allow transmission.
The invention has the advantages that:
1. the scheme automatically checks whether the data (which can be data format, content, type and the like) used in the calculation process is in accordance with expectations or not by a detection algorithm for the safe and reliable spot check of the data user, so that the detection of high-credibility data credibility of a remote data user can be realized on the premise that the data owner cannot trust and the data cannot go out of the local of the data owner, and the dilemma that the local requirement cannot be met by the data cannot be met at present and the legal compliance of the data used by the credible verification calculation of the data user can be effectively solved;
2. the detection mode is not limited to the source data content, can detect the data in various forms such as data types, data formats and the like, has higher flexibility, has higher detection efficiency compared with the detection of the data content, occupies less memory space, avoids excessive interference to calculation, and reduces the calculation rate.
Drawings
FIG. 1 is a flowchart of a method for verifying trust of a data source in a scene of a computing-move-to-data end in a highly trusted environment of the present invention;
FIG. 2 is a flowchart of a method for verifying the trust of a data source in a scene of a data end in which the calculation is moved under the highly trusted environment of the present invention;
fig. 3 is a flowchart of a method for verifying trust of a data source in a scene of moving computation to a data end in a highly trusted environment of the present invention.
Detailed Description
The scheme is further described below with reference to the accompanying drawings:
example 1
The method is mainly characterized in that when the method is used for calculating the data of the data user, a detection algorithm provided or designated by the data user samples and detects the data used by the calculation application in the trusted execution environment of the data owner, and the detection result is encrypted and signed and then sent to the data user, so that the data cannot be locally output, the data user can verify the credibility of the data used by calculation in a personalized and credible mode, the situation that the data user is completely passive is reversed, and the benign operation of the whole data market is ensured. As shown in fig. 1, the method specifically comprises the following steps:
1) The data consumer generates a symmetric encryption key K, and a pair of signature keys (a signature public key k_pub and a signature private key k_pri); the public key k_pub may be delivered to the data owner.
2) Enabling corresponding computing application and detection algorithm in a trusted execution environment by a data owner according to a request of a data user; the detection algorithm may be integrated in the computing application or may exist separately. The computing application can exist in the data owner, the data user specifies the corresponding computing application to load and run in the trusted execution environment, and the data user sends the computing application to the trusted execution environment of the data owner to load and run; similarly, the detection algorithm may be stored in the data owner, and the data user specifies that the detection algorithm is loaded in the trusted execution environment, or the detection algorithm may be loaded in the trusted execution environment that the data user sends to the data owner.
3) Remote authentication flow to perform chip-level privacy calculations (e.g., remote Attestation based on Intel SGX technology): the trusted execution environment is loaded with computing application and detection algorithm, hash measurement is carried out on memory data of the loaded data to generate a measured value, the measured value is directly signed by chip hardware and then sent to a data user, and the sending can be sent in the form of Intel SGX Quote, for example.
The two cases where the detection algorithm is independent or integrated in the computing application are discussed separately:
if the detection algorithm is integrated in the computing application, the computing application is run in a trusted execution environment and hash measurement is performed on memory data loaded with the computing application to generate a measured value, and a data user verifies a signature of the measured value and verifies whether the computing application is compliant based on a remote authentication procedure (at this time, the computing application integrates the detection algorithm, so that the detection algorithm is verified at the same time).
If the detection algorithm exists independently, loading the computing application and the detection algorithm respectively, carrying out hash measurement respectively to generate hash measured values respectively, and respectively verifying the measured value signature and respectively verifying whether the computing application and the detection algorithm are compliant by the data user based on a remote authentication process.
For example, IAS Intel Attestation Service or Intel DCAP Extensions Datacenter Attestation Primitives based on Intel SGX verifies the validity of hardware, compares the hash values, and verifies whether the detection algorithm, the computing application is on the white list of the client or has been authorized by the client.
4) A successful remote authentication verification indicates that the trusted execution environment of the data owner has run the computing application and detection algorithm that the data consumer needs and authenticates, and then the data consumer establishes an cryptographically secure connection (e.g., an Intel SGX-based RA-TLS: remote attestation TLS connection) with the trusted execution environment of the data owner.
5) The data consumer sends the symmetric encryption key K, as well as the signature private key k_pri, to the trusted execution environment of the data owner via the secure encrypted connection.
6) The computing application reads the source data D and performs an arithmetic process based on the read source data. The detection algorithm running in the trusted execution environment performs local detection according to the source data D used by the detection rule spot check computing application to obtain a detection result R, encrypts the detection result R by using a symmetric encryption key K to obtain an enc_R, signs the encryption value enc_R based on a signature private key K_pri to obtain a Sig_R, and then sends the signature result Sig_R and a first calculation result to a data user or independently sends the signature result Sig_R and the first calculation result to the data user at any time according to the requirement of the data user.
7) The data owner can verify sig_r based on the public signature key k_pub, thereby proving that it is indeed the signature by the private signature key k_pri corresponding to the data user.
8) The data user receives the signature result Sig_R, firstly uses the corresponding signature public key K_pub to verify the signature result Sig_R, and uses the encryption key K to decrypt the encryption value enc_R after the verification is successful to obtain a detection result R.
9) After the detection result R is legal, the data user confirms whether the source data used by the computing application is compliant according to the detection result obtained by the step 8).
Specifically, the detection result R is a reliability percentage quantization value X% obtained by detecting the source data D according to the detection rule. In step 9), if the confidence percentage value X% obtained by the data user is higher than the set threshold, the source data is considered to be compliant, otherwise, the source data is not compliant.
Specifically, the detection rule is determined by the data consumer or by negotiation by the data consumer and the data owner. In the embodiment, the former is taken as an example, and meanwhile, the detection algorithm is sent to the data owner by the data user, the data user sends the detection algorithm containing the detection rule required by the data user to the trusted execution environment, and the detection algorithm detects the source data used by the computing application in the trusted execution environment according to the detection rule and gives an X% detection result.
The detection rules include the way the source data is extracted, the sampling frequency, the way the sampled data is analyzed, and the relationship between the analysis result and the reliability percentage are read by the computing application. Taking real-time detection of a real-time source data stream as an example, the sampling frequency may be that sample data with a duration time being a set duration is extracted once at intervals, and the extraction manner may be that all source data or part of source data in the current sampling period (for example, a certain number of rows and a certain number of columns are randomly extracted). The relationship between the analysis results and the percentage of confidence in the various analysis modes is likewise determined by the specific detection algorithm, i.e. by the data consumer.
The analysis mode of the detection algorithm on the sampled data can be whether the sampled data meets the preset condition, or whether the sampled data content, the sampled data type or the sampled data format meets the expectations, etc.
Whether the sampled data satisfies a preset condition: for example, the preset condition is that the values in the wage columns are all greater than 1 ten thousand, the preset condition is embedded into the detection algorithm, the wage columns are found in the detection process, then whether the wage columns are all greater than 1 ten thousand is judged, the final X% is given according to the judging result and the relation between the analysis result of the detection rule and the reliability percentage, for example, all greater than 1 ten thousand is satisfied, and the detection result is 100% or 99%.
Whether the sampled data type meets expectations: for example, in the setting type, the header of the source data should be age, sex, occupation, the age corresponding column should be number, the sex corresponding column should be "man" or "woman", the occupation corresponding column should be a certain occupation, the setting type has embedded the detection algorithm, the header of the sampling data is compared with the setting type, the data type judgment is performed on each column, the comparison result is the analysis result, and the final X% is given according to the comparison result and the relation between the analysis result of the detection rule and the reliability percentage.
Whether the sampled data content meets expectations: for example, the detection algorithm is embedded with expected data content, the sampled data content is compared with the expected data content, the comparison and comparison degree is an analysis result, and the final X% is given according to the comparison result and the relation between the analysis result of the detection rule and the reliability percentage. Such as randomly spot checking corresponding row information for a particular column or a particular primary key in a database.
The data formats are similar and are not described in detail herein. The specific analysis mode is determined by the data user according to the need and embedded into the detection algorithm, and then the detection algorithm is sent to the trusted execution environment or the detection algorithm with the required analysis mode is specified. The detection algorithm can have one analysis mode or a plurality of analysis modes, and the analysis results of the plurality of analysis modes can be weighted to give the final X percent.
The scheme enables the detection algorithm to automatically check whether the data (which can be data format, content, type and the like) used in the calculation process accords with the expectations for the data user safely and reliably. The detection algorithm is specified or sent by the data user, and the hash value measurement and signature verification are carried out on the running memory of the data user in the trusted execution environment after the hash value measurement and signature verification are carried out in the step 3), so that the detection result of the detection algorithm is absolute in credibility and cannot be changed by the data owner after being signed by the data user signature private key in the trusted execution environment, and the absolute credibility is also achieved. Therefore, the data user can detect the credibility of the calculated data by sending a detection algorithm to the data owner and signing the data by a signature private key, and can detect the credibility of the data with high credibility on the premise that the data does not go out of the local area, thereby effectively solving the dilemma that the current data does not go out of the local area and the legal compliance of the data used by the data user for the credibility verification calculation cannot be met at the same time.
Example two
As shown in fig. 2, the present embodiment is similar to the embodiment in that the detection result of the present embodiment is not encrypted by using the encryption key K, and the detection result is directly signed by using the signature private key k_pri to be sent to the data consumer, in which case the data owner can read the detection report sent to the data consumer in the clear, but cannot tamper with the detection report, and the purpose of identifying the source data compliance can be achieved.
Example III
As shown in fig. 3, this embodiment is different from the second embodiment in that the present embodiment calculates a hash value h_r of the detection result R in the trusted execution environment, signs the hash value h_r with a signature private key k_pri to obtain sig_hr, and then sends the hash value h_ R, sig _hr to the data consumer.
The data consumer verifies the validity of h_r on the basis of the corresponding signature public key and signature sig_hr and requests the corresponding detection result R from the data consumer after the verification has passed, the data consumer thus transmitting the corresponding detection result R to the data consumer, preferably via a further connection channel. The data user calculates a hash value H_R2 of the detection result R sent by the data owner, verifies whether the hash value H_R2 is consistent with the hash value H_R obtained by the verification, and if so, considers that the detection result R is legal.
Example IV
The present embodiment is similar to the embodiment, except that the present embodiment further includes, before step S3:
the data owner judges the file size of the detection report, and if the file size is larger than the file set value, the data owner does not allow transmission. Since the detection result is returned to the data user in the form of an X% report, the size of the reported file is limited, and if the file exceeds a set value, it indicates that the file may contain private data. The file size is judged, and the file is prevented from being transmitted outside the detection report exceeding the set value, so that the safety of the privacy data can be absolutely ensured, and the privacy data is prevented from being transmitted out of the local place in the form of the detection report. The data owner does not need to verify the detection algorithm provided by the data user, if the data user is not required to provide a monitoring algorithm source code and verify whether the application has the purpose of stealing data, the data user can be effectively prevented from stealing the data source by receiving the detection report, the method has the advantage of simple detection mode, and meanwhile, the safety of the source data can be ensured.
The specific embodiments described herein are offered by way of example only to illustrate the spirit of the invention. Those skilled in the art may make various modifications or additions to the described embodiments or substitutions thereof without departing from the spirit of the invention or exceeding the scope of the invention as defined in the accompanying claims.
Although terms such as data consumer, data owner, computing application, detection algorithm, encryption key, signature private key, signature public key, etc. are used more herein, the possibility of using other terms is not precluded. These terms are used merely for convenience in describing and explaining the nature of the invention; they are to be interpreted as any additional limitation that is not inconsistent with the spirit of the present invention.
Claims (8)
1. The method for verifying the trust of the data source in the scene of calculating and moving to the data end in the high-trust environment is characterized by comprising the following steps:
s1, loading corresponding computing application and detection algorithm in a trusted execution environment according to a request of a data user, and receiving a signature private key of the data user based on secure encryption connection between the data user and the trusted execution environment;
the computing application is a logic program used by a data user for using source data; the data detection algorithm is provided or specified by a data provider;
s2, the computing application reads the source data and performs operation processing based on the read source data;
the detection algorithm detects the source data read by the computing application in a local trusted execution environment;
s3, signing the detection result by using a signature private key, and then sending the detection result and the calculation result to a data user together or respectively;
s4, verifying the signature by the data user, if the verification is passed, the detection result is legal, otherwise, the detection result is illegal;
s5, after confirming that the detection result is legal, the data user confirms whether source data used by the computing application are compliant according to the detection result;
the detection result is a reliability percentage quantization value obtained by detecting the source data according to a detection rule; if the reliability of the reliability report obtained by the data user is higher than a set threshold, the source data is considered to be compliant, otherwise, the source data is not compliant;
the detection rule comprises a sampling mode, a sampling frequency, an analysis mode and a relation between an analysis result and a credibility percentage of source data read by a computing application;
the analysis mode of the detection algorithm on the sampled data comprises any one or more of whether the sampled data meets the preset condition, whether the content of the sampled data accords with the expectation, whether the type of the sampled data accords with the expectation, and whether the format of the sampled data accords with the expectation;
the final X% is given according to the analysis result of the detection algorithm, i.e. the relation between the analysis result and the percentage of confidence.
2. The method for verifying trust of a data source in a scene of moving computation to a data end in a highly trusted environment according to claim 1, wherein the step S1 comprises:
s11, loading a detection algorithm in a trusted execution environment, carrying out hash measurement on memory data loaded with the detection algorithm to generate a measured value, signing the measured value by chip hardware, and then sending the signed measured value to a data user;
s12, the data user verifies the measured value signature and verifies whether the detection algorithm is compliant or not based on a remote authentication process;
s13, after the remote verification is successful, establishing encryption security connection between the data user and the trusted execution environment of the data owner, and sending the signature private key to the trusted execution environment through the security encryption connection.
3. The method for verifying trust of a data source in a scenario where computing moves to a data end in a highly trusted environment according to claim 2, wherein in step S13 or S1, the data user sends a public signature key to the trusted execution environment for verification of the signed detection result by the data owner.
4. The method for verifying trust of a data source in a scenario where computing moves to a data end in a highly trusted environment according to claim 2, wherein in step S13, the data consumer sends the encryption key to the trusted execution environment at the same time;
in step S3, the detection result is encrypted by using an encryption key and then signed by using a signature private key, and the detection result and the calculation result are sent to a data user together or respectively;
in step S4, the data user verifies the signature, and if the verification is passed, the data user further decrypts the signature with the encryption key to obtain a detection result.
5. The method for verifying the trust of the data source in the scene of moving to the data end in the calculation under the high trust environment according to claim 2, wherein in the step S3, the hash value of the detection result is calculated in the trusted execution environment, and the hash value is signed by using the signature private key and then is sent to the data user together with the calculation result or respectively;
in step S4, the data user verifies the signature, and requests the corresponding detection result from the data owner after the verification is passed, so that the data owner sends the corresponding detection result to the data user, the data user calculates a hash value of the detection result sent by the data owner, verifies whether the hash value is consistent with the hash value obtained by the signature verification, and if so, considers that the detection result is legal.
6. The method for verifying trust of a data source in a scenario of a computing-moved-to-data end in a highly trusted environment according to claim 2, wherein the detection rules of the detection algorithm are determined by a data consumer or by a negotiation of the data consumer and a data owner.
7. The method of claim 6, wherein the detection algorithm is executed by a trusted execution environment in which the data user sends the data owner or by a detection algorithm in which the data user specifies the data owner.
8. The method for verifying trust of a data source in a scene of moving computation to a data end in a highly trusted environment according to claim 1, wherein the step S3 is preceded by:
the data owner judges the file size of the detection report, and if the file size is larger than the file set value, the data owner does not allow transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111529683.6A CN114201748B (en) | 2021-12-14 | 2021-12-14 | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111529683.6A CN114201748B (en) | 2021-12-14 | 2021-12-14 | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114201748A CN114201748A (en) | 2022-03-18 |
| CN114201748B true CN114201748B (en) | 2024-02-06 |
Family
ID=80653686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111529683.6A Active CN114201748B (en) | 2021-12-14 | 2021-12-14 | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114201748B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884714B (en) * | 2022-04-26 | 2024-03-26 | 北京百度网讯科技有限公司 | Task processing method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021073170A1 (en) * | 2019-10-18 | 2021-04-22 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for data provision and fusion |
| CN113282946A (en) * | 2021-07-20 | 2021-08-20 | 南湖实验室 | Information security method and system based on data access process in high-reliability environment |
| WO2021190452A1 (en) * | 2020-03-23 | 2021-09-30 | 齐鲁工业大学 | Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things |
| CN113569266A (en) * | 2021-09-22 | 2021-10-29 | 南湖实验室 | Host remote monitoring method based on chip level privacy calculation |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2937484B1 (en) * | 2008-10-22 | 2011-06-17 | Paycool Int Ltd | DIGITAL SIGNATURE METHOD IN TWO STEPS |
-
2021
- 2021-12-14 CN CN202111529683.6A patent/CN114201748B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021073170A1 (en) * | 2019-10-18 | 2021-04-22 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for data provision and fusion |
| WO2021190452A1 (en) * | 2020-03-23 | 2021-09-30 | 齐鲁工业大学 | Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things |
| CN113282946A (en) * | 2021-07-20 | 2021-08-20 | 南湖实验室 | Information security method and system based on data access process in high-reliability environment |
| CN113569266A (en) * | 2021-09-22 | 2021-10-29 | 南湖实验室 | Host remote monitoring method based on chip level privacy calculation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114201748A (en) | 2022-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181928B (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
| US20080083039A1 (en) | Method for integrity attestation of a computing platform hiding its configuration information | |
| US20110202992A1 (en) | method for authenticating a trusted platform based on the tri-element peer authentication(tepa) | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| US20230368194A1 (en) | Encryption method and decryption method for payment key, payment authentication method, and terminal device | |
| CN108777675B (en) | Electronic device, block chain-based identity authentication method, and computer storage medium | |
| US20190097805A1 (en) | Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device | |
| CN109190362B (en) | Secure communication method and related equipment | |
| CN111160915A (en) | Bus code verification method and device, traffic code scanning equipment and terminal equipment | |
| CN108923925B (en) | Data storage method and device applied to block chain | |
| CN114201748B (en) | Method for verifying trust of data source in scene of calculation moving to data end under high trust environment | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN109446752B (en) | Copyright file management method, system, device and storage medium | |
| CN112380501B (en) | Equipment operation method, device, equipment and storage medium | |
| CN112217636B (en) | Data processing method and device based on block chain, computer equipment and medium | |
| CN111510462B (en) | Communication method, system, device, electronic equipment and readable storage medium | |
| CN115549930B (en) | Verification method for logging in operating system | |
| CN112351043A (en) | Vehicle navigation factory setting password management method and system | |
| CN116881936A (en) | Trusted computing method and related equipment | |
| CN116707983A (en) | Authorization authentication method and device, access authentication method and device, equipment and medium | |
| CN114640524B (en) | Method, apparatus, device and medium for processing transaction replay attack | |
| KR101868564B1 (en) | Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same | |
| CN114024682A (en) | Cross-domain single sign-on method, service equipment and authentication equipment | |
| CN112822217A (en) | Server access method, device, equipment and storage medium | |
| CN113395161A (en) | Verification method, verification device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |