A cloud service authority authentication method, device, equipment and medium

Abstract

The embodiment of the present application discloses a cloud service authority authentication method, device, equipment, and medium. The cloud service authority authentication method includes: when the target cloud service provided by the cloud server needs to be used, obtain from the trusted area of ​​the terminal Deriving the signature key; the trusted area is one or more secure execution areas divided in the terminal memory; generating an authority authentication request based on the derived signature key, and the authority authentication request carries the derived signature key; sending the authority authentication to the cloud server Request, so that the cloud server performs service authentication according to the derived signature key carried in the permission authentication request; after the service authentication is successful, call the target cloud service. By adopting the embodiment of the present application, by dividing a secure trusted area in the terminal, the trusted area is used to ensure the security of the derived signature key, thereby ensuring the reliability of the authority authentication process based on the derived signature key.

Description

technical field [0001] This application relates to the field of cloud technology, specifically to the field of cloud computing security technology, and in particular to a cloud service authority authentication method, a cloud service authority authentication device, a cloud service authority authentication device, and a computer-readable storage medium. Background technique [0002] In recent years, cloud computing is becoming the strategic focus of the development of the information technology industry. Information technology companies around the world are transforming to cloud computing one after another. More and more Internet users call various cloud computing services provided by cloud servers (cloud services for short). ) to gain the convenience brought by cloud computing. [0003] Before an Internet user (such as an application developer) calls a cloud service, the cloud server needs to perform service authentication on the Internet user. After the authentication is ...

AI Technical Summary

Problems solved by technology

In the prior art, the authentication data involved in the authentication process (such as the derived signature key) is managed by Internet users. The common authentication methods include the following two types: one is to store the authentication data in plain text In the terminals of Internet users; such means will make the authentication data very easy to lose, such as being mis-distributed or stolen, which has a great security risk, which will affect the security of the authentication process

The other is to encrypt and store the authentication data in the Internet user's terminal, usually through public AES (Advanced Encryption Standard, Advanced Encryption Standard) or white-box encryption; although this method improves security, it also brings The storage of the encryption key (Key). When the Key is hacked and copied or stolen, the authentication data also has security risks, and the security of the authentication process cannot be guaranteed.

Images