Information security method and system based on data access process in high-trust environment

A data access and information security technology, applied in digital data protection, electronic digital data processing, computer security devices, etc., can solve the problem of "data immobility" and achieve the effects of ensuring privacy, convenient review, and increasing illegal costs

Active Publication Date: 2021-11-16
NANHU LAB
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The present invention is based on the idea of ​​"data does not move, program moves" in the current big data field, and at the same time solves the problems of current related technologies in terms of data and computing security, controllable traceability, credible review and confirmation of responsibility, etc., and provides a Information security method and system based on data access process in high-trust environment

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Information security method and system based on data access process in high-trust environment
  • Information security method and system based on data access process in high-trust environment
  • Information security method and system based on data access process in high-trust environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0098] This embodiment is similar to Embodiment 1, the difference is that the application scenario of this embodiment is based on a certain basis of trust between the data owner and the data user, such as two relatively independent corporate entities under the same head office, or a government-affiliated entity. Between different departments that are completely independent, the data authorization unit does not verify the measured value, such as whether the application is on the white list of the data owner. Since both parties have a certain basis of trust, the verification of the measured value is omitted. It can improve the efficiency of data access. In this embodiment, after verifying the validity of the measured value signature, an access token is directly generated for the task request and sent to the data operation unit, and the measured value and the measured value signature are saved to support trusted traceability. Let the dishonesty leave a mark, so that the responsibi...

Embodiment 3

[0101] This embodiment is similar to Embodiment 1, except that the owner's data signature and owner's result signature in this embodiment are secondary signatures for the user's data signature and user's result signature respectively.

[0102] That is, in step 10, the data user's signature key K_user_sign_priv digitally signs the data hash value of the data used to obtain the user's data signature S_user_data, and the data owner's signature key K_owner_sign_priv performs a second signature on the user's data signature S_user_data to obtain the owner Party data signature S_owner_data;

[0103] That is, in step 12, the data operation unit calculates the hash value of the result to obtain the result hash value, and obtains the user result signature S_user_result based on the data user signature key K_user_sign_priv, and the data owner signature key K_owner_sign_priv signs the user result S_user_result Perform secondary signature to obtain owner result signature S_owner_result.

Embodiment 4

[0105] This embodiment is similar to Embodiment 1, the difference is that the signature key of the data user in this embodiment is trusted and securely stored in the data authorization unit, when the data user uses the data in the data center again in the future , directly extract the signature key of the corresponding data user, without sending the signature key every time the data center is used. The signature key is credibly and securely stored in the data authorization unit, which can be based on solidified technology of hardware trusted computing, such as IntelSGX Sealing.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an information security method and system based on a data access process in a highly trusted environment, comprising: S1. a user interaction unit credibly receives a task request and generates a task identifier; S2. a data operation unit downloads and loads a task request The corresponding application program is sent to the encrypted memory, and the measurement value and its measurement value signature are obtained; S3. The data authorization unit generates an access token according to the measurement value; S4. The data operation unit uses the corresponding data of the data center based on the access token, and based on the data Obtain the result, perform credible processing on the result and the use data to obtain the result information and use data information respectively; S5. The user interaction unit conducts credible verification on the use data information and the result information respectively, and sends the result information to the data after the verification is successful. User. This solution performs real-time review and verification on the programs that move to the data terminal in real time, and authorizes them to access the data center only after the verification is successful, effectively avoiding threats to data security caused by untrustworthy software.

Description

technical field [0001] The invention belongs to the technical field of Internet data protection, and in particular relates to an information security method and system based on a data access process in a high-trust environment. Background technique [0002] In order to alleviate the high cost of data transmission to the computing terminal and prevent the privacy leakage of data transmission to other than the data owner, in big data processing, a data access technology whose core is "data does not move, program moves" is increasingly used. more widely applied. But such technology still has certain defects, mainly in: [0003] 1. In order to avoid affecting other services as much as possible, although the program application being transmitted is usually run in a relatively isolated environment, such as a virtual machine, the application always needs to touch the data. If the application itself is malicious software or cannot Trust software will cause certain damage to data s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/60G06F21/64G06F9/48G06F9/50
CPCG06F9/4881G06F9/5027G06F21/602G06F21/604G06F21/64
Inventor 张磊勾鹏唐攀攀刘昊沙枫廖佳纯
Owner NANHU LAB
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap