Terminal networking method, system, computer device and storage medium
By acquiring the current trusted report of the smart terminal and generating the status adjudication result, the on/off status of the data transmission channel is controlled, which solves the problem of insufficient security protection capability of smart terminals and realizes secure and trusted authentication and information security protection for terminals accessing the network.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING KEXIN HUATAI INFORMATION TECH
- Filing Date
- 2022-11-30
- Publication Date
- 2026-06-23
Smart Images

Figure CN116155534B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of computer technology, and in particular to a terminal networking method, system, computer device, and storage medium. Background Technology
[0002] Currently, the security protection of traditional computer and server equipment is generally quite comprehensive. However, with the maturity of mobile communication technology, its convenience and ease of use have greatly surpassed that of traditional computer equipment, and it has gradually permeated all aspects of people's work and life. Smart terminals running different operating systems and applications are becoming increasingly widespread, but the security protection capabilities of these smart terminals have not been adequately configured to match them. This makes it impossible to ensure the security and trustworthiness of remote smart terminals accessing the network, and allowing insecure remote smart terminals to access the network poses a danger to information security. Summary of the Invention
[0003] To address the aforementioned technical problems, this application provides a terminal networking method, system, computer device, and storage medium.
[0004] In a first aspect, this application provides a terminal networking method, including:
[0005] Upon detecting a business data request, obtain the current trusted report corresponding to the smart terminal, wherein the business data request is used to obtain target business data from the business server;
[0006] The current trust report is sent to the adjudication server through the report transmission channel. The adjudication server is used to send the status adjudication result corresponding to the smart terminal to the edge device according to the current trust report. The status adjudication result is used to indicate the security and trust level of the smart terminal. The edge device is used to control the on / off status of the data transmission channel between the smart terminal and the business server according to the status adjudication result corresponding to the smart terminal.
[0007] When the connection / disconnection state is connected, the target service data is obtained through the data channel.
[0008] Secondly, this application provides a terminal networking method, including:
[0009] Obtain the status decision result corresponding to the smart terminal;
[0010] The status of the data transmission channel between the smart terminal and the business server is controlled based on the status decision result.
[0011] Thirdly, this application provides a terminal networking method, including:
[0012] Upon receiving a current trust report from a smart terminal, a corresponding status decision result is generated based on the current trust report, wherein the status decision result is used to indicate the security and trustworthiness level of the smart terminal;
[0013] The status decision result is sent to the boundary device, wherein the status decision result is used to indicate the security and trustworthiness level of the smart terminal, and the boundary device is used to control the connection and disconnection status of the data transmission channel between the smart terminal and the business server according to the status decision result corresponding to the smart terminal.
[0014] Fourthly, this application provides a terminal networking system, including:
[0015] The intelligent terminal is used to generate a current trust report based on the detected business data request, and send the current trust report to the adjudication server through the report transmission channel;
[0016] A boundary device is used to control the on / off state of the data transmission channel between the smart terminal and the business server based on the business data request from the smart terminal and the status decision result of the smart terminal from the decision server.
[0017] The adjudication server is configured to receive the current trusted report corresponding to the smart terminal through the report transmission channel, generate the corresponding status adjudication result based on the current trusted report, and send the status adjudication result to the boundary device.
[0018] A service server is used to provide the target service data corresponding to the service data request to the smart terminal through the data transmission channel when the data transmission channel is connected.
[0019] Fifthly, this application provides a computer device including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of any one of the first to third aspects described above.
[0020] In a sixth aspect, this application provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of any one of the first to third aspects.
[0021] Based on the aforementioned terminal networking method, when a smart terminal detects a service data request, it obtains a current trust report corresponding to the smart terminal and sends the current trust report to the adjudication server through the report transmission channel. The adjudication server then sends a status adjudication result corresponding to the smart terminal to the boundary device based on the current trust report. The status adjudication result indicates the security and trustworthiness level of the smart terminal. The boundary device controls the connectivity of the data transmission channel between the smart terminal and the service server based on the status adjudication result. When the connectivity is established, the boundary device obtains the target service data from the service server through the data transmission channel. This process identifies the security and trustworthiness level of the smart terminal seeking to access the service server and controls whether to allow the smart terminal to access the network based on its security and trustworthiness level, thereby preventing devices in an insecure state from accessing the network and posing a risk to information security. Attached Figure Description
[0022] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with the invention and, together with the description, serve to explain the principles of the invention.
[0023] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0024] Figure 1 This is an application environment diagram of a terminal networking method in one embodiment;
[0025] Figure 2 This is a flowchart illustrating a terminal networking method in one embodiment;
[0026] Figure 3 This is a flowchart illustrating a terminal networking method in one embodiment;
[0027] Figure 4 This is a flowchart illustrating a terminal networking method in one embodiment;
[0028] Figure 5 This is a flowchart illustrating a terminal networking method in one embodiment;
[0029] Figure 6 This is a structural block diagram of a smart terminal in one embodiment;
[0030] Figure 7 This is a structural block diagram of a boundary device in one embodiment;
[0031] Figure 8 This is a block diagram of the adjudication server in one embodiment;
[0032] Figure 9 This is an internal structural diagram of a computer device in one embodiment. Detailed Implementation
[0033] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application.
[0034] Figure 1 This is a diagram illustrating the application environment of a terminal networking method in one embodiment. (Refer to...) Figure 1 This terminal networking method is applied to a terminal networking system. The terminal networking system includes a smart terminal 110, a border device 120, and a communication network 130. The smart terminal 110 establishes a communication connection with the communication network 130 through the border device 120. Specifically, the smart terminal 110 can be a desktop or mobile terminal based on operating systems such as Linux, Android, Windows, or iOS. The mobile terminal 110 can be at least one of a mobile phone, tablet computer, or laptop computer. The border device 120 can be a gateway device such as a router, switch, or network access controller. The communication network 130 includes a service server 132 and an adjudication server 131. The service server 132 provides data resources to the smart terminal 110, and the adjudication server 131 determines the security and trustworthiness level of the smart terminal 110. The service server 132 or the adjudication server 131 can be implemented using a separate server or a server cluster consisting of multiple servers.
[0035] In one embodiment, Figure 2 This is a flowchart illustrating a terminal networking method in one embodiment, with reference to... Figure 2 This invention provides a terminal networking method. This embodiment primarily applies this method to the aforementioned... Figure 1 Taking the smart terminal 110 as an example, the specific steps of the terminal's network connection method include the following:
[0036] Step S210: Upon detecting a business data request, obtain the current trusted report corresponding to the smart terminal 110, wherein the business data request is used to obtain target business data from the business server 132.
[0037] Specifically, a business data request is a data request initiated by any business application in the smart terminal 110 to the business server 132. The trusted software component in the smart terminal 110 monitors the operation of each business application in real time. When the smart terminal 110 detects that a business application has initiated a business data request to the business server 132, it incentivizes the trusted report query component in the smart terminal 110 to request a trusted report from the trusted software component. The trusted software component generates a current trusted report based on the current monitoring of the business application and then transmits the current trusted report to the trusted report query component.
[0038] Step S220: Send the current trusted report to the adjudication server 131 through the report transmission channel.
[0039] The adjudication server 131 is used to send the status adjudication result corresponding to the smart terminal 110 to the border device 120 according to the current trust report. The status adjudication result is used to indicate the security and trust level of the smart terminal 110. The border device 120 is used to control the connection and disconnection status of the data transmission channel between the smart terminal 110 and the service server 132 according to the status adjudication result corresponding to the smart terminal 110.
[0040] Specifically, such as Figure 5 As shown, the report transmission channel is a normally open communication channel. Its two ends are connected to the trusted report query component of the smart terminal and the adjudication result query component of the adjudication server 131, respectively. The report transmission channel passes through the boundary device 120 and is used to transmit the current trusted report of the smart terminal 110. The adjudication server 131 analyzes the received current trusted report to determine the security and trustworthiness level of the smart terminal 110, thereby generating a corresponding status adjudication result. The status adjudication result includes "secure and trustworthy" and "abnormal and untrustworthy." "Secure and trustworthy" indicates that the smart terminal 110 is operating normally, while "abnormal and untrustworthy" indicates that the smart terminal 110 exhibits abnormal behavior, such as vulnerabilities or intrusion. The adjudication server 131 sends the status adjudication result to the boundary device 120, causing the boundary device 120 to control the connectivity of the data transmission channel between the smart terminal and the business server 132 based on the status adjudication result. When the status adjudication result is "secure and trustworthy," the boundary device 120 controls the data transmission channel to be connected; when the status adjudication result is "abnormal and untrustworthy," the boundary device 120 controls the data transmission channel to be disconnected.
[0041] Step S230: When the on / off state is connected, the target service data is obtained through the data channel.
[0042] Specifically, when the connection status is "connected," it indicates that the smart terminal 110 is currently secure and trustworthy, and the smart terminal 110 is allowed to access the communication network 130 to access the business server 132. When the connection status is "disconnected," it indicates that the smart terminal 110 is currently abnormally untrustworthy, and the smart terminal 110 is denied access to the communication network 130 to prevent it from accessing the business server 132. This achieves the goal of identifying the security and trustworthiness level of the smart terminal 110 to access the business server 132, and controlling whether the smart terminal 110 is allowed to access the network based on the security and trustworthiness level of the smart terminal 110, thereby avoiding the danger to information security posed by devices in an insecure state accessing the network.
[0043] In one embodiment, obtaining the current trusted report corresponding to the smart terminal 110 upon detecting a business data request includes:
[0044] Upon detecting a business data request, the current dynamic measurement information and current static measurement information corresponding to the smart terminal 110 are obtained;
[0045] The current trust report is generated based on the current dynamic measurement information and the current static measurement information.
[0046] Specifically, when the smart terminal 110 detects a business data request, it incentivizes the trusted report query component in the smart terminal 110 to request a trusted report from the trusted software component. The trusted software component generates a current trusted report based on the current static and dynamic measurement information for each business application. The static measurement information refers to the results of pre-boot integrity checks and legality verifications of the smart terminal 110's operating system image, kernel driver, services, and applications. The dynamic measurement information refers to the results of runtime integrity checks and legality verifications of the smart terminal 110's operating system call table, important file system data structures, important network system data structures, kernel code segments, and application code segments. Therefore, the trusted software component generates a current trusted report indicating the running status of the smart terminal 110 based on the current static and dynamic measurement information, and then passes the current trusted report to the trusted report query component.
[0047] In one embodiment, generating the current trust report based on the current dynamic measurement information and the current static measurement information includes:
[0048] Generate current trusted information based on the current dynamic measurement information and the current static measurement information;
[0049] The current trusted information is signed to generate the current trusted report.
[0050] Specifically, based on the current dynamic measurement information and the current static measurement information, current trusted information is generated. The current trusted information is then digitally signed to obtain a current trusted report. The adjudication server 131 performs signature verification on the current trusted report to ensure the integrity of the current trusted report during transmission, thereby mitigating the risk that the current trusted report may be tampered with or lost during transmission.
[0051] In one embodiment, the step of signing the current trusted information and generating the current trusted report includes:
[0052] The currently trusted information is signed to generate a signature trust report;
[0053] The signature trust report is encrypted to obtain the current trust report.
[0054] Specifically, after digitally signing the current trusted information, a signed trusted report is obtained. To improve the transmission security of the signed trusted report in the report transmission channel, the signed trusted report is encrypted. The encryption method can be symmetric encryption or asymmetric encryption. In this embodiment, the signed trusted report is asymmetric encrypted to obtain the current trusted report. The encrypted current trusted report is then sent to the report transmission channel to be transmitted to the adjudication server 131. Upon receiving the current trusted report, the adjudication server 131 will decrypt the current trusted report and then perform signature verification. By signing and encrypting the current trusted information, the integrity and security of the trusted report during transmission are ensured.
[0055] In one embodiment, such as Figure 3 As shown, a terminal networking method is provided, applied to a border device 120, the method comprising:
[0056] Step S310: Obtain the status decision result corresponding to the smart terminal 110.
[0057] Specifically, such as Figure 5 As shown, the boundary device 120 is located between the smart terminal 110 and the communication network 130, and is used to control the connection between the smart terminal 110 and the communication network 130. The boundary device 120 receives the status adjudication result corresponding to the smart terminal 110 sent by the adjudication server 131. Specifically, the adjudication server 131 may actively send the status adjudication result of the smart terminal 110 connected to the boundary device 120 to the boundary device 120, or the boundary device 120 may request the status adjudication result corresponding to the smart terminal 110 from the adjudication server 131 when it receives a service data request initiated by the smart terminal 110.
[0058] Since the boundary device 120 is located between the smart terminal 110 and the communication network 130, the report transmission channel passes through the boundary device 120. That is, the smart terminal 110 transmits the current trusted report to the boundary device 120 through the report transmission channel, and the boundary device 120 then forwards the current trusted report to the adjudication server 131 through the report transmission channel. The boundary device 120 can either forward the current trusted report or verify it to determine its legality and completeness. It will then forward legal and complete current trusted reports to the adjudication server 131 and refuse to forward illegal and / or incomplete current trusted reports to the adjudication server 131. This performs a preliminary verification of trusted reports entering the adjudication server 131, ensuring the validity of the information entering the adjudication server 131 and avoiding the adjudication server 131 from processing invalid information, thereby reducing the computational workload of the adjudication server 131 in processing invalid information.
[0059] Step S320: Control the on / off state of the data transmission channel between the smart terminal 110 and the business server 132 according to the status decision result.
[0060] Specifically, when the status decision is secure and trustworthy, the boundary device 120 controls the data transmission channel to be connected; when the status decision is abnormally untrustworthy, the boundary device 120 controls the data transmission channel to be disconnected. When the connection is established, it indicates that the smart terminal 110 is currently secure and trustworthy, and the boundary device 120 allows the smart terminal 110 to access the communication network 130 to access the business server 132. When the connection is disconnected, it indicates that the smart terminal 110 is currently abnormally untrustworthy, and the boundary device 120 denies the smart terminal 110 access to the communication network 130 to prevent it from accessing the business server 132. This achieves the goal of identifying the security and trustworthiness level of the smart terminal 110 seeking to access the business server 132, and controlling whether the smart terminal 110 is allowed to access the network based on its security and trustworthiness level, thereby preventing devices in an insecure state from accessing the network and posing a risk to information security.
[0061] In one embodiment, such as Figure 4 As shown, a terminal networking method is provided, applied to an adjudication server 131, the method comprising:
[0062] Step S410: Upon receiving a current trust report from the smart terminal 110, a corresponding status decision result is generated based on the current trust report, wherein the status decision result is used to indicate the security and trustworthiness level of the smart terminal 110.
[0063] Specifically, the adjudication query component in the adjudication server 131 receives the current trust report from the smart terminal 110 sent by the border device 120 through the report transmission channel. The current trust report of the smart terminal 110 is used to indicate the current operating status of the smart terminal 110. The adjudication query component forwards the received current trust report to the adjudication service component in the adjudication server 131. The adjudication service component analyzes and determines the security and trust level of the smart terminal 110 based on the current trust report, thereby obtaining the status adjudication result.
[0064] Step S420: Send the status decision result to the boundary device 120, wherein the status decision result is used to indicate the security and trustworthiness level of the smart terminal 110, and the boundary device 120 is used to control the on / off status of the data transmission channel between the smart terminal 110 and the service server 132 according to the status decision result corresponding to the smart terminal 110.
[0065] Specifically, such as Figure 5 As shown, the adjudication service component in the adjudication server 131 sends the analyzed status adjudication result to the border device 120, so that the border device 120 controls the on / off status of the data transmission channel between the smart terminal 110 and the business server 132 according to the status adjudication result.
[0066] In one embodiment, generating a corresponding status decision result based on the current trust report received from the smart terminal 110 includes:
[0067] Upon receiving a current trusted report from the smart terminal 110, the current trusted report is decrypted to obtain a signed trusted report;
[0068] The signature trust report is verified to obtain the signature verification result;
[0069] If the signature verification result is successful, the status adjudication result is generated based on the matching results between the values of each metric parameter in the signature trust report and the corresponding benchmark values.
[0070] Specifically, the signed trust report is encrypted before transmission to improve the security of the report transmission. Therefore, the adjudication query component in the adjudication server 131 decrypts the current trust report upon receiving it to obtain the signed trust report. The adjudication query component also performs signature verification on the signed trust report to obtain the signature verification result. The signature verification result includes verification success and verification failure. Verification success indicates that the integrity of the signed trust report has not been compromised during transmission, while verification failure indicates that the integrity of the signed trust report has been compromised or lost during transmission.
[0071] The adjudication query component only sends successfully verified signature trust reports to the adjudication service component. The adjudication service component analyzes and processes the successfully verified signature trust reports, that is, it uses the baseline values of the system boot program, system program, important configuration parameters, terminal hardware parameters, etc. corresponding to the smart terminal 110 in memory to match the corresponding measurement parameter values in the signature trust report to determine the status adjudication result. That is, if the matching result between each measurement parameter value and the baseline value of the corresponding parameter is successful, the status adjudication result is determined to be secure and trustworthy; if the matching result between at least one measurement parameter value and the baseline value of the corresponding parameter is unsuccessful, the status adjudication result is determined to be abnormal and untrustworthy.
[0072] In one embodiment, generating a corresponding status decision result based on the current trust report received from the smart terminal 110 includes:
[0073] When multiple current trust reports are received from different smart terminals 110, a corresponding status decision result is generated according to the response priority of each smart terminal 110 based on the current trust reports of the different smart terminals 110.
[0074] Specifically, the adjudication service component can provide query services for multiple different adjudication query components. Each adjudication query component corresponds to a smart terminal 110. When different adjudication query components simultaneously send adjudication result query requests to the adjudication service component, the adjudication service component can respond sequentially according to the response priority of each adjudication query component. The response priority of each adjudication query component can be set according to the response priority of the smart terminal 110 to which each adjudication query component communicates. For example, the response priority of a smartphone is higher than that of a computer, and the response priority of a computer is higher than that of a smart tablet. The response priority between smart terminals 110 can be set according to device type, or according to the data type of the business data request. For example, the response priority of game data type is higher than that of video, and the response priority of video is higher than that of image or text. Alternatively, the response priority of each adjudication query component can be customized according to actual business needs.
[0075] Figures 2 to 4 This is a flowchart illustrating a terminal networking method in one embodiment. It should be understood that, although... Figures 2 to 4 The steps in the flowchart are shown sequentially as indicated by the arrows, but these steps are not necessarily executed in the order indicated by the arrows. Unless otherwise specified herein, there is no strict order in which these steps are executed, and they can be performed in other orders. Figures 2 to 4 At least some of the steps in the process may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these sub-steps or stages is not necessarily sequential, but can be executed in turn or alternately with other steps or at least some of the sub-steps or stages of other steps.
[0076] In one embodiment, such as Figure 1 As shown, a terminal networking system is provided, including:
[0077] The smart terminal 110 is used to generate a current trust report based on the detected business data request, and send the current trust report to the adjudication server 131 through the report transmission channel;
[0078] The boundary device 120 is used to control the on / off state of the data transmission channel between the smart terminal 110 and the service server 132 based on the service data request from the smart terminal 110 and the status decision result corresponding to the smart terminal 110 from the decision server 131.
[0079] The adjudication server 131 is used to receive the current trusted report corresponding to the smart terminal 110 through the report transmission channel, generate the corresponding status adjudication result according to the current trusted report, and send the status adjudication result to the boundary device 120.
[0080] The service server 132 is used to provide the target service data corresponding to the service data request to the smart terminal 110 through the data transmission channel when the data transmission channel is connected.
[0081] In one embodiment, such as Figure 6 As shown, the smart terminal 110 specifically includes:
[0082] The report acquisition module 510 is used to acquire the current trusted report corresponding to the smart terminal 110 when a business data request is detected, wherein the business data request is used to acquire target business data from the business server 132;
[0083] The report sending module 520 is used to send the current trust report to the adjudication server 131 through the report transmission channel. The adjudication server 131 is used to send the status adjudication result corresponding to the smart terminal 110 to the border device 120 according to the current trust report. The status adjudication result is used to indicate the security and trust level of the smart terminal 110. The border device 120 is used to control the on / off state of the data transmission channel between the smart terminal 110 and the service server 132 according to the status adjudication result corresponding to the smart terminal 110.
[0084] The data acquisition module 530 is used to acquire the target service data through the data channel when the on / off state is connected.
[0085] In one embodiment, the report acquisition module 510 is further configured to:
[0086] Upon detecting a business data request, the current dynamic measurement information and current static measurement information corresponding to the smart terminal 110 are obtained;
[0087] The current trust report is generated based on the current dynamic measurement information and the current static measurement information.
[0088] In one embodiment, the report acquisition module 510 is further configured to:
[0089] Generate current trusted information based on the current dynamic measurement information and the current static measurement information;
[0090] The current trusted information is signed to generate the current trusted report.
[0091] In one embodiment, the report acquisition module 510 is further configured to:
[0092] The currently trusted information is signed to generate a signature trust report;
[0093] The signature trust report is encrypted to obtain the current trust report.
[0094] In one embodiment, such as Figure 7 As shown, the boundary device 120 specifically includes:
[0095] The result acquisition module 610 is used to acquire the status adjudication result corresponding to the smart terminal 110;
[0096] The network control module 620 is used to control the on / off status of the data transmission channel between the smart terminal 110 and the business server 132 according to the status adjudication result.
[0097] In one embodiment, such as Figure 8 As shown, the adjudication server 131 specifically includes:
[0098] The adjudication module 710 is used to generate a corresponding status adjudication result based on the current trust report received from the smart terminal 110, wherein the status adjudication result is used to indicate the security and trustworthiness level of the smart terminal 110.
[0099] The adjudication sending module 720 is used to send the status adjudication result to the boundary device 120, wherein the status adjudication result is used to indicate the security and trustworthiness level of the smart terminal 110, and the boundary device 120 is used to control the on / off status of the data transmission channel between the smart terminal 110 and the service server 132 according to the status adjudication result corresponding to the smart terminal 110.
[0100] In one embodiment, the adjudication module 710 is further configured to:
[0101] Upon receiving a current trusted report from the smart terminal 110, the current trusted report is decrypted to obtain a signed trusted report;
[0102] The signature trust report is verified to obtain the signature verification result;
[0103] If the signature verification result is successful, the status adjudication result is generated based on the matching results between the values of each metric parameter in the signature trust report and the corresponding benchmark values.
[0104] In one embodiment, the adjudication module 710 is further configured to:
[0105] When multiple current trust reports are received from different smart terminals 110, a corresponding status decision result is generated according to the response priority of each smart terminal 110 based on the current trust reports of the different smart terminals 110.
[0106] Figure 9 An internal structural diagram of a computer device in one embodiment is shown. Specifically, this computer device may be... Figure 1 The intelligent terminal 110 in the middle. For example Figure 9As shown, the computer device includes a processor, memory, network interface, input system, and display screen connected via a system bus. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores an operating system and may also store computer programs. When executed by the processor, these programs enable the processor to implement terminal networking methods. The internal memory may also store computer programs, which, when executed by the processor, enable the processor to implement terminal networking methods. The display screen can be an LCD screen or an e-ink screen. The input system can be a touch layer covering the display screen, buttons, a trackball, or a touchpad mounted on the computer device's casing, or an external keyboard, touchpad, or mouse.
[0107] Those skilled in the art will understand that Figure 9 The structure shown is merely a block diagram of a portion of the structure related to the present application and does not constitute a limitation on the computer device to which the present application is applied. Specific computer devices may include more or fewer components than those shown in the figure, or combine certain components, or have different component arrangements.
[0108] In one embodiment, the terminal networking system provided in this application can be implemented as a computer program, and the computer program can be implemented in the form of, for example... Figure 9 The computer device shown is running the program. The computer device's memory can store the various program modules that make up the terminal's network system, for example... Figure 6 The report acquisition module 510, report sending module 520, and data acquisition module 530 are shown. The computer program comprised of these modules causes the processor to execute the steps of the terminal networking methods described in the various embodiments of this application.
[0109] Figure 9 The computer equipment shown can be used as follows Figure 6The report acquisition module 510 in the smart terminal 110, upon detecting a business data request, acquires a current trusted report corresponding to the smart terminal 110, wherein the business data request is for obtaining target business data from the business server 132. The computer device can send the current trusted report to the adjudication server 131 via a report transmission channel through the report sending module 520. The adjudication server 131, based on the current trusted report, sends a status adjudication result corresponding to the smart terminal 110 to the boundary device 120. The status adjudication result indicates the security and trustworthiness level of the smart terminal 110. The boundary device 120, based on the status adjudication result corresponding to the smart terminal 110, controls the connectivity of the data transmission channel between the smart terminal 110 and the business server 132. The computer device can acquire the target business data via the data channel through the data acquisition module 530 when the connectivity status is active.
[0110] In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the method described in any of the above embodiments.
[0111] In one embodiment, a computer-readable storage medium is provided having a computer program stored thereon, which, when executed by a processor, implements the method described in any of the above embodiments.
[0112] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The program can be stored in a non-volatile computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. Any references to memory, storage, databases, or other media used in the embodiments provided in this application can include non-volatile and / or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double-rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous link DRAM (SLDRAM), RAMbus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and RAMbus dynamic RAM (RDRAM), etc.
[0113] It should be noted that, in this document, relational terms such as "first" and "second" are used merely to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or smart terminal 110 that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such process, method, article, or smart terminal 110. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or smart terminal 110 that includes said element.
[0114] The above description is merely a specific embodiment of the present invention, enabling those skilled in the art to understand or implement the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention is not to be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features claimed herein.
Claims
1. A terminal networking system, characterized in that, The terminal networking system includes: A smart terminal is used to generate a current trusted report based on detected business data requests, and send the current trusted report to an adjudication server through a report transmission channel. The business data request is a data request initiated by any business application within the smart terminal to the business server. The report transmission channel is a normally open communication channel. The process of obtaining the current trusted report includes: upon detecting a business data request, obtaining the current dynamic measurement information and current static measurement information corresponding to the smart terminal. Static measurement information refers to the results of pre-boot integrity checks and legality verifications of the smart terminal's operating system image, kernel driver, services, and applications. Dynamic measurement information refers to the results of runtime integrity checks and legality verifications of the smart terminal's operating system call table, important file system data structures, important network system data structures, kernel code segments, and application code segments. The current trusted report is generated based on the current dynamic measurement information and the current static measurement information. A boundary device is used to control the connectivity status of the data transmission channel between the smart terminal and the business server based on the business data request from the smart terminal and the status adjudication result corresponding to the smart terminal from the adjudication server. When the status adjudication result is secure and reliable, the boundary device controls the connectivity status of the data transmission channel to be connected; when the status adjudication result is abnormal and unreliable, the boundary device controls the connectivity status of the data transmission channel to be disconnected. The adjudication server is configured to receive the current trusted report corresponding to the smart terminal through the report transmission channel, generate a corresponding status adjudication result based on the current trusted report, and send the status adjudication result to the boundary device. A service server is used to provide the target service data corresponding to the service data request to the smart terminal through the data transmission channel when the data transmission channel is connected.
2. A terminal networking method, characterized in that, Applied to smart terminals, the method includes: Upon detecting a business data request, obtain the current trusted report corresponding to the smart terminal. The business data request is used to obtain target business data from the business server. The business data request is a data request initiated by any business application in the smart terminal to the business server. The current trust report is sent to the adjudication server via a report transmission channel. The adjudication server, based on the current trust report, sends a status adjudication result corresponding to the smart terminal to the edge device. This status adjudication result indicates the security and trustworthiness level of the smart terminal. The edge device, based on the status adjudication result corresponding to the smart terminal, controls the connectivity of the data transmission channel between the smart terminal and the service server. The report transmission channel is a normally open communication channel. When the status adjudication result is secure and trustworthy, the edge device controls the data transmission channel to be connected; when the status adjudication result is abnormal and untrustworthy, the edge device controls the data transmission channel to be disconnected. When the connectivity state is connected, the target service data is obtained through the data transmission channel; The step of obtaining the current trusted report corresponding to the smart terminal when a business data request is detected includes: Upon detecting a business data request, the system obtains the current dynamic measurement information and the current static measurement information corresponding to the smart terminal. The static measurement information refers to the results of pre-boot integrity checks and legality verifications performed on the smart terminal's operating system image, kernel driver, services, and applications. The dynamic measurement information refers to the results of runtime integrity checks and legality verifications performed on the smart terminal's operating system call table, important file system data structures, important network system data structures, kernel code segments, and application code segments. The current trust report is generated based on the current dynamic measurement information and the current static measurement information.
3. The method according to claim 2, characterized in that, The step of generating the current trust report based on the current dynamic measurement information and the current static measurement information includes: Generate current trusted information based on the current dynamic measurement information and the current static measurement information; The current trusted information is signed to generate the current trusted report.
4. The method according to claim 3, characterized in that, The step of signing the current trusted information and generating the current trusted report includes: The currently trusted information is signed to generate a signature trust report; The signature trust report is encrypted to obtain the current trust report.
5. A terminal networking method, characterized in that, Applied to boundary devices, the method includes: The status adjudication result corresponding to the smart terminal is obtained through the adjudication server, wherein the smart terminal is used to implement the terminal networking method as described in any one of claims 2-4; The boundary device controls the connectivity of the data transmission channel between the smart terminal and the service server based on the status adjudication result. When the status adjudication result is secure and trustworthy, the boundary device controls the connectivity of the data transmission channel to be connected. When the status adjudication result is abnormal and untrustworthy, the boundary device controls the connectivity of the data transmission channel to be disconnected. When the connectivity of the data transmission channel is connected, the service server provides the target service data corresponding to the service data request to the smart terminal through the data transmission channel.
6. A terminal networking method, characterized in that, Applied to an adjudication server, the method includes: Upon receiving a current trust report from a smart terminal, a corresponding status decision result is generated based on the current trust report, wherein the status decision result is used to indicate the security and trustworthiness level of the smart terminal; The status decision result is sent to the boundary device, wherein the status decision result is used to indicate the security and trustworthiness level of the smart terminal, the boundary device is used to control the connection and disconnection status of the data transmission channel between the smart terminal and the business server according to the status decision result corresponding to the smart terminal, the boundary device is used to implement the terminal networking method as described in claim 5, and the smart terminal is used to implement the terminal networking method as described in any one of claims 2-4.
7. The method according to claim 6, characterized in that, Upon receiving a current trust report from the smart terminal, generating a corresponding state decision result based on the current trust report includes: Upon receiving a current trusted report from a smart terminal, the current trusted report is decrypted to obtain a signed trusted report. The signature trust report is verified to obtain the signature verification result; If the signature verification result is successful, the status adjudication result is generated based on the matching results between the values of each metric parameter in the signature trust report and the corresponding benchmark values.
8. The method according to claim 6, characterized in that, Upon receiving a current trust report from the smart terminal, generating a corresponding state decision result based on the current trust report includes: When multiple current trust reports are received from different smart terminals, a corresponding status decision result is generated sequentially based on the response priority of each smart terminal according to the current trust reports from the different smart terminals.
9. A computer device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 2 to 8.
10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 2 to 8.