Data processing method and device based on trusted execution environment, equipment and medium
By deploying a key escrow client in a trusted execution environment and combining a threshold signature strategy with blockchain technology, the key storage security problem in centralized key escrow schemes is solved, achieving reliability and security of transaction signatures.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TENCENT TECHNOLOGY (SHENZHEN) CO LTD
- Filing Date
- 2023-04-27
- Publication Date
- 2026-06-09
Smart Images

Figure CN118862178B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of computer technology, and in particular to a data processing method, apparatus, device, and medium based on a trusted execution environment. Background Technology
[0002] Currently, for business terminals (e.g., user terminals) that integrate resource management clients, the key storage schemes used are mostly centralized key escrow schemes. Specifically, this centralized key escrow scheme means that business objects (e.g., user A and user B) will store their keys in a single point (or centrally) in the escrow device corresponding to a third-party escrow provider through their respective business terminals (e.g., user terminals).
[0003] In practice, the inventors discovered that, for the aforementioned centralized key escrow scheme, when a user (e.g., user A) needs to use their own key (e.g., key Y) to sign a transaction (e.g., transaction Tx1) they have obtained, they can directly use user A's key (e.g., key Y) stored on the escrow device to sign the transaction when user A accesses the resource management client. The signed transaction information can then be returned to the resource management client accessed by user A. However, since the escrow device is used to store keys from different users at a single point (or centrally), if an unauthorized user illegally accesses the escrow device corresponding to the third-party escrow provider, it will cause a mass loss of keys stored on that device. Therefore, for the resource management client corresponding to user A, it will be difficult to determine whether user A's key used in the signing process of transaction Tx1 is a legitimate key. In other words, the currently used centralized key escrow scheme cannot guarantee the security of user keys held by a third party. Summary of the Invention
[0004] This application provides a data processing method, apparatus, device, and medium based on a trusted execution environment, which can ensure the security of key fragments stored in different devices used in the transaction signing process, thereby improving the reliability of transaction on-chain.
[0005] This application provides, in one aspect, a data processing method based on a trusted execution environment, which is executed by a resource management client and includes:
[0006] When a business object accesses the resource management client through object access data information, it performs remote authentication on the key escrow client deployed in the trusted execution environment. When the remote authentication is successful, it obtains the first communication key negotiated with the key escrow client and uses the first communication key to encrypt the object access data information to obtain the object data encrypted information.
[0007] When a transaction to be signed is received from a business object, the object data encryption information and the transaction to be signed are sent to the key custody client based on the first threshold signature policy corresponding to the transaction to be signed. This allows the key custody client to decrypt the object access data information based on the first communication key, and to authenticate the business object through the object access data information. When the authentication is successful, the transaction to be signed is remotely signed by fragmenting the custody key stored in the key custody client, and the remote signature information of the transaction to be signed is obtained.
[0008] Upon receiving the remote signature information of the transaction returned by the key escrow client, the first key fragment of the business object is obtained by decrypting the object access data information. The transaction to be signed is then processed locally using the first key fragment to obtain the local signature information of the transaction to be signed.
[0009] Based on the remote signature information and local signature information of the transaction, the first cumulative signature count of the transaction to be signed is determined. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node can write the signed transaction into the blockchain.
[0010] This application provides, in one aspect, a data processing method based on a trusted execution environment, executed by a key escrow client deployed in a trusted execution environment. The method includes:
[0011] The system receives encrypted object data information and the transaction to be signed from the resource management client based on the first threshold signature policy corresponding to the transaction to be signed. The encrypted object data information is obtained by the resource management client after encrypting the object access data information using the first communication key. The first communication key is obtained by the resource management client in consultation with the key escrow client when the remote authentication is successful. The object access data information is entered when the business object accesses the resource management client.
[0012] Based on the first communication key, the object access data information is decrypted and used to authenticate the business object. When the authentication is successful, the transaction to be signed is remotely signed by the escrow key stored in the key escrow client, and the remote signature information of the transaction to be signed is obtained.
[0013] The remote signature information of the transaction is sent to the resource management client so that when the resource management client decrypts the data information of the access object to obtain the first key fragment of the business object, it performs local signature processing on the transaction to be signed through the first key fragment to obtain the transaction local signature information of the transaction to be signed. Based on the transaction remote signature information and the transaction local signature information, the resource management client determines the first cumulative signature number of the transaction to be signed. When the first cumulative signature number reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain and sent to the blockchain node.
[0014] One embodiment of this application provides a data processing device based on a trusted execution environment, the device running on a resource management client, including:
[0015] The remote authentication module is used to remotely authenticate the key hosting client deployed in the trusted execution environment when a business object accesses the resource management client through object access data information. When the remote authentication is successful, the module obtains the first communication key negotiated with the key hosting client and uses the first communication key to encrypt the object access data information to obtain the encrypted object data information.
[0016] The transaction sending module is used to send the encrypted object data information and the transaction to be signed to the key escrow client based on the first threshold signature policy corresponding to the transaction to be signed when it receives the transaction to be signed from the business object. The key escrow client decrypts the object access data information based on the first communication key, and uses the object access data information to authenticate the business object. When the authentication is successful, the key escrow client uses the escrow key stored in the key escrow client to perform remote signing processing on the transaction to be signed, and obtains the remote signature information of the transaction to be signed.
[0017] The local signature processing module is used to decrypt the first key fragment of the business object using the object access data information when it receives the remote signature information of the transaction returned by the key escrow client. The first key fragment is then used to perform local signature processing on the transaction to be signed to obtain the local signature information of the transaction to be signed.
[0018] The transaction on-chain module is used to determine the first cumulative signature count of the transaction to be signed based on the remote signature information and the local signature information of the transaction. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is sent as a signed transaction to be written into the blockchain, so that the blockchain node can write the signed transaction into the blockchain.
[0019] Optionally, the device further includes:
[0020] The registration information lookup module is used to search for object registration data information that matches the object access data information in the registration business database associated with the resource management client when the object access data information is obtained from the business object, and to obtain the data information lookup results.
[0021] If the data search result indicates that object registration data matching the object access data is found in the registration access module, then the business object is determined to be a registered object with access permissions, and the registered business object is allowed to access the resource management client.
[0022] Optionally, the device also includes:
[0023] The prompt generation module is used to determine that the business object is an unregistered object if the data information search result indicates that no object registration data information matching the object access data information is found, and to generate a prompt message to indicate that the access to the business object has failed.
[0024] The object registration data includes the registration password and biometric information entered by the business object when requesting to register with the resource management client;
[0025] The registration information search module includes:
[0026] The access information acquisition unit is used to acquire object access data information entered by the business object in the request access resource management client;
[0027] The matching unit is used to search for the registration password information that matches the access password information in the registration business database associated with the resource management client when the object access data information includes access password information and access biometric information, and to search for the registration biometric information that matches the access biometric information in the registration database.
[0028] The first search and determination unit is used to determine that if a registration password information matching the access password information is found in the business database, and a registration biometric information matching the access biometric information is found, then the object registration data information matching the object access data information is found in the registration business database.
[0029] The second search and determination unit is used to determine that no object registration data information matching the object access data information is found in the registration business database if no registration password information matching the access password information is found in the business database, or no registration biometric information matching the access biometric information is found in the business database, and to take the search result of no object registration data information matching the object access data information as the information search failure result.
[0030] The search result determination unit is used to determine whether the information search is successful or unsuccessful as the data information search result.
[0031] The remote authentication module includes:
[0032] The access authentication unit is used to obtain the object access data information of the business object. When it is determined that the business object has the access permission to access the resource management client based on the object access data information, the business object is allowed to access the resource management client based on the access permission. The object access data information includes the access password information entered by the business object when accessing the resource management client.
[0033] The remote authentication unit is used to remotely authenticate the key hosting client deployed in the trusted execution environment through the resource management client and obtain the remote authentication result;
[0034] The authentication success determination unit is used to determine that the remote authentication is successful when the remote authentication result indicates that the trusted execution environment is a secure execution environment and the key escrow client is a trusted client in the secure execution environment;
[0035] The information encryption processing unit is used to obtain the first communication key negotiated with the key hosting client during remote authentication when the remote authentication is successful, and to encrypt the access password information in the object access data information using the first communication key, and to use the encrypted access password information as the object data encryption information of the business object.
[0036] Among them, the object access data information includes the access biometric information recorded by the business object when accessing the resource management client;
[0037] The information encryption processing unit is specifically used to encrypt the access biometric information in the object access data information using the first communication key, and to use the encrypted access biometric information as the object data encryption information of the business object.
[0038] Specifically, the remote authentication unit is used to generate a first random number for remote authentication. When generating a first communication key pair for data communication, it uses the first random number and the first communication public key in the first communication key pair as request parameters, and generates a request to send a first remote authentication request to a key hosting client deployed in a trusted execution environment based on the request parameters.
[0039] The remote authentication unit is further configured to send a first remote authentication request to a key escrow client, so that the key escrow client generates a second communication key pair based on the first remote authentication request, and uses the second communication public key in the second communication key pair and the first random number in the received remote authentication request as report parameters to generate a local verification report carrying the report parameters; the local verification report is used to instruct the local platform authentication signature component associated with the trusted execution environment to perform local verification on the local verification report, and when the local verification is successful, generate a remote escrow authentication signature report corresponding to the local verification report;
[0040] The remote authentication unit is also specifically used to receive the remote hosting authentication signature report returned by the local platform authentication signature component, obtain the hosting environment authentication report provided by the remote authentication server, determine the trusted execution environment as a secure execution environment when the remote hosting authentication signature report is determined to be a valid authentication report based on the hosting environment authentication report, and obtain the remote hosting review authentication report obtained by multiple review agencies after reviewing the key hosting client from the trusted client audit platform associated with the resource management client.
[0041] The remote authentication unit is also specifically used to compare the key report parameters in the remote hosting review and authentication report with the key report parameters in the remote hosting authentication signature report. When the parameter comparison is successful, the remote authentication success result is determined to be the key hosting client deployed in the secure execution environment as a trusted client, and the remote authentication success result is used as the remote authentication result.
[0042] The resource management client stores the registration symmetric key and the first encryption key fragment corresponding to the first key fragment in its resource management memory. The registration symmetric key is generated by the registration biometric information provided by the business object when registering with the resource management client. The first encryption key fragment is obtained by encrypting the first key fragment with the registration symmetric key when the business object is a registered object.
[0043] The local signature processing module includes:
[0044] The biometric acquisition unit is used to obtain the access biometric information provided by the business object when accessing the resource management client from the object access data information based on the online fragmentation encryption strategy in the object registration strategy when receiving the transaction remote signature information returned by the key escrow client.
[0045] The access key generation unit is used to generate an access symmetric key by accessing biometric information and to obtain the registration symmetric key and the first encryption key fragment from the resource management memory.
[0046] The key fragment decryption unit is used to decrypt the first encrypted key fragment by using the access registration key that matches the registered object key when it is determined that the registered object key matches the access registration key, and restore the first key fragment corresponding to the first encrypted key fragment.
[0047] The local signature information determination unit is used to perform local signature processing on the transaction to be signed by fragmenting the first key, so as to obtain the local signature information of the transaction to be signed.
[0048] The on-chain transaction module includes:
[0049] The signature count accumulation unit is used to accumulate the first signature count of remote signature information and local signature information of a transaction based on a first threshold signature strategy, and to use the accumulated first signature count as the first accumulated signature count of the transaction to be signed.
[0050] The aggregated signature unit is used to aggregate the remote signature information and the local signature information of the transaction based on the first threshold signature strategy when the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, to obtain the first aggregated signature information of the transaction to be signed, and to regard the transaction to be signed as a signed transaction to be written into the blockchain based on the first aggregated signature information.
[0051] The aggregate signature sending unit is used to send the signed transaction and the first aggregate signature information to the blockchain node, so that the blockchain node can perform aggregate signature verification on the signed transaction based on the global aggregate public key carried in the first aggregate signature information, and write the signed transaction into the blockchain maintained by the blockchain node when the aggregate signature verification is successful; the global aggregate public key is obtained by aggregating the public key carried in the remote signature information and the public key carried in the local signature information.
[0052] Optionally, a log recording client independent of the key escrow client is deployed in the trusted execution environment; when the log recording client is a trusted client, the log recording client is used to generate signature record flow information corresponding to the remote signature information of the transaction based on the log signature key when it receives the remote signature information of the transaction sent by the key escrow client, and add the signature record flow information to the trusted log memory corresponding to the log recording client.
[0053] The device also includes:
[0054] The log review report acquisition module is used to obtain the remote log review certification report obtained by multiple review agencies after reviewing the log recording client from the trusted client auditing platform associated with the resource management client. Based on the log signature key carried in the remote log review certification report, the module generates a first signature query request for signing the transaction to be signed.
[0055] The log entry information lookup module is used to send the first signature query request to the log recording client, so that the log recording client can look up the signature record log entry information in the trusted log memory based on the log signature key carried in the first signature query request.
[0056] The remote signature confirmation module is used to receive the first search result of the signature record flow information found in the trusted log memory returned by the log recording client through the resource management client, and determine the key escrow client to participate in the remote signature processing of the transaction to be signed when the first threshold signature policy is applied based on the signature record flow information in the first search result.
[0057] The device also includes:
[0058] The log authentication report acquisition module is used to receive a remote log authentication signature report sent by the local platform authentication signature component associated with the trusted execution environment when performing remote authentication to the log recording client.
[0059] The execution environment verification module is used to obtain the log environment verification report provided by the remote authentication server for the trusted execution environment. When the log environment verification report confirms that the remote log authentication signature report is a valid verification report, the trusted execution environment is determined to be a secure execution environment. The module also obtains the remote log review verification report obtained by multiple review agencies after reviewing the log recording client from the trusted client auditing platform associated with the resource management client.
[0060] The execution environment verification module is also used to compare the key report parameters in the remote log review and authentication report with the key report parameters in the remote log authentication and signature report, and when the parameter comparison is successful, it determines that the log recording client deployed in the secure execution environment is a trusted client.
[0061] Optionally, the resource management client runs on the first business terminal, and the business terminal associated with the business object includes a second business terminal; the second business terminal is an offline terminal independent of the first business terminal; the second business terminal is used to record the second key fragment of the business object;
[0062] The device also includes:
[0063] The data code acquisition module is used to determine that the key escrow client is currently offline when remote authentication fails. When a transaction to be signed is received from a business object, the module acquires the transaction signature data code of the transaction to be signed displayed on the second business terminal based on the second threshold signature strategy corresponding to the transaction to be signed. The transaction signature data code is generated by the second business terminal for the first type of signature information of the transaction to be signed. The first type of signature information is obtained by the second business terminal after performing the first signature processing on the transaction to be signed through the second key fragment.
[0064] The offline signature parsing module is used to parse the obtained transaction signature data code to obtain the first type of signature information carried in the transaction signature data code;
[0065] The first key fragment decryption module is used to perform second signature processing on the transaction to be signed by the first key fragment when the first key fragment of the business object is obtained by decrypting the data information of the access object;
[0066] The signature count accumulation module is used to determine the second cumulative signature count of the transaction to be signed based on the first type of signature information and the second type of signature information. When the second cumulative signature count reaches the cumulative signature threshold indicated by the second threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node can write the signed transaction into the blockchain.
[0067] Optionally, the device further includes:
[0068] The signature query request generation module is used to obtain the remote log review certification report obtained by multiple review agencies after reviewing the log recording client from the client review platform associated with the resource management client, and generate a second signature query request for signing the transaction to be signed based on the log signature key carried in the remote log review certification report.
[0069] The signature query request sending module is used to send the second signature query request to the log recording client, so that the log recording client can search for the signature record flow information for the transaction to be signed in the trusted log memory of the log recording client based on the log signature key carried in the signature query request.
[0070] The search result determination module is used to receive a second search result returned by the log recording client from the resource management client, indicating that no signature record flow information was found in the trusted log memory. Based on the second search result, it is determined that the key escrow client did not participate in the remote signing process of the transaction to be signed under the second threshold signature policy.
[0071] Optionally, before the business object accesses the resource management client through object access data information, the remote authentication module is also used to register the business object with the resource management client through the object registration data information provided by the business object when the business object is an unregistered object, and after storing the object registration data information in the registration business database when the object registration is successful, remotely authenticate the key hosting client deployed in the trusted execution environment through the resource management client, and obtain the second communication key negotiated with the key hosting client when the remote authentication is successful;
[0072] The remote authentication module is also used to encrypt the registration password information in the object registration data information using the second communication key, so as to obtain the encrypted registration password information corresponding to the registration password information;
[0073] The remote authentication module is also used to send the encrypted registration password information to the key hosting client, so that the key hosting client can decrypt the encrypted registration key information using the second communication key obtained through negotiation with the resource management client, restore the registration password information, and store the restored registration password information in the trusted hosting memory of the key hosting client. The registration password information stored in the trusted hosting memory of the key hosting client is used to remotely authenticate the access password information in the obtained object access data information, and when the remote authentication is successful, the authorized business object calls the managed key fragment.
[0074] This application provides, in one aspect, a data processing apparatus based on a trusted execution environment. The apparatus runs on a key escrow client, which is deployed within the trusted execution environment, and includes:
[0075] The transaction receiving module is used to receive object data encryption information and the transaction to be signed sent by the resource management client based on the first threshold signature policy corresponding to the transaction to be signed. The object data encryption information is obtained by the resource management client after encrypting the object access data information using the first communication key. The first communication key is negotiated between the resource management client and the key hosting client when the remote authentication of the key hosting client deployed in the trusted execution environment is successful. The object access data information is entered when the business object accesses the resource management client.
[0076] The remote signature processing module is used to decrypt object access data information based on the first communication key, authenticate the business object through the object access data information, and when the authentication is successful, remotely sign the transaction to be signed by fragmenting the escrow key stored in the key escrow client to obtain the remote signature information of the transaction to be signed.
[0077] The remote signature information sending module is used to send remote signature information of transactions to the resource management client. This allows the resource management client to perform local signature processing on the transaction to be signed by decrypting the data information of the business object. The local signature information of the transaction to be signed is obtained by the first key fragment of the business object through the first key fragment. Based on the remote signature information and the local signature information, the resource management client determines the first cumulative signature count of the transaction to be signed. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain and sent to the blockchain node.
[0078] One aspect of this application provides a computer device, including a memory and a processor. The memory is connected to the processor, the memory is used to store computer programs, and the processor is used to call the computer programs so that the computer device executes the method provided in one aspect of this application.
[0079] One aspect of this application provides a computer-readable storage medium storing a computer program adapted to be loaded and executed by a processor, so that a computer device having a processor performs the method provided in one aspect of this application.
[0080] According to one aspect of this application, a computer program product or computer program is provided, comprising computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the method provided in the above aspect.
[0081] In this embodiment, when a business object accesses a resource management client via object access data information, the resource management client remotely authenticates a key escrow client deployed in a trusted execution environment. Upon successful remote authentication, the resource management client obtains a first communication key negotiated with the key escrow client. This first communication key is then used to encrypt the object access data information, resulting in encrypted object data. Furthermore, when the resource management client receives a transaction to be signed from a business object, it sends the encrypted object data and the transaction to be signed to the key escrow client based on a first threshold signature policy corresponding to the transaction. The key escrow client then decrypts the transaction using the first communication key to obtain the object access data information. This object access data information is then used to authenticate the business object. Upon successful authentication... The escrow key fragments stored in the key escrow client are used to remotely sign transactions to obtain the remote signature information of the transactions to be signed. Furthermore, when the resource management client receives the remote signature information returned by the key escrow client, it can decrypt the first key fragment of the business object using object access data information. The first key fragment is then used to locally sign the transactions to be signed, obtaining the local signature information of the transactions to be signed. Therefore, this embodiment of the application, by deploying key fragments on different client terminals (e.g., the first key fragment can be encrypted and stored on the resource management client, and the escrow key fragment can be stored on the key escrow client deployed in a trusted execution environment), can ensure the security of key storage, thereby improving the reliability of transaction signing during the transaction signing process. For example, by deploying the key escrow client in a trusted execution environment, this embodiment of the application can fundamentally solve the problem of illegal leakage of escrow key fragments caused by the loss of key escrow devices held by third-party escrow providers. By encrypting the storage of the write-on key fragments, it can also prevent the illegal leakage of the first key fragment due to the loss of the user's business terminal. Finally, this embodiment of the application can determine the first cumulative signature count of the transaction to be signed based on the remote signature information and the local signature information of the transaction. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node can write the signed transaction into the blockchain. In other words, by using a threshold signature strategy (here referring to a strategy in which users and third-party custodians can jointly participate in collaborative signing), this embodiment of the application can rely on multiple signature information that reach the cumulative signature threshold (e.g., 2) to determine the current transaction (i.e., the transaction to be signed) as a signed transaction, and then write the signed transaction into the blockchain through the blockchain node to ensure the reliability of the transaction on the chain. Attached Figure Description
[0082] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0083] Figure 1 This is a schematic diagram of a system architecture provided in an embodiment of this application;
[0084] Figure 2 This is a schematic diagram of a data interaction scenario provided in an embodiment of this application;
[0085] Figure 3 This application provides a data processing method based on a trusted execution environment.
[0086] Figure 4 This is a schematic diagram of a scenario for remote authentication provided in an embodiment of this application;
[0087] Figure 5 This is a schematic diagram of a user registration process provided in an embodiment of this application;
[0088] Figure 6 This is an interactive sequence diagram provided in an embodiment of this application for the development, review, and installation of a resource management client;
[0089] Figure 7 This is an interactive sequence diagram provided in an embodiment of this application for developing, reviewing, installing, and remotely authenticating trusted applications;
[0090] Figure 8 This is a flowchart illustrating a data processing method based on a trusted execution environment provided in this application;
[0091] Figure 9 This is an interactive flowchart of a remote authentication process provided in an embodiment of this application;
[0092] Figure 10 This is a schematic diagram illustrating a scenario for performing multi-party threshold signatures, provided in an embodiment of this application.
[0093] Figure 11 This is a schematic diagram illustrating a scenario for searching signature record transaction information provided in an embodiment of this application;
[0094] Figure 12 This is a flowchart of a data processing method based on a trusted execution environment provided in an embodiment of this application;
[0095] Figure 13This is a schematic diagram of the structure of a data processing device based on a trusted execution environment provided in this application;
[0096] Figure 14 This is a schematic diagram of the structure of a data processing device based on a trusted execution environment provided in this application;
[0097] Figure 15 This is a schematic diagram of the structure of a computer device provided in this application;
[0098] Figure 16 This is a schematic diagram of a data processing system based on a trusted execution environment provided in an embodiment of this application. Detailed Implementation
[0099] The technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. Based on the embodiments of this application, all other embodiments obtained by those of ordinary skill in the art without creative effort are within the scope of protection of this application.
[0100] 1. Trusted Execution Environment (TEE): A Trusted Execution Environment is a secure area built on a computing platform using hardware and software methods. It ensures the confidentiality and integrity of code and data loaded within this secure area. Its goal is to ensure a task executes as expected, guaranteeing the security and integrity of its initial state and runtime state. In essence, a Trusted Execution Environment can be understood as a hardware-based technology for protecting data and algorithms. It is an isolated environment between the processor and memory, where only the Central Processing Unit (CPU) can access applications within the Trusted Execution Environment. Access from other layers (such as other hardware, the kernel, other applications, etc.) is blocked by the CPU. For ease of understanding, this application embodiment refers to applications deployed and running in a Trusted Execution Environment as trusted clients or trusted applications.
[0101] It is understood that in the embodiments of this application, both the server providing key escrow services and the server providing signature record query services run in a Trusted Execution Environment (TEE). It should be understood that the server providing key escrow services and the server providing signature record query services involved in the embodiments of this application can be the same server or different servers; this will not be limited here.
[0102] For ease of understanding, this example uses the same server as both the server providing key escrow services and the server providing signature record query services. In this case, the embodiments of this application can collectively refer to both the server providing key escrow services and the server providing signature record query services as a business service device. Therefore, the trusted clients (i.e., trusted applications) deployed in the trusted execution environment (TEE) of the same business service device can at least include key escrow clients and log recording clients.
[0103] The key escrow client can be used to provide key escrow services. For example, in this embodiment, the key escrow service provided by the key escrow client can be used to store a portion of the key fragments (also called local key fragments, for example, managed key fragments) requested by a business object (e.g., user A) to be managed in the trusted escrow memory of the key escrow client, thereby ensuring the storage security of the portion of the key fragments (i.e., managed key fragments) stored in the trusted escrow memory of the key escrow client. It should be understood that in this embodiment, the trusted escrow memory allocated for storing managed key fragments for a business object (e.g., user A) in the business service device can be called the user private area for this business object (e.g., user A). Therefore, the managed key fragments stored in the user private area are only visible to the CPU used to access the key escrow client, and are not visible to the key escrow object (i.e., the third-party escrow party) corresponding to the business service device itself. This means that the managed key fragments themselves cannot be called by any process or software other than the CPU that can access the key escrow client. In other words, the managed key fragment stored in the trusted managed memory of the key escrow client can resist the snooping or modification of any other software (such as privileged software OS, BIOS, VMM, etc.), thus ensuring the security and reliability of the managed key fragment stored in the trusted execution environment from the root.
[0104] The log recording client can be used to provide a signature record query service. For example, in this embodiment, the signature record query service provided by the log recording client can be used to query whether there is transaction log information after the aforementioned business service device has signed a certain transaction (e.g., Tx1). For ease of understanding, in this embodiment, the transaction log information after signing a certain transaction (e.g., Tx1) through the log recording client can be collectively referred to as signature record transaction information or transaction log. It is understood that the business service device can provide a signature self-verification function through the signature record transaction information (or transaction log) for a certain transaction (e.g., Tx1) stored in the trusted log memory of the running log recording client. In other words, if the trusted log memory contains the signature record (or transaction log) of this transaction (e.g., Tx1), it is determined that the key escrow object (i.e., the third-party escrow party) corresponding to the service device has indeed performed transaction signing processing on this transaction (e.g., Tx1) through the aforementioned escrow key shard (i.e., the third-party escrow party participated in the signing of this transaction); conversely, if the trusted log memory does not contain the signature record (or transaction log) of this transaction (e.g., Tx1), it can be determined that the key escrow object (i.e., the third-party escrow party) corresponding to the service device has not performed transaction signing processing on this transaction (e.g., Tx1) through the aforementioned escrow key shard (i.e., the third-party escrow party did not participate in the signing of this transaction). Similarly, the signature record log information (or transaction log) stored in the trusted log memory of the logging client can also resist the snooping or modification of any other software (such as privileged software OS, BIOS, VMM, etc.). This can ensure the security and reliability of the signature record log information (or transaction log) stored in the trusted execution environment from the source, so as to provide the aforementioned third-party custodian with an effective signature self-verification function through the secure and reliable signature record log information (or transaction log).
[0105] For ease of understanding, the execution environment in which the trusted application runs can be collectively referred to as a Trusted Execution Environment or a TEE environment in this application embodiment.
[0106] 2. Intel Software Guard Extensions (Intel SGX): This is a set of security-related instruction extensions built into sixth-generation and later Intel CPUs. They allow specific memory regions (e.g., the aforementioned Trusted Managed Memory or Trusted Log Memory) to be set as user-private regions, also known as enclaves. The contents of these enclaves (e.g., the aforementioned managed key fragments or transaction logs) are protected and cannot be accessed by any process other than the enclave itself, including those running at higher privilege levels such as the Virtual Machine Manager (VMM), BIOS, and operating system. SGX aims to provide a Trusted Execution Environment (TEE) for user applications. Developers can place the protected code of their applications (e.g., the aforementioned key management client or logging client) within SGX enclaves to enhance application security when running on potentially vulnerable platforms.
[0107] SGX can provide the following characteristics: 1) Confidentiality and integrity: Code and data within the enclave can resist snooping or modification by any other software, including privileged software such as the OS, BIOS, and VMM. 2) Remote authentication: Remote authentication can verify whether an application's enclave runtime environment has SGX hardware protection capabilities and whether the protected code and data of the application have been tampered with. After authentication, the application provides its own key (e.g., the communication key negotiated during remote authentication), identity information, and other sensitive data to the enclave. 3) Minimized attack surface: The CPU boundary is the trust boundary of SGX. SGX only trusts data within the CPU boundary; data is encrypted as soon as it leaves the CPU. Thus, for business service devices deployed with the aforementioned trusted execution environment, data stored in the enclave is encrypted and invisible even to the third-party key custodian.
[0108] 3. Blockchain: Blockchain is a new application model of computer technologies such as distributed data storage, peer-to-peer transmission, consensus mechanisms, and cryptographic algorithms. Essentially, a blockchain is a decentralized database, a chain of data blocks linked together using cryptographic methods. Each data block contains information about a batch of network transactions, used to verify the validity of the information (anti-counterfeiting) and generate the next block. A blockchain can include an underlying platform, a platform product service layer, and an application service layer. A blockchain consists of a series of blocks sequentially generated in chronological order. Once a new block is added to the blockchain, it cannot be removed. Each block records the data packaged and submitted by the blockchain nodes in the system.
[0109] In other words, this application embodiment can utilize the decentralized, traceable, and tamper-proof characteristics of blockchain to send the aggregated signature information obtained after multi-party signing of a certain transaction (e.g., Tx1) and the transaction (e.g., Tx1) that has undergone multi-party signing together to the blockchain node. This allows the blockchain node to verify the signature through the aggregated signature information. After the signature verification is successful, the transaction (e.g., Tx1) is added to the transaction pool as a legitimate transaction. This allows multiple transactions containing this transaction (e.g., Tx1) to be packaged into a target block in the transaction pool, and the packaged target block is then uploaded to the blockchain maintained by the blockchain node.
[0110] It should be noted that, in this embodiment of the application, when acquiring data such as object access data, object registration data, transactions to be signed, and signature record flow information (or transaction logs) of a business object (i.e., a user), a prompt interface or pop-up window may be displayed. This prompt interface or pop-up window is used to inform the user that data such as object access data, object registration data, transactions to be signed, and signature record flow information (or transaction logs) are currently being collected. The data acquisition steps will only begin after the user confirms the prompt interface or pop-up window; otherwise, the process will end.
[0111] All data collected or obtained in the embodiments of this application (such as object access data information, object registration data information, transactions to be signed, and signature record flow information (or transaction logs)) are collected or obtained with the consent and authorization of the corresponding business object (such as the aforementioned user A). That is to say, when the embodiments of this application are applied to specific products or technologies, user permission or consent is required, and the collection, use, and processing of related data must comply with the relevant laws, regulations, and standards of the relevant countries and regions.
[0112] For further details, please see Figure 1 , Figure 1This is a schematic diagram of a system architecture provided in an embodiment of this application. For example... Figure 1 As shown, the system architecture may include a business service cluster 100a, a first business terminal 100b, a second business terminal cluster 100c, and a blockchain network 100d.
[0113] The business service cluster 100a may include one or more key hosting devices for storing the same managed key fragments; the number of key hosting devices in the business service cluster 100a is not limited here. Figure 1 As shown, the multiple key escrow devices in the business service cluster 100a can include key escrow device 110a, key escrow device 110b, ..., key escrow device 110n. For example... Figure 1 As shown, one of the key escrow devices 110a, 110b, ..., 110n can interact with... Figure 1 The first business terminal 100b shown is connected to the network so that data can be exchanged with the first business terminal 100b through the network connection to realize multi-party collaborative signature for a certain transaction.
[0114] It should be understood that, for Figure 1 The business service cluster 100a shown can use a key escrow device (e.g., key escrow device 110a) selected in the business service cluster 100a as the business service device used to provide the key escrow service and the signature record query service, and can use other key escrow devices in the business service cluster 100a other than the business service device (i.e. key escrow device 110a) (e.g., key escrow device 110b, ..., key escrow device 110n) as backup key escrow devices.
[0115] It should be understood that the service priority of the business service device involved in the embodiments of this application is higher than the service priority of the backup key hosting device. It is understood that, to avoid a single key hosting device (e.g., for storing local key fragments, i.e., the aforementioned hosted key fragments) being used for storage, Figure 1To address the single point of failure of the key escrow device 110a shown, this embodiment proposes that the escrow key fragment can be securely and reliably backed up and stored using one or more backup key escrow devices running in a trusted execution environment. In other words, the escrow key fragment stored in the key escrow client running in the TEE of the business service device is consistent with the escrow key fragment stored in the key escrow client running in the TEE of the backup key escrow device. Therefore, when the key escrow device selected in the business service cluster 100a (e.g., key escrow device 110a) is used as the aforementioned business service device, it can preferentially interact with the first business terminal 100b based on the aforementioned service priority.
[0116] For example, in this embodiment of the application, it can be determined that the trusted execution environment deployed in the current business service device (e.g., key escrow device 110a) is a secure execution environment, and the key escrow client deployed in the secure execution environment is a trusted client. Therefore, the key escrow client running in the current business service device (e.g., key escrow device 110a) will preferentially receive the first transaction signature request sent by the business object (e.g., user A) through the resource management client running in the first business terminal 100b. Thus, if the key escrow device 110a experiences a single point of failure (e.g., the device is offline or lost), causing the key escrow client to be offline, the business service cluster 100a can continue to select a backup key escrow device (e.g., key escrow device 110b, ..., key escrow device 110n) from the aforementioned backup key escrow devices (e.g., key escrow device 110b, ..., key escrow device 110n). Figure 1 The key escrow device 110b shown is used as a new business service device. When the trusted execution environment deployed in the new business service device is a secure execution environment and the key escrow client deployed in the secure execution environment is a trusted client, it can further obtain the first transaction signature request resent by the aforementioned business object (e.g., user A) for the current transaction (i.e., the transaction to be signed, or the transaction to be signed).
[0117] It should be understood that, for ease of understanding, the embodiments of this application may... Figure 1 The first business terminal 100b shown is referred to as an online terminal or online device. The application client running in this online terminal (or online device) can specifically be the resource management client mentioned above. This resource management client can also be called a resource client. This resource client can be used to implement resource management business functions and can establish a communication connection with the decentralized application client based on these resource management business functions.
[0118] For example, in one possible implementation, the decentralized application here could be the application that initiated the aforementioned transaction to be signed. It should be understood that the decentralized application associated with the business object involved here can be integrated with the resource management client (i.e., the resource client) and run on the same business terminal (e.g., the first business terminal 100b mentioned above), or it can run on different business terminals; this will not be limited here.
[0119] It should be understood that, in one or more possible implementations, the resource client (i.e., resource management client) here can also be a tool responsible for managing and storing user digital resources. For example, it can transfer digital resources to other accounts based on the resource client, or it can receive digital resources transferred from other accounts based on the resource client. The resource client can be a hardware device or a software program. It should be understood that the roles played by the business terminals corresponding to the other resource clients in the second business terminal cluster 100c are similar to those described above. Figure 1 The first service terminal 100b shown here will not be described in detail here.
[0120] The second service terminal cluster 100c may include one or more service terminals associated with the aforementioned service objects. In this embodiment, one or more second service terminals deployed in the second service terminal cluster may be collectively referred to as offline terminals. The number of second service terminals (i.e., offline terminals or offline devices) deployed in the second service terminal cluster 100c is not limited here. Figure 1 As shown, the multiple second service terminals (i.e., offline terminals or offline devices) in the second service terminal cluster 100c may include second service terminal 120a, second service terminal 120b, ..., second service terminal 120n.
[0121] It should be understood that when all key hosting devices deployed in the business service cluster 100a are unavailable, such as Figure 1 One of the second service terminals 120a, 120b, ..., 120n shown (i.e., an offline terminal) can connect to the network via wireless or wired connection. Figure 1 The first business terminal 100b (i.e., the online terminal) shown interacts with data to achieve another type of multi-party collaborative signature for a current transaction.
[0122] Among them, such as Figure 1 The blockchain network 100d shown may include multiple blockchain nodes (i.e., consensus nodes participating in record-keeping on the blockchain). The number of blockchain nodes (i.e., consensus nodes participating in record-keeping on the blockchain) in blockchain network 100d will not be limited here. Figure 1As shown, the multiple blockchain nodes in blockchain network 100d may specifically include blockchain node 11a, blockchain node 11b, blockchain node 11c, and blockchain node 11d. For example... Figure 1 As shown, the first business terminal 100b can connect to blockchain nodes 11a, 11b, 11c, and 11d via a network to interact with a specific blockchain node in the blockchain network 100d when the first business terminal 100b is connected to the blockchain network 100d. For example, the first business terminal 100b can write the signed transaction associated with the aforementioned business object onto the blockchain maintained by these blockchain nodes using a multi-threshold signature method (which can also be considered equivalent to multi-party collaborative signature).
[0123] It should be understood that the multi-threshold signature (or multi-party collaborative signature) method involved in the embodiments of this application specifically refers to the transaction signature process in which two key fragments deployed in different devices can collaboratively achieve transaction signature.
[0124] For example, the current transaction can be signed using a local key fragment (i.e., a managed key fragment) stored by a key escrow client in a trusted execution environment deployed on a business service device (e.g., the aforementioned key escrow device 110a), to obtain transaction signature information (e.g., transaction signature information 1). The current transaction can also be signed using another local key fragment (i.e., an online key fragment) encrypted and stored in an online terminal (i.e., the first business terminal 100b), to obtain another transaction signature information (e.g., transaction signature information 2). In this case, the online device (i.e., the first business terminal 100b) involved in this application embodiment can write the current transaction to the system based on the transaction signature information (i.e., the aforementioned transaction signature information 1 and transaction signature information 2) collected from application clients in different devices. Figure 1 The blockchain shown is a blockchain 11e specifically maintained by blockchain nodes deployed in blockchain network 100d.
[0125] It should be noted that the blockchain network 100d in this embodiment can be a layered structure or a single-layer structure, and the specific structure of the blockchain network 100d will not be limited here.
[0126] Optionally, in embodiments of this application, when the business service equipment is unavailable (e.g., a service failure occurs), causing the key escrow client to be offline (i.e., the key escrow client stops providing key escrow services), transaction signing can be achieved collaboratively by two additional key fragments deployed in different devices (e.g., online devices and offline devices).
[0127] For ease of understanding, in this embodiment of the application, the first service terminal 100b (i.e., online terminal or online device) and each of the second service terminals (i.e., offline terminals or offline devices) in the second service terminal cluster 100c can be collectively referred to as the service terminal associated with the service object. It should be understood that when the first service terminal (i.e., online terminal or online device) is lost, this embodiment of the application can select one of the second service terminals from the second service terminal cluster 100c as a new first service terminal (i.e., a new online terminal) to interact with the key hosting device selected from the aforementioned service cluster as a service device.
[0128] It is understood that, in the embodiments of this application, the business terminal that integrates and runs a resource management client may include: smartphones, tablets, laptops, desktop computers, wearable devices (such as smartwatches and smart bracelets), smart home devices, head-mounted devices, smart vehicle terminals, and other smart terminals.
[0129] In this embodiment, the business service device that integrates and runs a key hosting client can be an independent physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms.
[0130] For further information, please refer to [link / reference]. Figure 2 , Figure 2 This is a schematic diagram illustrating a data interaction scenario provided in an embodiment of this application. For example... Figure 2 The user terminal 20a shown can be the one described above. Figure 1 In the corresponding online device embodiment, the user terminal 20a integrates and runs a resource management client, which is used for storage. Figure 2 The example shown is a local key fragment (e.g., key fragment A1) for user A (i.e., the business object). Similarly, as... Figure 2 The service equipment 20b shown can be the above-mentioned Figure 1 The corresponding embodiment includes a business service device that integrates a key hosting client and a log recording client.
[0131] like Figure 2 As shown, when user A executes through a decentralized application... Figure 1 In step S11 as shown, it is possible to... Figure 2 The resource management client shown initiates a transaction (e.g., Figure 2The user terminal 20a, which integrates a resource management client, can obtain the transaction Tx1 initiated by user A from the received transaction on-chain request. Then, when treating transaction Tx1 as a transaction to be signed (i.e., a transaction to be signed), it can execute the transaction on-chain. Figure 2 The step S12 shown is to... Figure 2 The integrated service device 20b, equipped with a key escrow client, sends a remote authentication request for remote authentication. When user terminal 20a confirms successful remote authentication with service device 20b (i.e., successful remote authentication), step S13 can be further executed. At this point, user terminal 20a can use the communication key L1 (i.e., the first communication key) negotiated during the remote authentication to encrypt the object access data information (e.g., user password) obtained when accessing the resource management client. The encrypted object data information and the transaction Tx1 (i.e., the transaction to be signed) are then sent to service device 20b. When the service server decrypts the object access data information (e.g., user password) using communication key L1 (i.e., the first communication key), it can authorize user A to access the local key fragment (e.g., ...) stored in the trusted escrow memory corresponding to the key escrow client. Figure 2 The key fragment shown (B1) can then be executed. Figure 2 In step S14, the service device 20b can use the key fragment B1 to sign the transaction Tx1 to be signed, and obtain the transaction signature information 1 of the transaction Tx1 to be signed. Then, by executing step S15, the transaction signature information 1 can be returned to the user terminal 20a.
[0132] It should be understood that, such as Figure 2 As shown, a log recording client can also be deployed in the trusted execution environment of the business server 20b. Therefore, after the business server 20b signs the transaction Tx1 through the key escrow client and key shard B1, the log recording client can record the signature information 1 generated during the transaction signing process. The recorded signature stream can then be added to the trusted log memory corresponding to the log recording client. This allows the third-party escrow party corresponding to the business service device 20b to determine whether it actually participated in signing the transaction Tx1, which is to be signed. In other words, the third-party escrow party can prove its innocence (i.e., prove the legality and validity of the signature) through the recorded signature stream.
[0133] It should be understood that, for ease of understanding, the embodiments of this application may, in the first threshold signature strategy, include the transaction signature information (e.g., signed by the key escrow client in the service device 20b through key fragment B1) obtained by signing the transaction signature information (e.g., Figure 2 The transaction signature information 1 shown is collectively referred to as remote transaction signature information. Similarly, in this embodiment of the application, another transaction signature information (e.g., signed by the resource management client in user terminal 20a through key fragment A1) can also be used. Figure 2 The transaction signature information shown in section 2) is collectively referred to as the local transaction signature information.
[0134] Specifically, such as Figure 2 As shown, user terminal 20a can decrypt another local key (e.g., the user's facial information) stored by the resource management client based on the object access data information (e.g., the user's facial information) entered by the user A in the resource management client. Figure 2 The key fragment A1 shown can be decrypted to obtain the key fragment A1, which can then be used to sign the transaction Tx1 to be signed, thus obtaining the transaction signature information 2 of the transaction Tx1 to be signed. After performing an aggregate signature on the transaction signature information 1 and the transaction signature information 2, the resulting aggregate signature information C1 and the signed transaction Tx1 are sent to the server via step S17. Figure 2 The blockchain nodes shown are configured to sign and verify the aggregated signature information C1 using the globally shared public key (also known as the globally aggregated public key), and upon successful signature verification, write the signed transaction Tx1 to [the blockchain]. Figure 1 The blockchain shown is a blockchain 11e specifically maintained by blockchain nodes deployed in blockchain network 100d.
[0135] It should be understood that, in the embodiments of this application, the facial (or other biometric) recognition technology involved, when applied to specific products or technologies, requires that the collection, use, and processing of related data (e.g., facial information and user passwords) comply with national laws and regulations. It is understood that, before collecting facial information, the embodiments of this application will inform the information processing rules and solicit opinions from business stakeholders (e.g., the aforementioned...). Figure 2 The system obtains the separate consent of user A) shown, and strictly complies with legal and regulatory requirements and personal information processing rules in processing facial information, and takes technical measures to ensure the security of related data.
[0136] It should be understood that the specific process of remotely authenticating the key escrow client through the resource management client in the user terminal 20a, and the user terminal 20a obtaining signature information 1 and signature information 2, in this embodiment of the application can be found in [reference needed]. Figures 3-12 Description of the corresponding embodiments.
[0137] For further details, please see Figure 3 , Figure 3 This application provides a data processing method based on a trusted execution environment. This method can be executed by a resource management client, which can integrate and run a first business terminal. Specifically, the first business terminal can be one of the methods described above. Figure 1 The first service terminal 100b in the corresponding embodiment. For example... Figure 3 As shown, the method may include at least steps S101-S104.
[0138] Step S101: When a business object accesses the resource management client through object access data information, remote authentication is performed on the key escrow client deployed in the trusted execution environment. When the remote authentication is successful, the first communication key negotiated with the key escrow client is obtained. The object access data information is encrypted using the first communication key to obtain object data encryption information.
[0139] It should be understood that since the resource management client runs on the first business terminal, the specific process of the resource management client executing the following steps S101-S104 can be equivalently described as the first business terminal executing steps S101-S104.
[0140] The specific process of the first business terminal performing step S101 can be as follows: The first business terminal can be used to obtain object access data information of the business object through the resource management client, and then, when it is determined based on the object access data information that the business object has the access permission to access the resource management client, the business object is allowed to access the resource management client based on the access permission. It can be understood that the object access data information here may include the access password information entered by the business object (i.e., a user, for example, user A mentioned above) when accessing the resource management client; further, the first business terminal can remotely authenticate the key hosting client deployed in the trusted execution environment through the resource management client and obtain the remote authentication result; further, the first business terminal can determine that the remote authentication is successful when the remote authentication result indicates that the trusted execution environment is a secure execution environment and the key hosting client is a trusted client in the secure execution environment; further, when the remote authentication is successful, the first business terminal can obtain the first communication key negotiated with the key hosting client during the remote authentication, and then use the first communication key to encrypt the access password information in the object access data information, so as to use the encrypted access password information as the object data encryption information of the business object.
[0141] The object access data information includes access password information (e.g., user password or other business strings) entered by the business object when accessing the resource management client. It should be understood that, in one or more possible implementations, the object access data information may also include other data information besides access key information (e.g., user password or other business strings), such as access biometric information (e.g., facial information or fingerprint information or other biometric information). Here, the specific data information included in the object access data information will not be limited.
[0142] Therefore, this application embodiment can access the resource management client using a single-factor access strategy (i.e., any one of the aforementioned business strings such as user passwords and facial information) during the access process. Of course, to ensure the security of client access, this application embodiment can also use a two-factor access strategy (i.e., the aforementioned business strings such as user passwords and facial information) to collaboratively access the resource management client. For ease of understanding, this application embodiment uses a two-factor access strategy as an example. Thus, when a user logs in to the resource management client by entering a user password and using facial recognition, the resource management client can remotely authenticate the key escrow client deployed in the trusted execution environment.
[0143] For further information, please refer to [link / reference]. Figure 4 , Figure 4 This is a schematic diagram illustrating a scenario for remote authentication provided in an embodiment of this application. For example... Figure 4 The user terminal 40a shown is the first business terminal that integrates and runs the resource management client. The user A corresponding to this user terminal 40a (i.e., the first business terminal) is the aforementioned business object, and as... Figure 4 The client access page shown is the visual access page provided by this resource management client. It should be understood that, as... Figure 4 As shown, user A can enter their password (e.g., AABBCC) in the password input area based on the access prompt information displayed on the client access page (e.g., please enter your password and facial information). By triggering the facial information collection area, the camera provided by the user terminal 40a can be invoked to capture user A's facial image, which can then be displayed in the facial information collection area.
[0144] like Figure 4 As shown, in this embodiment of the application, the user password (e.g., AABBCC) and the facial image of user A, which will be displayed on the client access interface, are collectively referred to as the object access data information entered by user A.
[0145] Optionally, in this embodiment of the application, when the resource management client responds to a trigger operation (e.g., a confirmation operation) by user A (i.e., a business object) on the client's access interface, the user password (e.g., AABBCC) entered by user A and the facial information extracted from user A's facial image can be collectively referred to as object access data information.
[0146] For ease of understanding, in this application embodiment, the user password (e.g., AABBCC) entered on the client access interface can be collectively referred to as access password information, and the facial image entered on the client access interface for extracting the facial information of user A can be collectively referred to as access biometric information.
[0147] Thus, when user terminal 40a (i.e., the first service terminal) obtains the service object (i.e. Figure 4 When user A) enters object access data information, the system can search for matching object registration data information in the registration business database associated with the resource management client to obtain the data information search results.
[0148] Specifically, it is understood that when the user terminal 40a (i.e., the first service terminal) obtains object access data information containing access password information (e.g., AABBCC) and access biometric information (e.g., a facial image containing user A's facial information captured during access), it can further search for registration password information (e.g., AABBCC) that matches the access password information in the registration service database associated with the resource management client, and search for registration biometric information (e.g., a facial image containing user A's facial information captured during registration) that matches the access biometric information in the registration database. It should be understood that if the data information search result indicates that object registration data information matching the object access data information is found, then the user terminal 40a (i.e., the first service terminal) can determine that the service object is a registered object with access permissions, and thus can allow the registered object to access the resource management client.
[0149] It should be understood that, in the embodiments of this application, if a registration password matching the access password information is found in the business database, and a registration biometric information matching the access biometric information is found, it can be determined that object registration data matching the object access data information is found in the registration business database. Then, the search result of finding object registration data matching the object access data information can be taken as the information search success result.
[0150] Optionally, in embodiments of this application, if no matching registration password information or matching registration biometric information is found in the business database, it can be determined that no matching object registration data information is found in the registration business database. In this case, the search result of not finding matching object registration data information can be taken as an information search failure result.
[0151] It should be understood that, for ease of understanding, the embodiments of this application may collectively refer to the information search success results or information search failure results obtained during the resource client access phase as the aforementioned data information search results. Thus, when the data information search results indicate that object registration data information matching the object access data information has been found, the user terminal 40a can determine that the business object is a registered object with access permissions and allow the registered business object to access the resource management client, so that further execution can proceed. Figure 4 The step S41 shown is to... Figure 4 The service equipment 40b shown is deployed with a trusted execution environment 200a. Figure 4 The remote authentication request Q11 is shown. Thus, the service server 40b can further execute... Figure 4 Step S42, as shown, generates a remote managed authentication signature report P11 corresponding to the local verification report based on the remote authentication request Q11. Then, step S43 can be used to return the remote managed authentication signature report P11 to the user terminal 40a.
[0152] Furthermore, such as Figure 4 As shown, user terminal 40a (i.e., the first business terminal) can further execute step S44 to send a remote review report acquisition request Q12 to the trusted application auditing platform 40c. It should be understood that the trusted application auditing platform involved in this application embodiment can conduct multi-party reviews (i.e., task reviews) on the key hosting client uploaded by the development terminal through multiple review agencies in advance. Then, when the multi-party review is passed, the key hosting client uploaded by the development terminal can be published to the business platform corresponding to the trusted application auditing platform. Simultaneously, this application embodiment can also generate a remote hosting review and authentication report for the published key hosting client after the multi-party review is passed. Thus, for Figure 4As shown in the user terminal 40a (i.e. the first business terminal), it can obtain the remote hosting review and authentication report obtained by multiple review agencies after reviewing the key hosting client from the trusted application review platform 40c. Then, it can compare the key report parameters in the obtained remote hosting review and authentication report with the key report parameters in the remote hosting authentication signature report. When the parameter comparison is successful, it can determine that the key hosting client deployed in the secure execution environment is a trusted client and the remote authentication success result is used as the remote authentication result.
[0153] In this way, when the remote authentication is successful, the user terminal 40a (i.e. the first service terminal) can further obtain the first communication key negotiated with the key escrow client during the aforementioned remote authentication process. The user terminal 40a can then use the first communication key to encrypt the object access data information (e.g., the aforementioned access password information) and use the encrypted access password information as the object data encryption information so that step S102 can be further executed.
[0154] Optionally, for the aforementioned single-factor access strategy, if the object access data information entered by user A on the client access page only contains the access biometric information entered by user A when accessing the resource management client, then user terminal 40a (i.e., the first business terminal) can further obtain the first communication key negotiated with the key escrow client during the aforementioned remote authentication process upon successful remote authentication. This allows the user terminal to encrypt the object access data information (e.g., the aforementioned access biometric information) using the first communication key, using the encrypted access biometric information as another type of object data encryption information, so that step S102 can be further executed subsequently.
[0155] Optionally, in embodiments of this application, when the data search results indicate that no object registration data matching the object access data information is found, the business object can be determined to be an unregistered object. This allows for the generation of access failure notification information for the business object, and can be implemented as described above. Figure 4 The client access page shows a message indicating that the access failed (e.g., incorrect password or mismatched facial image).
[0156] In this context, it can be understood that the user terminal 40a (i.e., the first business terminal) remotely authenticates the key escrow client deployed in the Trusted Execution Environment (TEE) through the resource management client. The specific process for obtaining the remote authentication result can be described as follows: The first business terminal can generate a first random number for remote authentication. When generating a first communication key pair for data communication, it can use the first random number and the first communication public key in the first communication key pair as request parameters. Based on the request parameters, it can generate a first remote authentication request to be sent to the key escrow client deployed in the TEE. Furthermore, the first business terminal can send the first remote authentication request to the key escrow client, so that the key escrow client can generate a second communication key pair based on the first remote authentication request. The key escrow client uses the second communication public key in the second communication key pair and the first random number in the received remote authentication request as report parameters to generate a local verification report carrying the report parameters. The local verification report is used to indicate the local platform authentication signature group associated with the TEE. The system performs local verification on the local verification report and generates a remote managed authentication signature report corresponding to the local verification report when the local verification is successful. Furthermore, the first business terminal can receive the remote managed authentication signature report returned by the local platform authentication signature component and obtain the managed environment authentication report provided by the remote authentication server. Then, when the remote managed authentication signature report is determined to be a valid authentication report based on the managed environment authentication report, the trusted execution environment is determined to be a secure execution environment. From the trusted client auditing platform associated with the resource management client, a remote managed review authentication report obtained after multiple auditing agencies have reviewed the key managed client's tasks is acquired. Furthermore, the first business terminal can compare the key report parameters in the remote managed review authentication report with the key report parameters in the remote managed authentication signature report. When the parameter comparison is successful, the remote authentication success result is determined as the remote authentication success result of the key managed client deployed in the secure execution environment.
[0157] It is understood that the first remote authentication request involved in this application embodiment is the remote authentication request initiated upon successful access to the resource management client. For ease of understanding, this application embodiment may collectively refer to the other remote authentication request initiated when registering the resource management client as the second remote authentication request. For further clarification, please refer to... Figure 5 , Figure 5 This is a schematic diagram illustrating a user registration process provided in an embodiment of this application. For example... Figure 5As shown, when a business object (e.g., user A) downloads and installs the resource management client from the application market through a first business terminal, and the business service device is running the key escrow client uploaded by the development terminal, user A can execute the following when registering the resource management client: Figure 5 Step S51, as shown, involves inputting a face and user password on the client registration page displayed on the first service terminal. This means that the first service terminal can obtain the facial image containing the face and user password entered by user A through the resource management client, and the obtained facial image containing the face and user password can be collectively referred to as the aforementioned registration object data information.
[0158] It is understood that the facial image containing a face in the registration object data information can be referred to as the registration biometric information of user A, and the user password in the registration object information can be referred to as the access password information entered by user A. It should be understood that when the resource management client obtains the registration object data information entered by user A, it can store this registration object data information in the registration business database associated with the resource management client. Thus, when user A subsequently accesses the resource management client using this facial image and password, the client can compare the facial image and password entered by user A during the current access phase with the historical facial image and password entered by user A during the user registration phase stored in the registration business database. If the comparison matches, user A can be determined to be a registered object with access rights to the resource management client, thereby allowing user A to access the resource management client.
[0159] It should be understood that the registration business database can be a database existing in the first business terminal for locally storing registration object data information. Optionally, in one or more possible implementations, the registration business database can also be another database existing in other devices independent of the first business terminal (e.g., the background service device of the resource management client) for encrypted storage of the registration object data information.
[0160] For example, to further ensure the security of the encrypted registered object data information in the backend service device, this embodiment of the application can also store the hash value of the registered object data information calculated from the face image containing the face and the user password in the backend service device. Thus, when user A accesses the resource management client using a face image with the protected face and the user password, the hash value of the accessed object data information calculated using the currently obtained face image containing the face and the user password can be compared with the hash values of the previously calculated registered object data information. If the hash values match, access to the resource client can be quickly granted.
[0161] Furthermore, such as Figure 5 As shown, the first service terminal can further execute step S52 to... Figure 5 The resource management client shown is for Figure 5 The trusted execution environment deployed in the business service equipment shown performs remote authentication, and then, upon successful remote authentication, the current communication key (i.e., the second communication key) negotiated between the resource management client and the key escrow client during the remote authentication process can be obtained.
[0162] It should be understood that, for ease of comprehension, the communication key negotiated between the resource management client and the key escrow client by user A during the user registration phase can be referred to as the second communication key, and the new communication key negotiated between the resource management client and the key escrow client by user A during the user access phase can be referred to as the first communication key. In other words, the embodiments of this application can ensure the security and reliability of data transmission during data interaction between the resource management client and the key escrow client by using the communication key negotiated in real time. This enhances the access security of authorized user A (i.e., the business object) to the escrow key fragment through the key escrow client in the business service device. In other words, even the third-party escrow provider corresponding to the key escrow client does not have direct access rights to the escrow key fragment through the key escrow client, thereby ensuring the reliability and security of the escrow key fragment stored in the trusted execution environment.
[0163] It should be understood that, in this embodiment of the application, user A can trigger remote authentication of the resource management client each time he accesses the resource management client, so as to ensure the security of the trusted execution environment running in the business service device and the application security of the key hosting client running in the trusted execution environment.
[0164] Furthermore, such as Figure 5As shown, the first service terminal can extract facial information from the acquired facial image containing a face during the user registration phase, in order to further perform... Figure 5 In step S53, the first service terminal can generate a symmetric key (i.e., registration symmetric key) based on the extracted facial information of user A during the user registration phase. This symmetric key (registration symmetric key) can then be used to encrypt a local key fragment (i.e., the first key fragment, which can specifically be the aforementioned online key fragment) generated by the resource management client. The encrypted first key fragment and the aforementioned registration symmetric key can then be stored together in the resource management memory of the resource management client. When the first service terminal subsequently performs multi-party threshold signature with the service device, it can generate a new symmetric key (i.e., access symmetric key) using the latest facial information obtained when accessing the resource management client. If the registration object key and the access object key are consistent (or match), the access symmetric key can be used to decrypt the aforementioned first key fragment, which can then be used to perform the multi-party threshold signature step in step S103.
[0165] Meanwhile, since the transaction signature strategy involved in the embodiments of this application is a multi-party threshold signature strategy, therefore, as Figure 5 As shown, the first service terminal can further execute step S54 during the user registration stage to encrypt the user password entered by user A during the user registration stage using a communication key (i.e., the second communication key), and then send the encrypted user password to the service server. Figure 5 As shown, at this point, the service device can further decrypt the user password sent by the resource management client using the communication key (i.e., the second communication key). Then, during step S55, the calculated hash value of the user password can be stored in the trusted escrow memory of the key escrow client. Subsequently, during the user access phase, when the service device decrypts the user password using the new communication key (i.e., the first communication key), it can compare the hash value of the user password recalculated during the user access phase with the hash value of the user password historically calculated during the user registration phase. If they match, remote identity authentication (i.e., remote information authentication) of user A (i.e., the business object) can be completed. Upon successful remote identity authentication (i.e., remote information authentication), user A can be authorized to call the key escrow shard for transaction signing.
[0166] Optionally, in one or more possible implementations, embodiments of this application may also directly store the user password in the trusted managed memory of the key managed client located in the trusted execution environment. In this way, the registration password information (e.g., the user password) stored in the trusted managed memory of the key managed client can be used to remotely authenticate the access password information in the obtained object access data information, and when the remote authentication is successful, the authorized business object can call the managed key fragment.
[0167] It should be understood that, in the embodiments of this application, the above... Figure 5 For details regarding the process by which a business object (e.g., user A) downloads and installs the resource management client from the application market via the first business terminal in the corresponding embodiment, please refer to [link to relevant documentation]. Figure 6 , Figure 6 This is an interactive sequence diagram provided in an embodiment of this application for the development, review, and installation of a resource management client. It is understood that, as... Figure 6 The resource management application P1 shown can be integrated and run on the above-mentioned Figure 5 The resource management client in the first business terminal shown. In addition... Figure 6 The service terminal shown can specifically be the one described above. Figure 5 The first service terminal shown.
[0168] It should be understood that when a developer (e.g., developer K1) passes through Figure 6 When the development terminal shown completes the program development for the resource management application P1 (i.e., the resource management client), it can execute... Figure 6 Step S61, as shown, involves uploading the resource management application P1 (i.e., the resource management client) to... Figure 6 The application review platform shown can simultaneously execute step S62 when uploading the resource management application P1 to select multiple review bodies (e.g., review body H1, review body H2, and review body H3) to review the application functions of the resource management application P1. At this time, the development terminal can submit the application review to the relevant authorities based on the selected review bodies and the described application functions of the resource management application P1. Figure 6 The application review platform shown initiates a review request.
[0169] Furthermore, such as Figure 6As shown, when the application review platform receives a review request, it can further execute step S63 to extract and receive the review task from the review request. This means that at this time, the application review platform can issue a review instruction for reviewing the application functions of the resource management application P1 to multiple selected review agencies (e.g., review agency H1, review agency H2, and review agency H3) based on the review task. Thus, for each of the multiple review agencies, upon receiving the review instruction, it can further execute step S64 to review the application functions of the resource management application P1, and upon completion of the review, it can further execute... Figure 6 Step S65, as shown, involves uploading the currently reviewed resource management application P1 and the review certification report (hereinafter referred to as the certification report) to the application review platform.
[0170] like Figure 6 As shown, at this time, when executing step S66, the application review platform can collect the review and certification reports (hereinafter referred to as certification reports) returned by multiple selected review agencies for the resource management application P1. It can also obtain whether the cumulative review score of key review dimensions (e.g., whether the application data is complete, whether the application functions meet the review indicators, etc.) in the collected certification reports has reached the review threshold. Then, when the cumulative review score of the key review dimensions in each certification report reaches the review threshold, it can confirm that the review has been passed, and then the approved resource management application P1 can be published on the review platform.
[0171] Furthermore, such as Figure 6 As shown, the application review platform can notify the development terminal to execute step S67, that is, to notify the development terminal to download the approved resource management application P1 and its certification report. Furthermore, it can be understood that the development terminal can then execute... Figure 6 Step S68, as shown, uploads the currently approved resource management application P1 to the application market so that when a business object (e.g., the aforementioned user A) needs to use the resource management application P1, step S69 can be executed to download the resource management application P1 from the application market.
[0172] Thus, to ensure the security of the resource management application P1 currently downloaded to this service terminal, such as... Figure 6As shown, before integrating and installing the resource management application P1 on the business terminal (i.e., the first business terminal), the business terminal can further execute step S70 to obtain the certification pass report issued for the resource management application P1 from the application review platform. Then, the business terminal can further execute step S71 to use the resource management application P1 downloaded from the application market as the resource management application to be compared (e.g., resource management application P1'). At this time, the business terminal can check whether the application parameters of the resource management application to be compared (e.g., resource management application P1') (e.g., the ND5 file describing the application name of resource management application P1', the application version of resource management application P1', and developer information) are consistent with the application parameters of the resource management application P1 that actually participated in the review recorded in the obtained certification pass report. If they are consistent, it can be determined that the resource management application P1 currently downloaded to the business terminal (i.e., the first business terminal) has application security, thereby allowing the application of resource management application P1 to be integrated and installed on the business terminal, so that steps S101-S104 can continue to be executed.
[0173] Alternatively, in the embodiments of this application, if the application parameters of the currently downloaded resource management application P1 (i.e., the resource management application to be compared (e.g., resource management application P1')) are inconsistent with the application parameters of the resource management application P1 actually participating in the review, it can be determined that the resource management application P1 currently downloaded to the business terminal (i.e., the first business terminal) does not have application security, and then risk warning information can be generated to remind the user that the currently downloaded resource management application P1 has installation risks.
[0174] It should be understood that the certification pass report here is the review certification pass report obtained based on the one-time operation corresponding to the aforementioned steps S61-S67. That is, the embodiment of this application can perform a one-time application review operation on the currently developed resource management application P1, and then allow the development terminal to download the resource management application P1 and its certification pass report from the application review platform when the review is passed.
[0175] Similarly, in the embodiments of this application, the above-mentioned Figure 5 In the corresponding embodiment, the third-party hosting provider (e.g., hosting user B) can receive the trusted application uploaded by the development terminal through the business server and run the application function services provided by the trusted application on the business server. It is understood that the trusted application here may specifically include, but is not limited to, the above-mentioned... Figure 2 The corresponding key hosting client and log recording client in the embodiments.
[0176] For ease of understanding, please refer to the following: Figure 7 , Figure 7 This is an interactive sequence diagram provided in this application embodiment for the development, review, installation, and remote authentication of trusted applications. For ease of understanding, this application embodiment uses... Figure 7 The trusted application P1 shown can be integrated and run on the above Figure 5 Taking the key hosting client in the business service device shown as an example, this paper illustrates the specific process of developing, reviewing, installing, and applying remote authentication for the key hosting client.
[0177] It should be understood that when developers (e.g., developer K2) pass through Figure 7 When the development terminal shown completes the program development for the trusted application P2 (e.g., a key escrow client), it can execute... Figure 7 Step B11, as shown, involves uploading the trusted application P2 (e.g., a key escrow client) to... Figure 7 The Trusted Application Audit Platform shown.
[0178] For ease of distinction, this application embodiment can refer to applications that need to be deployed and run in a trusted execution environment as trusted applications, and the auditing platform used to audit trusted applications as a trusted application auditing platform (e.g., Figure 7 The example shown is an auditing platform for auditing trusted applications P2 (e.g., key escrow clients). Similarly, in this application embodiment, applications that do not require deployment and run in a trusted execution environment can be collectively referred to as ordinary applications, and auditing platforms for auditing ordinary applications can be collectively referred to as application auditing platforms (e.g., the aforementioned...). Figure 6 The auditing platform shown is used to audit the resource management client P1.
[0179] like Figure 7 As shown, when uploading the trusted application P2 (e.g., a key escrow client), the development terminal can simultaneously execute step B12 to select multiple auditing bodies (e.g., auditing body H3, auditing body H4, and auditing body H5) to conduct application reviews of the application functions of the trusted application P2 (e.g., the key escrow client). At this time, the development terminal can, based on the selected auditing bodies and the described application functions of the trusted application P2 (e.g., the key escrow client), submit the application to the relevant auditing body. Figure 7 The trusted application auditing platform shown initiates a trusted review request.
[0180] Furthermore, such as Figure 7As shown, upon receiving a trusted review request, the trusted application auditing platform can further execute step B13 to extract and receive the review task from the request. This means that at this point, the trusted application auditing platform can issue a review instruction for reviewing the application functions of the trusted application P2 (e.g., a key escrow client) to multiple selected auditing bodies (e.g., auditing body H3, auditing body H4, and auditing body H5) based on the review task. Thus, for each of the multiple auditing bodies, upon receiving the review instruction, step B14 can be further executed to review the application functions of the trusted application P2 (e.g., a key escrow client), and upon completion of the review, further execution... Figure 7 Step B15, as shown, sends the currently reviewed trusted application P2 (e.g., a key escrow client) to the target service node that has deployed a cloud-based trusted execution environment (or a cloud-based public trusted execution environment) so that the target service node can compile the trusted application P2 (e.g., a key escrow client) in the cloud-based trusted execution environment. When the trusted application P2 (e.g., a key escrow client) is successfully compiled in the cloud-based trusted execution environment, the auditing structure can receive remote authentication initiated by the auditing structure for the trusted application P2 (e.g., a key escrow client) running in the cloud-based trusted execution environment during the application review phase.
[0181] This means that at this stage, each auditing body will obtain a remote authentication report for the trusted application P2 (e.g., a key escrow client) during the application review phase. It can be understood that this remote authentication report is a remote authentication signature report corresponding to the local verification report generated by the trusted application P2, obtained by a remote authentication signature component located in the same trusted execution environment as the trusted application P2, after local verification. Thus, when each auditing body obtains the cloud trusted environment authentication report provided by the remote authentication server for this cloud trusted execution environment, it can determine that the remote authentication signature report is a valid authentication report based on this cloud trusted environment authentication report, and then use this valid remote authentication signature report (i.e.,...) Figure 7 The remote authentication report shown identifies the trusted application P2, compiled in the cloud trusted execution environment, as a trusted application.
[0182] It is understood that when the trusted application P2 is the aforementioned key escrow client, the remote authentication signature report can specifically be a remote escrow authentication signature report. Optionally, it should be understood that when the trusted application P2 is the aforementioned log recording client, the remote authentication signature report can also specifically be a remote log authentication signature report.
[0183] Furthermore, such as Figure 7As shown, the trusted application auditing platform can further execute step B16 to obtain the currently compiled trusted application P2 and the remote certification reports associated with each auditing authority from the trusted execution environment that compiled the trusted application P2. Thus, when executing step B17, the trusted application auditing platform can collect the remote certification reports returned by multiple selected auditing authorities for the trusted application P1, and can obtain from each collected remote certification report whether the cumulative review score of key review dimensions (e.g., whether the trusted application data is complete, whether the trusted application functions meet the review indicators, etc.) reaches the review threshold. Therefore, when the cumulative review score of the key review dimensions in each remote certification report reaches the review threshold, the audit is confirmed as passed, and the remote certification pass report of the approved trusted application P2 can be published on the trusted auditing platform.
[0184] Furthermore, such as Figure 7 As shown, the trusted application auditing platform can notify the development terminal to execute step B18, that is, to notify the development terminal to download the audited trusted application P2. Furthermore, it can be understood that at this point, the development terminal can execute... Figure 7 Step B19, as shown, uploads the currently approved trusted application P2 to a business server with a trusted execution environment, so that the application function service of the trusted application P2 can be integrated and run on the business server with the trusted execution environment.
[0185] In this way, when a business object (e.g., user A mentioned above) needs to perform multi-party threshold signature using a business terminal integrated with the resource management application P1, it can then perform... Figure 7 Step B20, as shown, involves remotely authenticating the trusted application P2 running in the trusted execution environment of the business server through the resource management application P1, in order to obtain a remote authentication signature report returned by the business server.
[0186] Furthermore, such as Figure 7 As shown, to ensure the application security and environment security of the trusted application P2 currently running on the business server, as follows: Figure 7 As shown, the business terminal can further execute step B21 through the resource management application P1 to obtain the remote authentication pass report issued for the trusted application P2 from the trusted application audit platform. For example, when the trusted application P2 is a key hosting client, the business terminal can obtain the remote hosting review and certification report obtained by multiple auditing agencies after task review for the key hosting client from the trusted application audit platform through the resource management client P1.
[0187] Then, the business terminal can further execute step B22 to compare the key report parameters of the remote authentication pass report (e.g., the remote escrow review authentication report obtained by reviewing the key escrow client) with the key report parameters of the remote escrow authentication signature report obtained by performing remote authentication. If the parameter comparison is successful, the key escrow client deployed in the trusted execution environment is determined to be a trusted client.
[0188] Step S102: When a transaction to be signed is received from a business object, the object data encryption information and the transaction to be signed are sent to the key custody client based on the first threshold signature policy corresponding to the transaction to be signed. This allows the key custody client to decrypt the object access data information based on the first communication key, authenticate the business object through the object access data information, and remotely sign the transaction to be signed by sharding the custody key stored in the key custody client when the authentication is successful, thereby obtaining the remote signature information of the transaction to be signed.
[0189] Step S103: Upon receiving the remote signature information of the transaction returned by the key escrow client, the first key fragment of the business object is obtained by decrypting the object access data information. The transaction to be signed is then processed locally using the first key fragment to obtain the local signature information of the transaction to be signed.
[0190] The resource management client stores the registration symmetric key and the first encryption key fragment corresponding to the first key fragment in its resource management memory. The registration symmetric key is generated by the biometric information provided by the business object when registering with the resource management client. The first encryption key fragment is obtained by encrypting the first key fragment with the registration symmetric key when the business object is a registered object. The specific process of the first business terminal executing step S103 through the resource management client can be described as follows: When the first business terminal receives the remote signature information of the transaction returned by the key escrow client, it can obtain the first encryption key fragment from the object access data information based on the online fragment encryption strategy in the object registration strategy. The business object provides access biometric information when accessing the resource management client; further, the first business terminal can generate an access symmetric key through the access biometric information, and can obtain the registration symmetric key and the first encryption key fragment from the resource management memory; further, when the first business terminal determines that the registration object key matches the access registration object key, it can decrypt the first encryption key fragment using the access registration key that matches the registration object key to restore the first key fragment corresponding to the first encryption key fragment; further, the first business terminal can perform local signature processing on the transaction to be signed using the first key fragment to obtain the transaction local signature information of the transaction to be signed.
[0191] The specific process by which the first user terminal processes the transaction to be signed using the first key fragment to obtain the local signature information of the transaction can be found in the above description. Figure 2 The specific process of obtaining signature information 2 in the corresponding embodiments will not be repeated here.
[0192] Step S104: Based on the remote signature information and local signature information of the transaction, determine the first cumulative signature count of the transaction to be signed. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
[0193] Specifically, the first business terminal can accumulate the first number of signatures of remote signature information and local signature information of a transaction based on a first threshold signature strategy, and use the accumulated first number of signatures as the first accumulated signature number of the transaction to be signed; further, when the first accumulated signature number reaches the accumulated signature threshold indicated by the first threshold signature strategy, the first business terminal can aggregate the remote signature information and local signature information of the transaction based on the first threshold signature strategy to obtain the first aggregate signature information of the transaction to be signed, and use the first aggregate signature information as the signed transaction to be written into the blockchain; further, the first business terminal can send the signed transaction and the first aggregate signature information to the blockchain node, so that the blockchain node can perform aggregate signature verification of the signed transaction based on the global aggregate public key carried in the first aggregate signature information, and write the signed transaction into the blockchain maintained by the blockchain node when the aggregate signature verification is successful; the global aggregate public key is obtained by aggregating the public key carried in the remote signature information and the public key carried in the local signature information.
[0194] Therefore, this application embodiment, by deploying key fragments on different client terminals (e.g., the first key fragment can be encrypted and stored on a resource management client, and the managed key fragment can be stored on a key escrow client deployed in a trusted execution environment), can ensure the security of key storage, thereby improving the reliability of transaction signing during the transaction signing process. For example, by deploying the key escrow client in a trusted execution environment, this application embodiment can fundamentally solve the problem of illegal leakage of managed key fragments caused by the loss of key escrow devices held by third-party escrow providers. By encrypting the storage of the key fragments being written, it can also prevent the illegal leakage of the first key fragment caused by the loss of the user's business terminal. Finally, this application embodiment can determine the first cumulative signature count of the transaction to be signed based on the transaction remote signature information and the transaction local signature information. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain. In other words, by using a threshold signature strategy (which refers to a strategy in which users and third-party custodians can jointly participate in collaborative signing), this application embodiment can rely on multiple signatures that reach a cumulative signature threshold (e.g., 2) to determine the current transaction (i.e., the transaction to be signed) as a signed transaction. Then, the signed transaction can be written to the blockchain through a blockchain node to ensure the reliability of the transaction on the chain.
[0195] For further details, please see Figure 8 , Figure 8 This is a flowchart illustrating a data processing method based on a trusted execution environment provided in this application. Figure 8 As shown, this method can be executed by a resource management client, which can integrate and run a first business terminal, specifically the one described above. Figure 1 The first service terminal 100b in the corresponding embodiment. For example... Figure 8 As shown, the method may include at least steps S201-S211.
[0196] Step S201: Obtain object access data information of the business object; when it is determined that the business object has access permissions to access the resource management client based on the object access data information, allow the business object to access the resource management client based on the access permissions; the object access data information includes the access password information entered by the business object when accessing the resource management client.
[0197] Step S202: Remotely authenticate the key hosting client deployed in the trusted execution environment through the resource management client to obtain the remote authentication result.
[0198] Specifically, the first business terminal can generate a first random number for remote authentication through a resource management client. When generating a first communication key pair for data communication, it uses the first random number and the first communication public key in the first communication key pair as request parameters. Based on the request parameters, it generates a first remote authentication request to be sent to a key escrow client deployed in the trusted execution environment. Further, the first business terminal can send the first remote authentication request to the key escrow client, causing the key escrow client to generate a second communication key pair based on the first remote authentication request. It uses the second communication public key in the second communication key pair and the first random number in the received remote authentication request as report parameters to generate a local verification report carrying the report parameters. The local verification report instructs the local platform authentication and signature component associated with the trusted execution environment to perform local verification of the local verification report, and generates a local verification report upon successful local verification. The corresponding remote hosting authentication signature report; further, the first business terminal can receive the remote hosting authentication signature report returned by the local platform authentication signature component, obtain the hosting environment authentication report provided by the remote authentication server, and when the remote hosting authentication signature report is determined to be a valid authentication report based on the hosting environment authentication report, the trusted execution environment is determined to be a secure execution environment. From the trusted client auditing platform associated with the resource management client, the remote hosting review authentication report obtained by multiple auditing agencies after task review of the key hosting client is obtained; further, the first business terminal can compare the key report parameters in the remote hosting review authentication report with the key report parameters in the remote hosting authentication signature report, and when the parameter comparison is successful, the remote authentication success result of the key hosting client deployed in the secure execution environment is determined to be a trusted client, and the remote authentication success result is taken as the remote authentication result.
[0199] For further information, please refer to [link / reference]. Figure 9 , Figure 9 This is an interactive flowchart of a remote authentication process provided in an embodiment of this application. For example... Figure 9 The service terminal shown can be the first service terminal mentioned above, such as... Figure 9 The business terminal shown integrates and runs a resource management client P1. Similarly, as... Figure 9 The key hosting device shown can be the business service device with the trusted execution environment deployed above, and the trusted application P2 running in the key hosting device can be the key hosting client mentioned above.
[0200] Specifically, before the resource management client P1 performs multi-party threshold signing through the trusted application P2 (e.g., a key escrow client), the service terminal can execute... Figure 9 As shown in step C11, that is, at this time, as Figure 9The service terminal shown can generate a random number (i.e., the aforementioned first random number) through the resource management client, and simultaneously generate a communication key pair A1 (i.e., the aforementioned first communication key pair) for data communication. It then uses the public key (i.e., the first communication public key) and the random number (i.e., the aforementioned first random number) of the communication key pair A1 (i.e., the aforementioned first communication key pair) as request parameters to... Figure 9 The common applications shown are directed to Figure 9 The trusted application P2 (e.g., the key escrow client) deployed in the key escrow device, as shown, initiates a remote authentication request (i.e., the aforementioned first remote authentication request).
[0201] It should be understood that, such as Figure 9 The typical application shown can execute step C12 to pass the request parameters from the received remote authentication request to the trusted application P2 (e.g., a key escrow client) deployed in the trusted execution environment. At this time, the trusted application P2 (e.g., the key escrow client) deployed in the trusted execution environment can generate another communication key pair (e.g., communication key pair B1) for data communication based on the received request parameters (i.e., the aforementioned first communication public key and first random number). The public key of communication key pair B1 (i.e., the second communication public key) and the received random number (i.e., the first random parameter) can then be used as reporting parameters. Furthermore, the trusted application P2 (e.g., the key escrow client) can call the SGX's EREPORT instruction to create the current platform QE (i.e., ...). Figure 9 The REPORT shown is a local verification report (i.e., a report carrying report parameters) that can be verified locally (without calling IAS) by the remote authentication and signature component located on the same platform as the trusted execution environment (which is located on the same platform as the trusted execution environment).
[0202] Furthermore, such as Figure 9 As shown, the trusted application P2 (e.g., a key escrow client) can, during step C13, pass the REPORT (i.e., the local verification report carrying report parameters) through a regular application to the QE (i.e., QE). Figure 9 The remote authentication and signature component shown is located on the same platform as the trusted execution environment. Specifically, such as... Figure 9 As shown, this ordinary application can receive the REPORT (i.e., a local verification report carrying report parameters) transmitted by the trusted application P2 (e.g., a key escrow client) when performing step C13, and then transmit it to the QE (i.e., QE) through step C14. Figure 9 The remote authentication and signature component shown, which is located on the same platform as the trusted execution environment, forwards the REPORT (i.e., the local verification report carrying the report parameters).
[0203] Furthermore, such as Figure 9 As shown, QE (i.e. Figure 9The remote authentication and signing component shown can call EGETKEY to obtain the REPORT KEY (i.e., the key report parameter in the local verification report), and can use the obtained key report parameter to perform local verification of the REPORT. Therefore, the local verification result can be used to determine whether the trusted execution environment where the trusted application P2 resides runs on the same platform as QE. If the local verification result indicates successful local verification, then QE (i.e., ...) can perform local verification. Figure 9 The remote authentication signature component shown can sign the REPORT using the platform's unique platform private key to obtain a Quote (i.e., a remote authentication signature report corresponding to the local verification report, such as a remotely hosted authentication signature report).
[0204] Furthermore, such as Figure 9 As shown, QE (i.e. Figure 9 The remote authentication signature component shown can forward the Quote (i.e., the remote authentication signature report corresponding to the local verification report, for example, a remotely hosted authentication signature report) to [the relevant authority] via step C15. Figure 9 The example shown is a typical application. Furthermore, this typical application can, during step C16, return the received Quote (i.e., the remote authentication signature report corresponding to the local verification report, for example, a remotely hosted authentication signature report) to [the relevant authority / organization]. Figure 9 The service terminal shown. At this time, the service terminal can be accessed through the resource management client P1. Figure 9 The remote authentication server shown verifies whether the remote hosted authentication signature report is a valid authentication report by means of an environment authentication report (e.g., the aforementioned hosted environment authentication report) provided by the remote authentication server.
[0205] It is understood that the remote authentication server involved in this application embodiment can specifically be an Intel Attestation Service (IAS) used to verify the validity of remote authentication signature reports. In other words, this application embodiment can use the remote authentication server to help the business terminal, after determining that the remote authentication signature report is a valid authentication report, further determine that the trusted execution environment deployed in the key hosting device is a secure execution environment. This allows for subsequent comparison of the remote review authentication report (e.g., a remote hosting review authentication report) obtained from the trusted application auditing platform with the remote authentication signature report currently considered a valid authentication report. If the comparison is successful, the key hosting client deployed in the secure execution environment can be determined to be a trusted client.
[0206] It should be understood that, in the above Figure 9In the provided interactive flow diagram, the resource management client P1 in the business terminal and the trusted application P2 (e.g., the key escrow client) deployed in the trusted execution environment can both combine their own private key and the other party's public key to calculate the same and symmetric communication key (e.g., the first communication key mentioned above), so that the subsequent communication encryption process can be carried out through the communication key calculated in real time during the authentication process.
[0207] Furthermore, it is understood that, during the negotiation of the communication key (i.e., the first communication key), this application embodiment can ensure that the environment participating in authentication (e.g., the aforementioned cloud-based trusted execution environment) is the same as the actual operating environment of the application. Since other environments do not participate in key negotiation, they cannot calculate the communication key, and therefore cannot decrypt the communication content transmitted when the business terminal communicates with the key hosting device. Additionally, it is understood that, since the Quote (i.e., the remote authentication signature report corresponding to the local verification report) contains a real-time generated random number (i.e., the aforementioned first random number), it can ensure that the trusted application P2 cannot use an outdated local authentication report to bypass remote authentication. This, to a certain extent, guarantees the real-time nature of remote authentication and ensures the environmental security of the current operating environment of the trusted application P2.
[0208] Finally, it is understood that the business terminal compares the parameters involved in the resource management client P1. Specifically, this involves verifying whether the application signer in the remote authentication signature report matches the application signer in the remote review authentication report during the review process. If they match, it ensures that the trusted application P2 was developed by the intended developer, thus preventing unintended third parties from fraudulently obtaining the information stored in the trusted application P2 if they illegally acquire the key hosting device. Furthermore, the parameter comparison involved in this application embodiment can also specifically involve verifying whether the application metric value for the trusted application P2 in the remote authentication signature report matches the application signer for the trusted application P2 in the remote review authentication report during the review process. If they match, the trusted application P2 deployed in the trusted execution environment is determined to be a trusted application. It is understood that in remote authentication, the application metric value of the trusted application P2 is calculated in real-time by the Intel SGX CPU based on the application running in the trusted execution environment. This metric is tamper-proof and serves as a unique identifier for an application. Therefore, before the business terminal calls the trusted application P2 through the resource management client, it can determine whether this value meets expectations. If the value meets expectations, the trusted application P2 can be called, thereby effectively preventing the call to the tampered application.
[0209] Step S203: When the remote authentication result indicates that the trusted execution environment is a secure execution environment and the key escrow client is a trusted client in the secure execution environment, the remote authentication is determined to be successful.
[0210] It should be understood that, in order to ensure the security and reliability of the key escrow client stored in the trusted execution environment, this application embodiment requires verifying the security of the trusted execution environment storing the key escrow client through a threshold signature strategy before the resource management client and the key escrow client perform multi-party threshold signature. This allows for further verification of whether the key escrow client deployed in the trusted execution environment is a trusted client, provided that the trusted execution environment is secure. Thus, when the trusted execution environment is secure and the key escrow client is a trusted client, remote authentication is confirmed to be successful. Therefore, multi-party threshold signature can be achieved through the first threshold signature strategy in the threshold signature strategy. That is, this application embodiment can further execute the following steps S204-S205 based on the first threshold signature strategy.
[0211] Optionally, embodiments of this application may also determine that remote authentication fails when the trusted execution environment is determined to be an insecure execution environment, or when the trusted execution environment is a secure execution environment but the key escrow client is an untrusted client, through remote authentication.
[0212] At this time, the first business terminal of the integrated resource management client can determine that the key escrow client is unavailable when remote authentication fails, and then notify the business service equipment to stop using the unavailable key escrow client to provide key escrow services. Thus, when the key escrow client stops providing key escrow services (i.e., the business service equipment experiences a service failure), to ensure the normal execution of transaction signing, this embodiment can also obtain the second threshold signature strategy in the threshold signature strategy (i.e., multi-party threshold signature is implemented through multiple business terminals associated with the business object (e.g., online key fragments stored in the first business terminal and offline key fragments stored in the second business terminal)). In this case, this embodiment can further execute steps S206-S209 based on the second threshold signature strategy.
[0213] Step S204: When remote authentication is successful, obtain the first communication key negotiated with the key escrow client, and encrypt the object access data information using the first communication key to obtain the object data encryption information.
[0214] Step S205: When a transaction to be signed is received from a business object, the object data encryption information and the transaction to be signed are sent to the key custody client based on the first threshold signature policy corresponding to the transaction to be signed. This allows the key custody client to decrypt the object access data information based on the first communication key, authenticate the business object through the object access data information, and remotely sign the transaction to be signed by sharding the custody key stored in the key custody client when the authentication is successful, thereby obtaining the transaction remote signature information of the transaction to be signed.
[0215] Step S206: Upon receiving the remote signature information of the transaction returned by the key escrow client, the first key fragment of the business object is obtained by decrypting the object access data information. The transaction to be signed is then processed locally using the first key fragment to obtain the local signature information of the transaction to be signed.
[0216] Step S207: Based on the remote signature information and local signature information of the transaction, determine the first cumulative signature count of the transaction to be signed. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
[0217] The specific implementation methods of steps S204-S207 can be found in the above. Figure 3 The descriptions of steps S101-S104 in the corresponding embodiments will not be repeated here.
[0218] Step S208: When remote authentication fails, it is determined that the key escrow client is currently offline. When a transaction to be signed is received from a business object, the transaction signature data code of the transaction to be signed displayed on the second business terminal is obtained based on the second threshold signature policy corresponding to the transaction to be signed. The transaction signature data code is generated by the second business terminal for the first type of signature information of the transaction to be signed. The first type of signature information is obtained by the second business terminal after performing the first signature processing on the transaction to be signed through the second key fragmentation.
[0219] Step S209: Parse the obtained transaction signature data code to obtain the first type of signature information carried in the transaction signature data code;
[0220] Step S210: When the first key fragment of the business object is obtained by decrypting the object access data information, the transaction to be signed is processed by the second signature through the first key fragment to obtain the second type of signature information of the transaction to be signed.
[0221] Step S211: Based on the first type of signature information and the second type of signature information, determine the second cumulative signature count of the transaction to be signed. When the second cumulative signature count reaches the cumulative signature threshold indicated by the second threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
[0222] For further information, please refer to [link / reference]. Figure 10 , Figure 10 This is a schematic diagram illustrating a scenario for multi-party threshold signature provided in an embodiment of this application. For example... Figure 10 As shown, the first service terminal can, when it is determined that there is a single point of failure in the aforementioned service equipment, thereby causing the key escrow client integrated in the service equipment to become unavailable, through... Figure 10 The first and second service terminals shown are used to perform multi-party threshold signatures. It is understood that the first service terminal can be the aforementioned online terminal, and the second service terminal can be the aforementioned offline terminal.
[0223] Specifically, such as Figure 10 User A can perform step S81 to send... Figure 10 The second service terminal shown sends transaction Tx1, which is to be signed. It is understood that at the same time, the first service terminal can also receive transaction Tx1 initiated by user A.
[0224] It should be understood that, for the second service terminal currently acting as an offline terminal, upon receiving transaction Tx1, step S82 can be executed to invoke the offline key fragment (i.e., the second key fragment, for example) stored in the second service terminal. Figure 10 The key fragment A2 stored in the resource management client is used to sign the transaction Tx1. The signature information 3 obtained from the transaction signing can be called the first type of signature information of the transaction to be signed.
[0225] It should be understood that since the second service terminal is an offline terminal (i.e., a user terminal not connected to the network), when the second terminal obtains signature information 3 (i.e., the first type of signature information) through signing, it can generate a transaction signature data code for the transaction Tx1 based on the signature information 3 (i.e., the first type of signature information). (For example, it can generate a QR code carrying the transaction Tx1 and signature information 3). At this time, the second service terminal can further execute step S83 to show the QR code of the transaction Tx1 and signature information 3 to the first service terminal.
[0226] Understandably, at this point, the first service terminal can further execute step S84 to call the camera function in the online terminal to scan the QR code presented by the second service terminal when the first service terminal is an online terminal, so as to obtain the signature information 3 carried in the QR code.
[0227] It is understandable that the first business terminal can also use the transaction Tx1 carried in the QR code obtained by scanning as the transaction to be compared, and then compare the transaction to be compared with the transaction Tx1 initiated by user A that it received. In this way, when the transaction comparison is consistent, the validity and reliability of the signature information 3 (i.e. the first type of signature information) sent by the second business terminal can be ensured.
[0228] Furthermore, such as Figure 10 As shown, when executing step S84, the first service terminal can use the key fragment A1 (i.e., the online key fragment) stored by the resource management client to sign the received transaction Tx1, in order to obtain... Figure 10 The signature information shown is 2 (i.e., the second type of signature information). It is understood that, for the first business terminal, the number of signatures obtained in the second threshold signature strategy (e.g., signature information 3 and signature information 2) can be accumulated. This accumulated number of signatures can then be used as the second accumulated signature count for the transaction to be signed. Therefore, when the second accumulated signature count reaches the accumulated signature threshold indicated by the second threshold signature strategy, the transaction Tx1 can be treated as a signed transaction to be written to the blockchain, and signature information 3 and signature information 2 can be aggregated for signature. The signature information obtained from the aggregated signature can then be collectively referred to as aggregated signature information (i.e., the second aggregated signature information, for example, ...). Figure 10 The aggregate signature information C2 is shown. It is understood that at this time, the first business terminal can execute step S85 through the resource management client to send the aggregate signature information C2 and the transaction Tx1 as a signed transaction to the blockchain node, so that the blockchain node can perform aggregate signature verification on the transaction Tx1 as a signed transaction based on the global aggregate public key (i.e. the aforementioned global shared public key) carried in the second aggregate signature information, and when the aggregate signature verification is successful, write the transaction Tx1 as a signed transaction into the blockchain maintained by the blockchain node.
[0229] It is understandable that the global aggregated public key (i.e. the aforementioned global shared public key) can be obtained by aggregating the public key carried in the first type of signature information and the public key carried in the second type of signature information.
[0230] It should be understood that in this embodiment, the global aggregated public key in the first aggregated signature information obtained based on the first threshold signature strategy is consistent with the global aggregated public key in the second aggregated signature information obtained based on the second threshold signature strategy. In other words, in this embodiment, when the signing terminals participating in the multi-party threshold signature include: a first service terminal, a second service terminal, and a service device, multi-party threshold signature can be implemented by key fragmentation stored in any two terminal devices, which will not be elaborated further here.
[0231] Optionally, embodiments of this application may also deploy a log recording client independent of the key escrow client in the trusted execution environment. When the log recording client is a trusted client, upon obtaining the remote signature information of a transaction sent by the key escrow client through the log recording client, it can generate signature record flow information corresponding to the remote signature information of the transaction based on the log signature key of the log recording client, and add the signature record flow information to the trusted log memory corresponding to the log recording client. In this way, embodiments of this application may further perform the following steps: the first business terminal can obtain remote logs obtained by multiple auditing agencies after task review of the log recording client from the trusted client auditing platform associated with the resource management client. The review and authentication report generates a first signature query request for the transaction to be signed based on the log signature key carried in the remote log review and authentication report. Further, the first business terminal can send the first signature query request to the log recording client, so that the log recording client can search for signature record flow information in the trusted log memory based on the log signature key carried in the first signature query request. Further, the first business terminal can receive the first search result of the signature record flow information found in the trusted log memory returned by the log recording client through the resource management client, and determine the key escrow client to participate in the remote signature processing of the transaction to be signed under the first threshold signature policy based on the signature record flow information in the first search result.
[0232] For further information, please refer to [link / reference]. Figure 11 , Figure 11 This is a schematic diagram illustrating a scenario for searching signature record transaction information provided in an embodiment of this application. For example... Figure 11 As shown, a certain business object (e.g., the aforementioned user A) can query a certain transaction (e.g., ...) through the first business terminal when executing step S91. Figure 11The signature record of transaction Tx1 is shown. At this time, when the first business terminal receives a signature record query request from user A for the signature record of transaction Tx1, it can further execute step S92 to display and provide the signature record query function through the client display page provided by the resource management client. At this time, the first business terminal can remotely authenticate the log recording client deployed in the trusted execution environment through the resource management client, and upon successful remote authentication, execute... Figure 11 Step S93, as shown, involves periodically (e.g., every 5 minutes) retrieving the most recent transaction signature records from the service device where the log recording client is deployed. Thus, when the service device returns the most recent transaction signature records to the first service terminal, the first service terminal can further execute step S94, which involves checking among the received transaction signature records whether the signature record for transaction Tx1 is stored. If it exists, then... Figure 11 The client display page shown here displays the signature record of transaction Tx1.
[0233] It should be understood that by deploying the log recording client in a trusted execution environment, the log recording client in this trusted execution environment can permanently store the signature logs of each transaction. This allows the third-party custodian to subsequently prove their innocence using the signature information of these transactions stored in the trusted log memory of the log recording client. Thus, when user A holds two keys through the corresponding business terminal, they can still independently complete transaction signing even if the third-party custodian is not involved. It should be understood that the threshold signature strategy involved in this application involves the use of threshold signature technology. This threshold signature technology ensures that none of the devices participating in key sharding negotiation (e.g., online devices, offline devices, business service devices) can deduce the signing participant from the signature. Therefore, to prevent a user from denying that a transaction was signed by the custodian in collusion with a key thief to transfer user assets, a logging client deployed in a trusted execution environment can be used to record the signature stream of each transaction. This record of each transaction's signature stream can then help the third-party custodian prove its innocence.
[0234] In this application embodiment, on the one hand, regarding the above... Figure 11 Regarding the key escrow client deployed in the embodiments involved, authentication can ensure that only the user can use the local key fragment stored in the trusted escrow memory of the key escrow client; that is, the third-party escrow provider itself does not have the permission to call the local key fragment. On the other hand, regarding the above... Figure 11Regarding the log recording client deployed in the embodiments involved, the transaction log can be improved through the log recording client. The log function program corresponding to the log recording client must provide the following guarantees: 1) Ensure that the signature of each transaction is recorded; 2) Ensure that the transaction log of each transaction is never deleted; 3) Provide a query interface to ensure that each query will return query results. The query results here may specifically include query results for records of no signature stream of a certain transaction and query results for records of signature stream of a certain transaction.
[0235] It should be understood that, to ensure the application security of the logging client in the trusted execution environment, the embodiments of this application may further perform the following steps: The first business terminal may receive a remote log authentication signature report sent by the local platform authentication signature component associated with the trusted execution environment when performing remote authentication on the logging client; further, the first business terminal may obtain a log environment authentication report provided by the remote authentication server for the trusted execution environment, and when the log environment authentication report determines that the remote log authentication signature report is a valid authentication report, the trusted execution environment is determined to be a secure execution environment. The first business terminal may also obtain a remote log review authentication report obtained from the trusted client review platform associated with the resource management client, which is the result of task review by multiple review agencies for the logging client; further, the first business terminal may compare the key report parameters in the remote log review authentication report with the key report parameters in the remote log authentication signature report, and when the parameter comparison is successful, the logging client deployed in the secure execution environment is determined to be a trusted client.
[0236] It is understood that, in this embodiment of the application, the private key (i.e., the log signing key) in the log signing key pair generated by the log recording client can be used to sign and record the signature information generated by the key escrow client, thereby obtaining the signature record log information corresponding to the aforementioned remote signature information. It is also understood that, since the log signing key is generated in a Trusted Execution Environment (TEE), and the public key of the log signing key pair is reflected in the remote authentication report for the log recording client, when the log recording client's logging function is completed in the TEE, and all operations provided by the logging function are executed by secure, deterministic, and immutable code logic audited by multiple authoritative auditing institutions (e.g., multiple auditing institutions selected in a single operation), the phenomenon of third-party escrow parties manipulating query results independently can be effectively avoided. Otherwise, it would be impossible to distinguish whether the third-party escrow party did not participate in signing or intentionally failed to provide transaction logs. In other words, the security of trusted applications deployed in the TEE has been audited by various auditing agencies. Therefore, if a user denies that a transaction (e.g., transaction Tx1 mentioned above) was maliciously committed by a third-party custodian in collusion with a key thief, the forensic investigator can query the transaction logs recorded by the logging client on the key custodian device. If the transaction logs for this transaction are not found, it means that the third-party custodian did not participate in the signing. Conversely, if the transaction logs for this transaction are found, and the user does not admit to participating in the signing, it means that the user lost their password and the key fragment used for signing the transaction (e.g., the first key fragment mentioned above) due to their own reasons. This leads to the conclusion that this is not the responsibility of the third-party custodian, thus helping the third-party custodian to prove their innocence.
[0237] Therefore, this application embodiment can ensure the security of key storage by deploying key fragments (i.e., local key fragments, such as online key fragments, offline key fragments, and managed key fragments) on different devices (for example, online key fragments can be encrypted and stored on a first business terminal, managed key fragments can be stored on a business service device with a trusted execution environment, and offline key fragments can be stored on a second business terminal). For example, this application embodiment can ensure that each participant who negotiates and obtains the aforementioned local key fragments cannot directly obtain other local key fragments besides the local key fragments they have stored. Thus, different threshold signature strategies can be adopted according to actual needs during the transaction signing process to improve the reliability of transaction signing. For example, by deploying the key escrow client in a trusted execution environment, this application embodiment can fundamentally solve the problem of illegal leakage of escrow key fragments caused by the loss of key escrow devices held by third-party escrow providers. Furthermore, by encrypting and storing online key fragments, this application embodiment can also prevent the illegal leakage of first key fragments caused by the loss of user-held business terminals. Based on this, the first business terminal integrated with a resource management client involved in this application embodiment can, when the threshold signature policy is set to the first threshold signature policy, determine through the resource management client whether the cumulative number of currently collected transaction signature information (e.g., transaction remote signature information and transaction local signature information) (i.e., the first cumulative signature number) reaches the cumulative signature threshold indicated by the first threshold signature policy. Then, when the first cumulative signature number reaches the cumulative signature threshold indicated by the first threshold signature policy, the transaction to be signed can be treated as a signed transaction to be written into the blockchain, and the signed transaction can be sent to the blockchain node so that the blockchain node can write the signed transaction into the blockchain, ensuring the reliability of the transaction on-chain. Optionally, in this embodiment of the application, the offline key fragments are stored in a second business terminal independent of the first business terminal. In this way, when the key escrow client used to provide key escrow services is unavailable, multi-party threshold signing can still be performed using the online key fragments stored in the first business terminal and the offline key fragments stored in the second business terminal, so as to ensure the normal execution of transaction signing for the transaction to be signed.
[0238] For further details, please see Figure 12 , Figure 12 This is a flowchart of a data processing method based on a trusted execution environment provided in an embodiment of this application. Figure 12 As shown, this method can be jointly executed by a first business terminal integrated with a resource management client and a business service device deployed with a trusted execution environment. The first business terminal here can be the one described above. Figure 1The first service terminal 100b in the corresponding embodiment can be a key escrow client running in a trusted execution environment to provide key escrow services. It should be understood that the service device here can specifically be the one described above. Figure 1 In the corresponding embodiment, any key hosting device located in the business service cluster 100a. For example... Figure 12 As shown, the method may include at least steps S301-S314.
[0239] Step S301: The first business terminal can obtain the object access data information of the business object. When it is determined that the business object has the access permission to access the resource management client based on the object access data information, the business object is allowed to access the resource management client based on the access permission.
[0240] The object access data information includes access password information (e.g., user password or other business strings) entered by the business object when accessing the resource management client. It should be understood that, in one or more possible implementations, the object access data information may also include access biometric information (e.g., facial information or fingerprint information) in addition to access key information (e.g., user password or other business strings). The specific type of object access data information will not be limited here.
[0241] In step S302, the first business terminal can generate a first random number for remote authentication. When generating a first communication key pair for data communication, the first random number and the first communication public key in the first communication key pair are used as request parameters. Based on the request parameters, a first remote authentication request is generated to send to the key hosting client deployed in the trusted execution environment.
[0242] In step S303, the first business terminal can send the first remote authentication request to the business service device that integrates and runs the Youmi managed client;
[0243] In step S304, the key escrow client in the business service device can generate a second communication key pair based on the first remote authentication request, and use the second communication public key in the second communication key pair and the first random number in the received remote authentication request as report parameters to generate a local verification report carrying the report parameters.
[0244] In step S305, the key hosting client in the business server can send the local verification report to the local platform authentication and signature component associated with the trusted execution environment through the ordinary application client in the business server. The local platform authentication and signature component associated with the trusted execution environment can perform local verification on the local verification report. When the local verification is successful, a remote hosting authentication and signature report corresponding to the local verification report is generated.
[0245] In step S306, the local platform authentication and signature component in the business server can return the remotely hosted authentication and signature report to the first business terminal through a regular application client;
[0246] Thus, when the first business terminal receives the remotely hosted authentication signature report returned by the local platform authentication signature component, it can further execute the following step S307.
[0247] In step S307, the first business terminal can obtain the hosting environment authentication report provided by the remote authentication server, and when it determines that the remote hosting authentication signature report is a valid authentication report based on the hosting environment authentication report, it can determine that the trusted execution environment is a secure execution environment, and can obtain the remote hosting review authentication report obtained by multiple review agencies after reviewing the key hosting client from the trusted client review platform associated with the resource management client.
[0248] In step S308, the first business terminal can compare the key report parameters in the remote hosting review and authentication report with the key report parameters in the remote hosting authentication signature report. When the parameter comparison is successful, the key hosting client deployed in the secure execution environment is determined to be a trusted client and the remote authentication success result is used as the remote authentication result.
[0249] It should be understood that, for the first business terminal, when the currently obtained remote authentication result indicates that the trusted execution environment deployed in the business service device is a secure execution environment, and the key hosting client running in the business service device is a trusted client in the secure execution environment, the remote authentication can be determined to be successful. Then, when the remote authentication is successful, the following step S309 can be further executed.
[0250] In step S309, when remote authentication is successful, the first business terminal can obtain the first communication key negotiated with the key escrow client, and use the first communication key to encrypt the object access data information to obtain the object data encrypted information.
[0251] In step S310, when the first business terminal receives the transaction to be signed sent by the business object, it can send the object data encryption information and the transaction to be signed to the business service device corresponding to the key custody client based on the first threshold signature policy corresponding to the transaction to be signed.
[0252] It should be understood that, at this time, for the business service device, the business service device can receive the object data encryption information and the transaction to be signed sent by the first business terminal running the resource management client based on the first threshold signature policy corresponding to the transaction to be signed;
[0253] Step S311: The business service device that integrates and runs the key escrow client can decrypt the object access data information based on the first communication key, and can authenticate the business object through the object access data information. When the authentication is successful, the escrow key stored in the key escrow client is used to remotely sign the transaction to be signed, and the transaction remote signature information of the transaction to be signed is obtained.
[0254] In step S312, the service device can return remote signature information of the transaction to the resource management client in the first service terminal through the key escrow client;
[0255] In step S313, when the first business terminal receives the remote signature information of the transaction returned by the key custody client, it can use the object access data information to decrypt and obtain the first key fragment of the business object, and perform local signature processing on the transaction to be signed through the first key fragment to obtain the local signature information of the transaction to be signed.
[0256] In step S314, the first business terminal can determine the first cumulative signature count of the transaction to be signed based on the remote signature information and the local signature information of the transaction. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
[0257] For the specific implementation of steps S301-S308, please refer to the above. Figure 3 The specific process of remote authentication is described in the corresponding embodiment. Furthermore, the specific implementation of steps S309-S314 can be found above. Figure 1 The descriptions of steps S101-S104 in the corresponding embodiments will not be repeated here.
[0258] Therefore, this application embodiment ensures the security of key storage by deploying key fragments (i.e., local key fragments, such as online key fragments, offline key fragments, and managed key fragments) on different devices (e.g., online key fragments can be encrypted and stored on a first business terminal, managed key fragments can be stored on a business service device with a trusted execution environment, and offline key fragments can be stored on a second business terminal). Thus, for any participant who negotiates and obtains the aforementioned local key fragments, it is impossible to directly reverse-engineer other local key fragments stored on other devices. Therefore, different threshold signature strategies can be adopted according to actual needs during the transaction signing process to improve the reliability of transaction signing. For example, by deploying the key escrow client in a trusted execution environment (TEE), this application embodiment can ensure the security of the TEE environment and the application security of the key escrow client deployed in the TEE environment through periodic or real-time remote authentication. It can also fundamentally solve the problem of illegal leakage of escrow key fragments caused by the loss of key escrow devices held by third-party escrow providers. Furthermore, by encrypting and storing online key fragments, this application embodiment can also prevent the illegal leakage of the first key fragment due to the loss of the user's business terminal. Based on this, the resource management client involved in this application embodiment performs remote authentication of the key escrow client deployed in the TEE environment, and after successful remote authentication, it can proceed... One step involves using online key sharding in the first business terminal and managed key sharding in the business service device to perform multi-party threshold signing. In other words, in this embodiment, when the threshold signing strategy is the first threshold signing strategy, the resource management client can determine whether the cumulative number of currently collected transaction signature information (e.g., transaction remote signature information and transaction local signature information) (i.e., the first cumulative signature number) reaches the cumulative signature threshold indicated by the first threshold signing strategy. Then, when the first cumulative signature number reaches the cumulative signature threshold indicated by the first threshold signing strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain to ensure the reliability of the transaction on the chain.
[0259] For further details, please see Figure 13 , Figure 13 This is a schematic diagram of a data processing apparatus based on a trusted execution environment (TEA) provided in this application. The TEA-based data processing apparatus 1 can be a computer program (including program code) running on a computer device. For example, the TEA-based data processing apparatus 1 is an application software, and it can be used to execute corresponding steps in the methods provided in the embodiments of this application. Figure 13As shown, the data processing device 1 based on the trusted execution environment may include a remote authentication module 11, a transaction sending module 12, a local signature processing module 13, and a transaction on-chain module 14.
[0260] The remote authentication module 11 is used to remotely authenticate the key hosting client deployed in the trusted execution environment when the business object accesses the resource management client through the object access data information. When the remote authentication is successful, it obtains the first communication key negotiated with the key hosting client and encrypts the object access data information through the first communication key to obtain the object data encrypted information.
[0261] The transaction sending module 12 is used to send the object data encryption information and the transaction to be signed to the key custody client based on the first threshold signature policy corresponding to the transaction to be signed when the business object sends the transaction to be signed. This allows the key custody client to decrypt the object access data information based on the first communication key, authenticate the business object through the object access data information, and remotely sign the transaction to be signed by fragmenting the custody key stored in the key custody client when the authentication is successful, thereby obtaining the transaction remote signature information of the transaction to be signed.
[0262] The local signature processing module 13 is used to decrypt the first key fragment of the business object using the object access data information when it receives the remote signature information of the transaction returned by the key escrow client, and to perform local signature processing on the transaction to be signed through the first key fragment to obtain the transaction local signature information of the transaction to be signed.
[0263] The transaction on-chain module 14 is used to determine the first cumulative signature count of the transaction to be signed based on the remote signature information and the local signature information of the transaction. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
[0264] The specific implementation methods of the remote authentication module 11, transaction sending module 12, local signature processing module 13, and transaction on-chain module 14 can be found in the above description. Figure 3 The descriptions of steps S101-S104 in the corresponding embodiments will not be repeated here.
[0265] Optionally, the device 1 further includes: a registration information search module 15 and a registration access module 16;
[0266] The registration information lookup module 15 is used to search for object registration data information that matches the object access data information in the registration business database associated with the resource management client when the object access data information is obtained from the business object entry, and to obtain the data information lookup result.
[0267] If the data search result indicates that object registration data matching the object access data information is found, the registration access module 16 determines that the business object is a registered object with access permissions and allows the registered object to access the resource management client.
[0268] Optionally, device 1 further includes: a prompt generation module 17;
[0269] The prompt generation module 17 is used to determine that the business object is an unregistered object if the data information search result indicates that no object registration data information matching the object access data information is found, and to generate a prompt message to indicate that the access failed to the business object.
[0270] The specific implementation methods of the registration information search module 15, the registration access module 16, and the prompt generation module 17 can be found in the above description. Figure 3 The specific process of accessing the resource management client described in the corresponding embodiments will not be repeated here.
[0271] The object registration data includes the registration password and biometric information entered by the business object when requesting to register with the resource management client;
[0272] The registration information search module 15 includes: an access information acquisition unit 151, a search and matching unit 152, a first search determination unit 153, a second search determination unit 154, and a search result determination unit 155;
[0273] Access Information Acquisition Form 151 is used to acquire object access data information entered by the business object in the request access resource management client;
[0274] The matching unit 152 is used to search for the registration password information that matches the access password information in the registration business database associated with the resource management client when the object access data information includes access password information and access biometric information, and to search for the registration biometric information that matches the access biometric information in the registration database.
[0275] The first search and determination unit 153 is used to determine that if a registration password information matching the access password information is found in the business database, and a registration biometric information matching the access biometric information is found, then the object registration data information matching the object access data information is found in the registration business database.
[0276] The second search and determination unit 154 is used to determine that no object registration data information matching the object access data information is found in the registration business database if no registration password information matching the access password information is found in the business database, or no registration biometric information matching the access biometric information is found in the business database, and to take the search result of no object registration data information matching the object access data information as the information search failure result.
[0277] The search result determination unit 155 is used to take the information search success result or the information search failure result as the data information search result.
[0278] The specific implementation methods of the access information acquisition unit 151, the search and matching unit 152, the first search determination unit 153, the second search determination unit 154, and the search result determination unit 155 can be found in the above description. Figure 3 The specific process of obtaining the data information search results in the corresponding embodiments will not be repeated here.
[0279] The remote authentication module 11 includes: an access authentication unit 111, a remote authentication unit 112, an authentication success determination unit 113, and an information encryption processing unit 114.
[0280] The access authentication unit 111 is used to obtain the object access data information of the business object. When it is determined that the business object has the access permission to access the resource management client based on the object access data information, the business object is allowed to access the resource management client based on the access permission. The object access data information includes the access password information entered by the business object when accessing the resource management client.
[0281] The remote authentication unit 112 is used to remotely authenticate the key hosting client deployed in the trusted execution environment through the resource management client, and obtain the remote authentication result;
[0282] The authentication success determination unit 113 is used to determine that the remote authentication is successful when the remote authentication result indicates that the trusted execution environment is a secure execution environment and the key escrow client is a trusted client in the secure execution environment;
[0283] The information encryption processing unit 114 is used to obtain the first communication key negotiated with the key hosting client during remote authentication when the remote authentication is successful, and to encrypt the access password information in the object access data information using the first communication key, and to use the encrypted access password information as the object data encryption information of the business object.
[0284] Among them, the object access data information includes the access biometric information recorded by the business object when accessing the resource management client;
[0285] The information encryption processing unit 114 is specifically used to encrypt the access biometric information in the object access data information using the first communication key, and to use the encrypted access biometric information as the object data encryption information of the business object.
[0286] The remote authentication unit 112 is specifically used to generate a first random number for remote authentication. When generating a first communication key pair for data communication, it uses the first random number and the first communication public key in the first communication key pair as request parameters, and generates a first remote authentication request to send to the key hosting client deployed in the trusted execution environment based on the request parameters.
[0287] The remote authentication unit 112 is further configured to send a first remote authentication request to a key escrow client, so that the key escrow client generates a second communication key pair based on the first remote authentication request, and uses the second communication public key in the second communication key pair and the first random number in the received remote authentication request as report parameters to generate a local verification report carrying the report parameters; the local verification report is used to instruct the local platform authentication signature component associated with the trusted execution environment to perform local verification on the local verification report, and when the local verification is successful, generate a remote escrow authentication signature report corresponding to the local verification report;
[0288] The remote authentication unit 112 is also specifically used to receive the remote hosting authentication signature report returned by the local platform authentication signature component, obtain the hosting environment authentication report provided by the remote authentication server, determine the trusted execution environment as a secure execution environment when the remote hosting authentication signature report is determined to be a valid authentication report based on the hosting environment authentication report, and obtain the remote hosting review authentication report obtained by multiple review agencies after reviewing the key hosting client from the trusted client audit platform associated with the resource management client.
[0289] The remote authentication unit 112 is also specifically used to compare the key report parameters in the remote hosting review authentication report with the key report parameters in the remote hosting authentication signature report, and when the parameter comparison is successful, to determine that the key hosting client deployed in the secure execution environment is a trusted client and to use the successful remote authentication result as the remote authentication result.
[0290] The specific implementation methods of the access authentication unit 111, the remote authentication unit 112, the authentication success determination unit 113, and the information encryption processing unit 114 can be found in the above description. Figure 3The specific process of remote authentication described in the corresponding embodiments will not be repeated here.
[0291] The resource management client stores the registration symmetric key and the first encryption key fragment corresponding to the first key fragment in its resource management memory. The registration symmetric key is generated by the registration biometric information provided by the business object when registering with the resource management client. The first encryption key fragment is obtained by encrypting the first key fragment with the registration symmetric key when the business object is a registered object.
[0292] The local signature processing module 13 includes: a biometric feature acquisition unit 131, an access key generation unit 132, a key fragment decryption unit 133, and a local signature information determination unit 134;
[0293] The biometric acquisition unit 131 is used to obtain the access biometric information provided by the business object when accessing the resource management client based on the online fragmentation encryption strategy in the object registration strategy when receiving the transaction remote signature information returned by the key escrow client.
[0294] The access key generation unit 132 is used to generate an access symmetric key by accessing biometric information and to obtain a registration symmetric key and a first encryption key fragment from the resource management memory.
[0295] The key fragment decryption unit 133 is used to decrypt the first encrypted key fragment by using the access registration key that matches the registered object key when it is determined that the registered object key matches the access registration key, and restore the first key fragment corresponding to the first encrypted key fragment.
[0296] The local signature information determination unit 134 is used to perform local signature processing on the transaction to be signed by fragmenting the first key, so as to obtain the local signature information of the transaction to be signed.
[0297] The specific implementation methods of the biometric feature acquisition unit 131, access key generation unit 132, key fragment decryption unit 133, and local signature information determination unit 134 can be found in the above description. Figure 3 The specific process of obtaining the local signature information of the transaction in the corresponding embodiments will not be repeated here.
[0298] The transaction on-chain module 14 includes: a signature quantity accumulation unit 141, an aggregated signature unit 142, and an aggregated signature sending unit 143;
[0299] The signature accumulation unit 141 is used to accumulate the first signature count of remote signature information and local signature information of a transaction based on a first threshold signature strategy, and to use the accumulated first signature count as the first accumulated signature count of the transaction to be signed.
[0300] The aggregation signature unit 142 is used to aggregate the remote signature information and the local signature information of the transaction based on the first threshold signature strategy when the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, to obtain the first aggregate signature information of the transaction to be signed, and to regard the transaction to be signed as a signed transaction to be written into the blockchain based on the first aggregate signature information.
[0301] The aggregate signature sending unit 143 is used to send the signed transaction and the first aggregate signature information to the blockchain node, so that the blockchain node performs aggregate signature verification on the signed transaction based on the global aggregate public key carried in the first aggregate signature information, and writes the signed transaction into the blockchain maintained by the blockchain node when the aggregate signature verification is successful; the global aggregate public key is obtained by aggregating the public key carried in the remote signature information and the public key carried in the local signature information.
[0302] The specific implementation methods of the signature accumulation unit 141, the aggregated signature unit 142, and the aggregated signature sending unit 143 can be found in the above description. Figure 3 The specific process of aggregate signature in the corresponding embodiments will not be repeated here.
[0303] Optionally, a log recording client independent of the key escrow client is deployed in the trusted execution environment; when the log recording client is a trusted client, the log recording client is used to generate signature record flow information corresponding to the remote signature information of the transaction based on the log signature key when it receives the remote signature information of the transaction sent by the key escrow client, and add the signature record flow information to the trusted log memory corresponding to the log recording client.
[0304] Device 1 also includes: a log review report acquisition module 18, a transaction information search module 19, and a remote signature confirmation module 20;
[0305] The log review report acquisition module 18 is used to obtain a remote log review certification report obtained from the trusted client auditing platform associated with the resource management client. This report is obtained after multiple auditing agencies have reviewed the log recording client. Based on the log signature key carried in the remote log review certification report, a first signature query request is generated to query the signature of the transaction to be signed.
[0306] The log entry information lookup module 19 is used to send the first signature query request to the log recording client so that the log recording client can look up the signature record log entry information in the trusted log memory based on the log signature key carried in the first signature query request.
[0307] The remote signature confirmation module 20 is used to receive the first search result of the signature record stream information found in the trusted log memory returned by the log recording client through the resource management client, and determine the key escrow client to participate in the remote signature processing of the transaction to be signed when the first threshold signature policy is applied based on the signature record stream information in the first search result.
[0308] The device 1 also includes: a log authentication report acquisition module 21 and an execution environment verification module 22;
[0309] The log authentication report acquisition module 21 is used to receive a remote log authentication signature report sent by the local platform authentication signature component associated with the trusted execution environment when performing remote authentication to the log recording client.
[0310] The execution environment verification module 22 is used to obtain the log environment verification report provided by the remote authentication server for the trusted execution environment. When the log environment verification report determines that the remote log authentication signature report is a valid verification report, the trusted execution environment is determined to be a secure execution environment. The module obtains the remote log review verification report obtained by multiple review agencies after reviewing the log recording client from the trusted client audit platform associated with the resource management client.
[0311] The execution environment verification module 22 is also used to compare the key report parameters in the remote log review and authentication report with the key report parameters in the remote log authentication and signature report, and when the parameter comparison is successful, to determine that the log recording client deployed in the secure execution environment is a trusted client.
[0312] The specific implementation methods of the log authentication report acquisition module 21 and the execution environment verification module 22 can be found in the above. Figure 8 The specific process of remote authentication of the log recording client described in the corresponding embodiment will not be repeated here.
[0313] Optionally, the resource management client runs on the first business terminal, and the business terminal associated with the business object includes a second business terminal; the second business terminal is an offline terminal independent of the first business terminal; the second business terminal is used to record the second key fragment of the business object;
[0314] Device 1 also includes: a data code acquisition module 23, an offline signature parsing module 24, a first key fragment decryption module 25, and a signature count accumulation module 26;
[0315] The data code acquisition module 23 is used to determine that the key escrow client is currently offline when remote authentication fails. When it receives a transaction to be signed sent by a business object, it acquires the transaction signature data code of the transaction to be signed displayed on the second business terminal based on the second threshold signature strategy corresponding to the transaction to be signed. The transaction signature data code is generated by the second business terminal for the first type of signature information of the transaction to be signed. The first type of signature information is obtained by the second business terminal after performing the first signature processing on the transaction to be signed through the second key fragment.
[0316] The offline signature parsing module 24 is used to parse the obtained transaction signature data code to obtain the first type of signature information carried in the transaction signature data code;
[0317] The first key fragment decryption module 25 is used to perform second signature processing on the transaction to be signed through the first key fragment when the first key fragment of the business object is obtained by decrypting the data information of the access object;
[0318] The signature quantity accumulation module 26 is used to determine the second cumulative signature quantity of the transaction to be signed based on the first type of signature information and the second type of signature information. When the second cumulative signature quantity reaches the cumulative signature threshold indicated by the second threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
[0319] The specific implementation methods of the data code acquisition module 23, the offline signature parsing module 24, the first key fragment decryption module 25, and the signature count accumulation module 26 can be found in the above description. Figure 8 The descriptions of steps S208-S211 in the corresponding embodiments will not be repeated here.
[0320] Optionally, the device 1 further includes: a signature query request generation module 27, a signature query request sending module 28, and a search result determination module 29;
[0321] The signature query request generation module 27 is used to obtain the remote log review certification report obtained by multiple review agencies after reviewing the log recording client from the client review platform associated with the resource management client, and generate a second signature query request for signing the transaction to be signed based on the log signature key carried in the remote log review certification report.
[0322] The signature query request sending modulo 28 is used to send the second signature query request to the logging client, so that the logging client can search for the signature record log information for the transaction to be signed in the trusted log memory of the logging client based on the log signature key carried in the signature query request.
[0323] The search result determination module 29 is used to receive a second search result returned by the log recording client from the resource management client, indicating that no signature record flow information was found in the trusted log memory, and to determine based on the second search result that the key escrow client did not participate in the remote signing process of the transaction to be signed under the second threshold signature policy.
[0324] The specific implementation methods of the signature query request generation module 27, the signature query request sending module 28, and the search result determination module 29 can be found in the above description. Figure 8 The specific process of searching for signature record flow information in the corresponding embodiments will not be repeated here.
[0325] Optionally, before the business object accesses the resource management client through object access data information, the remote authentication module 11 is also used to register the resource management client with the object registration data information provided by the business object when the business object is an unregistered object, and after storing the object registration data information in the registration business database when the object registration is successful, remotely authenticate the key hosting client deployed in the trusted execution environment through the resource management client, and obtain the second communication key negotiated with the key hosting client when the remote authentication is successful.
[0326] The remote authentication module 11 is also used to encrypt the registration password information in the object registration data information using the second communication key to obtain the registration password encrypted information corresponding to the registration password information;
[0327] The remote authentication module 11 is also used to send the encrypted registration password information to the key hosting client, so that the key hosting client can decrypt the encrypted registration key information using the second communication key obtained through negotiation with the resource management client, restore the registration password information, and store the restored registration password information in the trusted hosting memory of the key hosting client. The registration password information stored in the trusted hosting memory of the key hosting client is used to remotely authenticate the access password information in the obtained object access data information, and when the remote authentication is successful, the authorized business object calls the managed key fragment.
[0328] The specific implementation method for obtaining the registration password encryption information through the remote authentication module 11 can be found in the above. Figure 3The description of the encryption information for the registration password in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated.
[0329] For further details, please see Figure 14 , Figure 14 This is a schematic diagram of a data processing apparatus based on a trusted execution environment (TEA) provided in this application. The TEA-based data processing apparatus 2 can be a computer program (including program code) running on a computer device. For example, the TEA-based data processing apparatus 2 is an application software, and it can be used to execute corresponding steps in the methods provided in the embodiments of this application. Figure 14 As shown, the data processing device 2 based on the trusted execution environment may include: a transaction receiving module 100, a remote signature processing module 200, and a remote signature information sending module 300;
[0330] The transaction receiving module 100 is used to receive object data encryption information and the transaction to be signed sent by the resource management client based on the first threshold signature policy corresponding to the transaction to be signed. The object data encryption information is obtained by the resource management client after encrypting the object access data information using the first communication key. The first communication key is negotiated between the resource management client and the key escrow client when the remote authentication is successful and the remote authentication is successful. The object access data information is entered when the business object accesses the resource management client.
[0331] The remote signature processing module 200 is used to decrypt object access data information based on the first communication key, authenticate the business object through the object access data information, and when the authentication is successful, remotely sign the transaction to be signed by fragmenting the escrow key stored in the key escrow client to obtain the remote signature information of the transaction to be signed.
[0332] The remote signature information sending module 300 is used to send remote signature information of transactions to the resource management client. This allows the resource management client to perform local signature processing on the transaction to be signed by decrypting the data information of the business object. The local signature information of the transaction to be signed is obtained by the first key fragment of the business object through the first key fragment. Based on the remote signature information and the local signature information, the resource management client determines the first cumulative signature count of the transaction to be signed. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain and sent to the blockchain node.
[0333] The specific implementation methods of the transaction receiving module 100, the remote signature processing module 200, and the remote signature information sending module 300 can be found in the above description. Figure 10 The description of the service equipment in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated.
[0334] Please see Figure 15 , Figure 15 This is a schematic diagram of the structure of a computer device provided in this application. For example... Figure 15 As shown, the computer device 1000 may include a processor 1001, a network interface 1004, and a memory 1005. Furthermore, the computer device 1000 may also include a user interface 1003 and at least one communication bus 1002. The communication bus 1002 is used to implement communication between these components. The user interface 1003 may optionally include a standard wired interface or a wireless interface. The network interface 1004 may optionally include a standard wired interface or a wireless interface (such as a Wi-Fi interface). The memory 1005 may be high-speed RAM or non-volatile memory, such as at least one disk storage device. The memory 1005 may also optionally be at least one storage device located remotely from the aforementioned processor 1001. Figure 15 As shown, the memory 1005, which serves as a computer storage medium, may include an operating system, a network communication module, a user interface module, and a device control application program.
[0335] exist Figure 15 In the computer device 1000 shown, the network interface 1004 provides network communication functionality; the user interface 1003 is mainly used to provide an input interface for the user; and the processor 1001 can be used to call the device control application stored in the memory 1005 to implement the aforementioned... Figure 3 , Figure 8 or Figure 12 The methods described in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same methods will also not be repeated.
[0336] Furthermore, it should be noted that this application also provides a computer-readable storage medium storing a computer program executed by the aforementioned data processing device 1 or data processing device 2 based on a trusted execution environment. The computer program includes program instructions, which, when executed by a processor, enable the execution of the aforementioned... Figure 3 , Figure 8 or Figure 12The description of the data processing method based on the trusted execution environment in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated. For technical details not disclosed in the embodiments of the computer storage medium involved in this application, please refer to the description of the method embodiments of this application.
[0337] As an example, the above program instructions can be deployed and executed on a single computer device, or deployed and executed on multiple computer devices located in one location, or executed on multiple computer devices distributed across multiple locations and interconnected through a communication network. These multiple computer devices distributed across multiple locations and interconnected through a communication network can form a blockchain consensus network.
[0338] The aforementioned computer-readable storage medium can be the data processing device for the blockchain provided in any of the foregoing embodiments, or the internal storage unit of the aforementioned computer device, such as the hard drive or memory of the computer device. The computer-readable storage medium can also be an external storage device of the computer device, such as a plug-in hard drive, smart media card (SMC), secure digital (SD) card, flash card, etc., provided on the computer device. Furthermore, the computer-readable storage medium can include both internal storage units and external storage devices of the computer device. The computer-readable storage medium is used to store the computer program and other programs and data required by the computer device. The computer-readable storage medium can also be used to temporarily store data that has been output or will be output.
[0339] Furthermore, it should be noted that this application also provides a computer program product or computer program, which includes computer instructions stored in a computer-readable storage medium. The processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the aforementioned... Figure 3 , Figure 8 or Figure 12 The description of the data processing method based on the trusted execution environment in the corresponding embodiments will not be repeated here. Furthermore, the beneficial effects of using the same method will also not be repeated. For technical details not disclosed in the computer-readable storage medium embodiments related to this application, please refer to the description of the method embodiments of this application.
[0340] For further details, please see Figure 16 , Figure 16This is a schematic diagram of a data processing system based on a trusted execution environment (TEA) according to an embodiment of this application. The TEA-based data processing system 3 may include a first service terminal 3a and a service device 3b; wherein, the first service terminal 3a can be the aforementioned... Figure 1 The first service terminal 100b described in the corresponding embodiment can be the service service device 3b described above. Figure 1 The key hosting device in the business service cluster 100a shown will not be described in detail here. Furthermore, the beneficial effects of using the same method will also not be described in detail.
[0341] Those skilled in the art will understand that all or part of the processes in the above embodiments can be implemented by a computer program instructing related hardware. The computer program can be stored in a computer-readable storage medium, and when executed, it can include the processes of the embodiments of the above methods. The storage medium can be a magnetic disk, optical disk, read-only memory (ROM), or random access memory (RAM), etc.
[0342] The above-disclosed embodiments are merely preferred embodiments of this application and should not be construed as limiting the scope of this application. Therefore, any equivalent variations made in accordance with the claims of this application shall still fall within the scope of this application.
Claims
1. A data processing method based on a trusted execution environment, characterized in that, The method is executed by the resource management client, and the method includes: When a business object accesses the resource management client through object access data information, the key hosting client deployed in the trusted execution environment is remotely authenticated. When the remote authentication is successful, the first communication key negotiated with the key hosting client is obtained. The object access data information is encrypted using the first communication key to obtain object data encrypted information. When a transaction to be signed is received from the business object, the object data encryption information and the transaction to be signed are sent to the key escrow client based on the first threshold signature policy corresponding to the transaction to be signed. This allows the key escrow client to decrypt the object access data information based on the first communication key, and to authenticate the business object through the object access data information. If the authentication is successful, the transaction to be signed is remotely signed through the escrow key fragment stored in the key escrow client to obtain the transaction remote signature information of the transaction to be signed. Upon receiving the remote signature information of the transaction returned by the key escrow client, the first key fragment of the business object is obtained by decrypting the object access data information. The transaction to be signed is then processed locally using the first key fragment to obtain the local signature information of the transaction to be signed. Based on the remote signature information and the local signature information of the transaction, a first cumulative signature count of the transaction to be signed is determined. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain. The signed transaction is then sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
2. The method of claim 1, wherein, The method further includes: When the object access data information entered by the business object is obtained, the object registration data information that matches the object access data information is searched in the registration business database associated with the resource management client to obtain the data information search result; If the data search result indicates that object registration data information matching the object access data information is found, then the business object is determined to be a registered object with access permissions, and the business object as the registered object is allowed to access the resource management client.
3. The method of claim 2, wherein, The method further includes: If the data search result indicates that no object registration data information matching the object access data information is found, then the business object is determined to be an unregistered object, and an access failure message is generated to prompt the business object.
4. The method of claim 2, wherein, The object registration data information includes the registration password information and registration biometric information entered by the business object when requesting to register the resource management client; When the object access data information entered by the business object is obtained, the process of searching for object registration data information that matches the object access data information in the registration business database associated with the resource management client, and obtaining the data information search results, includes: Obtain the object access data information entered by the business object when requesting access to the resource management client; When the object access data information includes access password information and access biometric information, the system searches for registration password information that matches the access password information in the registration business database associated with the resource management client, and also searches for registration biometric information that matches the access biometric information in the registration business database. If a registration password matching the access password information is found in the registration business database, and a registration biometric information matching the access biometric information is found, then it is determined that object registration data matching the object access data information has been found in the registration business database, and the search result of finding object registration data matching the object access data information is determined as a successful information search result. If no matching registration password information is found in the registration business database, or no matching registration biometric information is found in the registration biometric information, then it is determined that no matching object registration data information is found in the registration business database, and the search result of no matching object registration data information is taken as an information search failure result. The result of a successful information search or the result of a failed information search shall be taken as the result of the data information search.
5. The method of claim 1, wherein, When a business object accesses the resource management client through object access data information, remote authentication is performed on the key hosting client deployed in the trusted execution environment. Upon successful remote authentication, a first communication key negotiated with the key hosting client is obtained. The object access data information is then encrypted using the first communication key to obtain encrypted object data information, including: Obtain object access data information of the business object; when it is determined based on the object access data information that the business object has access permission to access the resource management client, allow the business object to access the resource management client based on the access permission; the object access data information includes the access password information entered by the business object when accessing the resource management client; The resource management client remotely authenticates the key hosting client deployed in the trusted execution environment to obtain the remote authentication result. When the remote authentication result indicates that the trusted execution environment is a secure execution environment, and the key escrow client is a trusted client in the secure execution environment, the remote authentication is determined to be successful. Upon successful remote authentication, the system obtains the first communication key negotiated with the key hosting client during the remote authentication process. The system then uses the first communication key to encrypt the access password information in the object access data information and uses the encrypted access password information as the object data encryption information of the business object.
6. The method of claim 5, wherein, The object access data information includes the biometric information of the business object when accessing the resource management client; The step of encrypting the object access data information using the first communication key to obtain encrypted object data information includes: The access biometric information in the object access data information is encrypted using the first communication key, and the encrypted access biometric information is used as the object data encryption information of the business object.
7. The method according to claim 5, characterized in that, The process of remotely authenticating the key hosting client deployed in the trusted execution environment through the resource management client to obtain the remote authentication result includes: A first random number is generated for remote authentication. When generating a first communication key pair for data communication, the first random number and the first communication public key in the first communication key pair are used as request parameters. Based on the request parameters, a first remote authentication request is generated to send to the key hosting client deployed in the trusted execution environment. The first remote authentication request is sent to the key escrow client, so that the key escrow client generates a second communication key pair based on the first remote authentication request, and uses the second communication public key in the second communication key pair and the first random number in the received remote authentication request as report parameters to generate a local verification report carrying the report parameters; the local verification report is used to instruct the local platform authentication signature component associated with the trusted execution environment to perform local verification on the local verification report, and when the local verification is successful, generate a remote escrow authentication signature report corresponding to the local verification report; Receive the remote hosting authentication signature report returned by the local platform authentication signature component, obtain the hosting environment authentication report provided by the remote authentication server, and when the remote hosting authentication signature report is determined to be a valid authentication report based on the hosting environment authentication report, determine the trusted execution environment as a secure execution environment, and obtain the remote hosting review authentication report obtained by multiple review agencies after reviewing the key hosting client from the trusted client review platform associated with the resource management client; The key report parameters in the remote hosting review and authentication report are compared with the key report parameters in the remote hosting authentication signature report. If the parameter comparison is successful, the remote authentication success result is determined to be the key hosting client deployed in the secure execution environment as a trusted client. The remote authentication success result is then used as the remote authentication result.
8. The method according to claim 1, characterized in that, The resource management client stores a registration symmetric key and a first encryption key fragment corresponding to the first key fragment in its resource management memory. The registration symmetric key is generated by the registration biometric information provided by the business object when registering with the resource management client. The first encryption key fragment is obtained by encrypting the first key fragment with the registration symmetric key when the business object is a registered object. Upon receiving the remote signature information for the transaction returned by the key escrow client, the first key fragment of the business object is obtained by decrypting the object access data information using the object access data information. The transaction to be signed is then locally signed using the first key fragment to obtain the local signature information of the transaction to be signed, including: Upon receiving the remote signature information of the transaction returned by the key escrow client, based on the online fragmentation encryption strategy in the object registration strategy, the access biometric information provided by the business object when accessing the resource management client is obtained from the object access data information; An access symmetric key is generated using the access biometric information, and the registration symmetric key and the first encryption key fragment are obtained from the resource management memory. When it is determined that the registered symmetric key matches the access symmetric key, the first encryption key fragment is decrypted using the access symmetric key that matches the registered symmetric key, and the first key fragment corresponding to the first encryption key fragment is restored. The transaction to be signed is locally signed by sharding the first key to obtain the transaction local signature information of the transaction to be signed.
9. The method according to claim 1, characterized in that, The process of determining a first cumulative signature count for the transaction to be signed based on the remote signature information and the local signature information, and then, when the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, treating the transaction to be signed as a signed transaction to be written into the blockchain, and sending the signed transaction to the blockchain node, includes: Based on the first threshold signature strategy, the first number of signatures of the remote signature information and the local signature information of the transaction is accumulated, and the accumulated first number of signatures is used as the first accumulated number of signatures of the transaction to be signed. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the remote signature information and the local signature information of the transaction are aggregated and signed based on the first threshold signature strategy to obtain the first aggregated signature information of the transaction to be signed. Based on the first aggregated signature information, the transaction to be signed is regarded as a signed transaction to be written into the blockchain. The signed transaction and the first aggregated signature information are sent to the blockchain node so that the blockchain node performs aggregated signature verification on the signed transaction based on the global aggregated public key carried in the first aggregated signature information. When the aggregated signature verification is successful, the signed transaction is written into the blockchain maintained by the blockchain node. The global aggregated public key is obtained by aggregating the public key carried in the remote signature information and the public key carried in the local signature information.
10. The method according to claim 1, characterized in that, The trusted execution environment is equipped with a log recording client that is independent of the key escrow client. When the log recording client is a trusted client, the log recording client is used to generate signature record flow information corresponding to the remote signature information of the transaction based on the log signature key when it receives the remote signature information of the transaction sent by the key escrow client, and add the signature record flow information to the trusted log memory corresponding to the log recording client. The method further includes: Obtain a remote log review and authentication report from the trusted client auditing platform associated with the resource management client. This report is obtained after multiple auditing agencies have reviewed the log recording client. Based on the log signing key carried in the remote log review and authentication report, generate a first signature query request for the transaction to be signed. The first signature query request is sent to the log recording client so that the log recording client can search for the signature record serial information in the trusted log memory based on the log signature key carried in the first signature query request. The resource management client receives a first search result from the log recording client, which returns the signature record stream information found in the trusted log memory. Based on the signature record stream information in the first search result, the key escrow client is determined to participate in the remote signing process of the transaction to be signed under the first threshold signature policy.
11. The method according to claim 10, characterized in that, The method further includes: When performing remote authentication with the logging client, a remote log authentication signature report is received from the local platform authentication signature component associated with the trusted execution environment; Obtain the log environment authentication report provided by the remote authentication server for the trusted execution environment. When the log environment authentication report determines that the remote log authentication signature report is a valid authentication report, the trusted execution environment is determined to be a secure execution environment. Obtain the remote log review authentication report obtained by multiple review agencies after reviewing the log recording client from the trusted client auditing platform associated with the resource management client. The key report parameters in the remote log review and authentication report are compared with the key report parameters in the remote log authentication and signature report. If the parameter comparison is successful, the log recording client deployed in the secure execution environment is determined to be the trusted client.
12. The method according to claim 1, characterized in that, The resource management client runs on the first business terminal, and the business terminal associated with the business object includes a second business terminal; the second business terminal is an offline terminal independent of the first business terminal; The second service terminal is used to record the second key fragment of the service object; The method further includes: When remote authentication fails, it is determined that the key escrow client is currently offline. Upon receiving the transaction to be signed sent by the business object, based on the second threshold signature policy corresponding to the transaction to be signed, the transaction signature data code of the transaction to be signed displayed on the second business terminal is obtained. The transaction signature data code is generated by the second business terminal for the first type of signature information of the transaction to be signed. The first type of signature information is obtained by the second business terminal after performing a first signature processing on the transaction to be signed through the second key shard. The obtained transaction signature data code is parsed to obtain the first type of signature information carried in the transaction signature data code; When the first key fragment of the business object is obtained by decrypting the data information accessed by the object, the transaction to be signed is processed by the second signature through the first key fragment to obtain the second type of signature information of the transaction to be signed. Based on the first type of signature information and the second type of signature information, a second cumulative signature count for the transaction to be signed is determined. When the second cumulative signature count reaches the cumulative signature threshold indicated by the second threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
13. The method according to claim 12, characterized in that, The method further includes: From the client auditing platform associated with the resource management client, obtain the remote log audit certification report obtained by multiple auditing agencies after reviewing the log recording client. Based on the log signature key carried in the remote log audit certification report, generate a second signature query request to query the signature of the transaction to be signed. The second signature query request is sent to the log recording client so that the log recording client can search for the signature record flow information for the transaction to be signed in the trusted log memory of the log recording client based on the log signature key carried in the signature query request. The resource management client receives a second search result returned by the log recording client indicating that the signature record flow information was not found in the trusted log memory. Based on the second search result, it is determined that the key escrow client did not participate in the remote signing process of the transaction to be signed under the second threshold signature policy.
14. The method according to claim 1, characterized in that, Before the business object accesses the resource management client through object access data information, the method further includes: When the business object is an unregistered object, the resource management client is registered with the object registration data information provided by the business object. After the object registration is successful, the object registration data information is stored in the registration business database. The resource management client is then used to remotely authenticate the key hosting client deployed in the trusted execution environment. When the remote authentication is successful, the second communication key negotiated with the key hosting client is obtained. The registration password information in the object registration data information is encrypted using the second communication key to obtain the encrypted registration password information corresponding to the registration password information. The encrypted registration password information is sent to the key hosting client, so that the key hosting client can decrypt the encrypted registration password information using the second communication key obtained through negotiation with the resource management client, restore the registration password information, and store the restored registration password information in the trusted hosting memory of the key hosting client. The registration password information stored in the trusted hosting memory of the key hosting client is used to perform remote information authentication on the access password information in the obtained object access data information, and when the remote information authentication is successful, the business object is authorized to call the managed key fragment.
15. A data processing method based on a trusted execution environment, characterized in that, The method is executed by a key escrow client, which is deployed in the trusted execution environment. The method includes: The system receives encrypted object data information and the transaction to be signed from a resource management client based on a first threshold signature policy corresponding to the transaction to be signed. The encrypted object data information is obtained by the resource management client after encrypting the object access data information using a first communication key. The first communication key is negotiated between the resource management client and the key hosting client when the remote authentication is successful. The object access data information is entered when the business object accesses the resource management client. Based on the first communication key, the object access data information is decrypted and obtained. The business object is authenticated through the object access data information. When the authentication is successful, the transaction to be signed is remotely signed through the escrow key fragment stored in the key escrow client to obtain the transaction remote signature information of the transaction to be signed. The remote signature information of the transaction is sent to the resource management client so that when the resource management client decrypts the object access data information to obtain the first key fragment of the business object, it performs local signature processing on the transaction to be signed through the first key fragment to obtain the transaction local signature information of the transaction to be signed. Based on the remote signature information and the transaction local signature information, the resource management client determines the first cumulative signature count of the transaction to be signed. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is treated as a signed transaction to be written into the blockchain and the signed transaction is sent to the blockchain node.
16. A data processing apparatus based on a trusted execution environment, characterized in that, The device runs on a resource management client and includes: The remote authentication module is used to remotely authenticate the key hosting client deployed in the trusted execution environment when a business object accesses the resource management client through object access data information. When the remote authentication is successful, the module obtains the first communication key negotiated with the key hosting client and encrypts the object access data information using the first communication key to obtain encrypted object data information. The transaction sending module is used to send the encrypted information of the object data and the transaction to be signed to the key escrow client based on the first threshold signature policy corresponding to the transaction to be signed when the business object sends the transaction to be signed. This allows the key escrow client to decrypt the object access data information based on the first communication key, authenticate the business object through the object access data information, and remotely sign the transaction to be signed through the escrow key fragment stored in the key escrow client when the authentication is successful, thereby obtaining the transaction remote signature information of the transaction to be signed. The local signature processing module is used to, upon receiving the remote signature information of the transaction returned by the key escrow client, use the object access data information to decrypt and obtain the first key fragment of the business object, and use the first key fragment to perform local signature processing on the transaction to be signed to obtain the transaction local signature information of the transaction to be signed. The transaction on-chain module is used to determine the first cumulative signature count of the transaction to be signed based on the remote signature information and the local signature information of the transaction. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is sent as a signed transaction to be written into the blockchain, and the signed transaction is sent to the blockchain node so that the blockchain node writes the signed transaction into the blockchain.
17. A data processing apparatus based on a trusted execution environment, characterized in that, The device runs on a key escrow client, which is deployed in the trusted execution environment and includes: The transaction receiving module is used to receive object data encryption information and the transaction to be signed sent by the resource management client based on the first threshold signature policy corresponding to the transaction to be signed; the object data encryption information is obtained by the resource management client after encrypting the object access data information through a first communication key; the first communication key is negotiated between the resource management client and the key hosting client when the remote authentication of the key hosting client deployed in the trusted execution environment is successful; the object access data information is entered when the business object accesses the resource management client; The remote signature processing module is used to decrypt the object access data information based on the first communication key, authenticate the business object through the object access data information, and when the authentication is successful, remotely sign the transaction to be signed through the escrow key fragment stored in the key escrow client to obtain the transaction remote signature information of the transaction to be signed. The remote signature information sending module is used to send the transaction remote signature information to the resource management client, so that when the resource management client decrypts the object access data information to obtain the first key fragment of the business object, it performs local signature processing on the transaction to be signed through the first key fragment to obtain the transaction local signature information of the transaction to be signed. Furthermore, the resource management client determines the first cumulative signature count of the transaction to be signed based on the transaction remote signature information and the transaction local signature information. When the first cumulative signature count reaches the cumulative signature threshold indicated by the first threshold signature strategy, the transaction to be signed is sent as a signed transaction to be written into the blockchain and the signed transaction is sent to the blockchain node.
18. A computer device, characterized in that, Including memory and processor; The memory is connected to the processor, the memory is used to store computer programs, and the processor is used to invoke the computer programs so that the computer device performs the method according to any one of claims 1-15.
19. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program adapted to be loaded and executed by a processor to cause a computer device having the processor to perform the method of any one of claims 1-15.
20. A computer program product, characterized in that, Includes a computer program / instruction that, when executed by a processor, implements the method according to any one of claims 1-15.