Business processing method, business processing apparatus, electronic device, storage medium, product

Abstract

This disclosure provides a business processing method, business processing apparatus, electronic device, storage medium, and product, which can be applied to the fields of computer technology, data processing technology, and privacy computing technology. The business processing method is applied to a terminal device, which is equipped with a trusted execution environment, and includes: in response to receiving a business processing request initiated by a target application, obtaining privacy data to be processed related to the business processing request, wherein the business processing request includes business data to be processed; processing the business data to be processed and the privacy data to be processed in the trusted execution environment according to a business processing strategy used for the business processing request, obtaining a business processing result, and returning the business processing result to the target application.

Description

Technical Field

[0001] This disclosure relates to the fields of computer technology, data processing technology, and privacy computing technology, and more specifically, to a business processing method, business processing apparatus, electronic device, storage medium, and product. Background Technology

[0002] With increasingly stringent requirements for data privacy protection and growing user awareness of privacy, privacy computing technology has become crucial for achieving data processing while ensuring data security.

[0003] In one example, privacy-preserving computation techniques can include cryptography-based secure multi-party computation and a trusted execution environment (TEE) based on trusted hardware. A trusted execution environment based on trusted hardware refers to providing an efficient and highly secure solution for privacy-preserving computation by building an isolated secure execution environment at the hardware level.

[0004] In realizing the concept disclosed herein, the inventors discovered at least the following problems in the related technologies: the related technologies all lack a verifiable and transparent mechanism for the computational logic itself running in a trusted execution environment, and the flexibility of service expansion is insufficient. Summary of the Invention

[0005] In view of the above, this disclosure provides a business processing method, a business processing apparatus, an electronic device, a storage medium, and a product.

[0006] According to one aspect of this disclosure, a business processing method is provided, applied to a terminal device, wherein the terminal device is provided with a trusted execution environment, characterized in that the method includes: in response to receiving a business processing request initiated by a target application, obtaining privacy data to be processed related to the business processing request, wherein the business processing request includes business data to be processed; and processing the business data to be processed and the privacy data to be processed in the trusted execution environment according to a business processing strategy for the business processing request, obtaining a business processing result, and returning the business processing result to the target application.

[0007] According to embodiments of this disclosure, multiple candidate trusted applications are deployed in the aforementioned trusted execution environment. The secure storage area of ​​the aforementioned trusted execution environment stores system data and candidate privacy data for each of the aforementioned candidate trusted applications. The acquisition of the privacy data to be processed related to the aforementioned business processing request includes: determining a target trusted application corresponding to the aforementioned target application from among the multiple aforementioned candidate trusted applications based on the type of the aforementioned target application; and invoking the aforementioned target trusted application to acquire the aforementioned system data and target privacy data for the aforementioned target trusted application from the aforementioned secure storage area to obtain the aforementioned privacy data to be processed.

[0008] According to embodiments of this disclosure, the above-mentioned invocation of the target trusted application to obtain the system data and target privacy data for the target trusted application from the secure storage area to obtain the privacy data to be processed includes: transmitting the system data and target privacy data in the secure storage area to the trusted execution environment in encrypted form through the target trusted application to obtain the privacy data to be processed; the method further includes, after obtaining the privacy data to be processed related to the business processing request, decrypting the privacy data to be processed in the trusted execution environment to obtain decrypted privacy data to be processed.

[0009] According to embodiments of this disclosure, before acquiring the pending privacy data related to the aforementioned business processing request: verifying the reliability of the source of the pending business data to obtain a first verification result; verifying the permission of the target application to access the trusted execution environment to obtain a second verification result; and, in response to the first verification result indicating that the reliability has been verified and the second verification result indicating that the permission has been verified, acquiring the pending privacy data is performed.

[0010] According to embodiments of this disclosure, the candidate trusted application is deployed in the following manner: sending code for the candidate trusted application to a verifier to verify the code and obtain a verification result; in response to the verification result indicating that the code has passed verification, determining reference authentication information for the code; and using the reference authentication information as an identifier for the code, running the code in the trusted execution environment to deploy the candidate trusted application.

[0011] According to embodiments of this disclosure, the code described above has a functional description, which describes the business processing logic of the candidate trusted application in natural language.

[0012] According to embodiments of this disclosure, before invoking the target trusted application: matching the target authentication information determined based on the target trusted application with the reference authentication information of the program corresponding to the target trusted application to obtain a matching result; and, in response to the matching result indicating that the target authentication information matches the reference authentication information, invoking the target trusted application is executed.

[0013] According to embodiments of this disclosure, the method further includes: in response to receiving a call request from a caller for the aforementioned candidate trusted application, authenticating the caller and obtaining an authentication result, wherein the caller is different from the target application that initiated the aforementioned business processing request; and in response to the authentication result indicating that the caller has passed authentication, the aforementioned candidate trusted application responds to the call request.

[0014] According to embodiments of this disclosure, the aforementioned candidate trusted application runs as a resident process in the aforementioned trusted execution environment; the method further includes: processing real-time privacy data through the aforementioned resident process to obtain intermediate processing results; and, in response to the aforementioned business processing request, determining the aforementioned business processing result from the aforementioned intermediate processing results.

[0015] According to embodiments of this disclosure, the aforementioned business processing request is for a target business; the aforementioned processing of the pending business data and the pending privacy data in the trusted execution environment according to the business processing strategy for the aforementioned business processing request to obtain a business processing result includes: determining a target business processing strategy for the aforementioned target business from multiple candidate business processing strategies according to the aforementioned target business; and processing the pending business data and the pending privacy data in the trusted execution environment according to the aforementioned target business processing strategy to obtain the aforementioned business processing result.

[0016] According to embodiments of this disclosure, returning the business processing result to the target application includes: performing a sensitivity analysis on the business processing result to obtain a sensitivity analysis result; returning the business processing result to the target application if the sensitivity analysis result indicates that the business processing result does not contain privacy information; and desensitizing the business processing result if the sensitivity analysis result indicates that the business processing result contains privacy information, and returning the desensitized business processing result to the target application.

[0017] According to another aspect of this disclosure, a business processing apparatus is provided, applied to a terminal device, wherein a trusted execution environment is provided in the terminal device. The method comprises: an acquisition module, configured to, in response to receiving a business processing request initiated by a target application, acquire pending privacy data related to the business processing request, wherein the business processing request includes pending business data; and a first processing module, configured to, in the trusted execution environment, process the pending business data and the pending privacy data according to a business processing strategy for the business processing request, obtain a business processing result, and return the business processing result to the target application.

[0018] According to another aspect of this disclosure, an electronic device is provided, comprising: one or more processors; and a memory for storing one or more instructions, wherein, when executed by the one or more processors, the one or more processors cause the one or more processors to perform the method as described in this disclosure.

[0019] According to another aspect of this disclosure, a computer-readable storage medium is provided having executable instructions stored thereon, which, when executed by a processor, cause the processor to perform the methods described in this disclosure.

[0020] According to another aspect of this disclosure, a computer program product is provided, which includes computer-executable instructions that, when executed, are used to perform the methods described in this disclosure. Attached Figure Description

[0021] The above and other objects, features and advantages of this disclosure will become clearer from the following description of embodiments with reference to the accompanying drawings, in which:

[0022] Figure 1 This illustration schematically shows a system architecture to which business processing methods can be applied according to embodiments of the present disclosure;

[0023] Figure 2 A flowchart illustrating a service processing method according to an embodiment of the present disclosure is shown schematically.

[0024] Figure 3 The illustration shows an example schematic diagram of a terminal device and a trusted execution environment according to embodiments of the present disclosure;

[0025] Figure 4 This illustration shows an example diagram of a business processing procedure according to an embodiment of the present disclosure;

[0026] Figure 5 This illustration schematically shows an example diagram of an application initialization process according to an embodiment of the present disclosure;

[0027] Figure 6 This illustration schematically shows an example diagram of a business processing procedure according to another embodiment of the present disclosure;

[0028] Figure 7 A block diagram of a service processing apparatus according to an embodiment of the present disclosure is schematically shown; and

[0029] Figure 8 A block diagram of an electronic device suitable for implementing a business processing method according to an embodiment of the present disclosure is shown schematically. Detailed Implementation

[0030] The embodiments of the present disclosure will now be described with reference to the accompanying drawings. However, it should be understood that these descriptions are exemplary only and are not intended to limit the scope of the disclosure. In the following detailed description, numerous specific details are set forth to provide a thorough understanding of the embodiments of the present disclosure for ease of explanation. However, it will be apparent that one or more embodiments may be practiced without these specific details. Furthermore, descriptions of well-known structures and techniques are omitted in the following description to avoid unnecessarily obscuring the concepts of the present disclosure.

[0031] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit this disclosure. The terms “comprising,” “including,” etc., as used herein indicate the presence of the stated features, steps, operations, and / or components, but do not exclude the presence or addition of one or more other features, steps, operations, or components.

[0032] All terms used herein (including technical and scientific terms) have the meanings commonly understood by those skilled in the art, unless otherwise defined. It should be noted that the terms used herein are to be interpreted in a manner consistent with the context of this specification, and not in an idealized or overly rigid way.

[0033] When using expressions such as "at least one of A, B and C", they should generally be interpreted in accordance with the meaning that is commonly understood by those skilled in the art (e.g., "a system having at least one of A, B and C" should include, but is not limited to, a system having A alone, a system having B alone, a system having C alone, a system having A and B, a system having A and C, a system having B and C, and / or a system having A, B and C, etc.).

[0034] In the technical solution of this invention, the user information (including but not limited to user personal information, user image information, user device information, such as location information) and data (including but not limited to data used for analysis, stored data, and displayed data) involved are all information and data authorized by the user or fully authorized by all parties. Furthermore, the collection, storage, use, processing, transmission, provision, disclosure, and application of related data all comply with relevant laws, regulations, and standards, take necessary confidentiality measures, do not violate public order and good morals, and provide corresponding operation entry points for users to choose to authorize or refuse.

[0035] Trusted execution environments based on trusted hardware can include cloud-based trusted execution environment solutions and terminal-based trusted execution environment solutions.

[0036] The cloud-based Trusted Execution Environment (TEE) solution involves uploading data to a cloud-based TEE for processing. However, this solution suffers from long data transmission links, high latency, and limited performance. Uploading raw data off-site poses risks of authorization and privacy breaches, limiting the scope of usable data. Furthermore, it relies on independent cloud infrastructure, resulting in high deployment and maintenance costs.

[0037] While trusted execution environment (TEE) solutions can move computation to the device side and improve real-time performance and privacy, the following problems still exist: after data is transferred between different applications on the terminal, its processing may get out of control; if complex protection mechanisms such as differential privacy or secure multi-party computation are added, data accuracy and fusion effect are often sacrificed, and it is difficult to achieve secure, flexible service sharing and efficient collaboration across applications.

[0038] However, the above solutions all lack a verifiable and transparent mechanism for the computational logic itself running in a trusted execution environment, and their service extension flexibility is insufficient.

[0039] Therefore, this disclosure provides a business processing method, a business processing apparatus, an electronic device, a storage medium, and a product, which can be applied to the fields of computer technology, data processing technology, and privacy computing technology. The business processing method is applied to a terminal device, which is equipped with a trusted execution environment, and includes: in response to receiving a business processing request initiated by a target application, obtaining privacy data to be processed related to the business processing request, wherein the business processing request includes business data to be processed; processing the business data to be processed and the privacy data to be processed in the trusted execution environment according to the business processing strategy used for the business processing request, obtaining a business processing result, and returning the business processing result to the target application.

[0040] Figure 1 The illustration schematically depicts a system architecture to which a business processing method can be applied according to embodiments of this disclosure. It should be noted that... Figure 1The examples shown are merely examples of system architectures that can be applied to the embodiments of this disclosure, in order to help those skilled in the art understand the technical content of this disclosure, but do not mean that the embodiments of this disclosure cannot be used in other devices, systems, environments or scenarios.

[0041] like Figure 1 As shown, the system architecture 100 according to this embodiment may include a first terminal device 101, a second terminal device 102, a third terminal device 103, a network 104, and a server 105. The network 104 serves as a medium for providing communication links between different devices.

[0042] It should be noted that the business processing methods provided in the embodiments of this disclosure can generally be executed by the server 105. Accordingly, the business processing apparatus provided in the embodiments of this disclosure can generally be located in the server 105.

[0043] Alternatively, the service processing method provided in this embodiment of the present disclosure can also be executed by the first terminal device 101, the second terminal device 102, or the third terminal device 103. Correspondingly, the service processing apparatus provided in this embodiment of the present disclosure can also be disposed in the first terminal device 101, the second terminal device 102, or the third terminal device 103.

[0044] It should be understood that Figure 1 The number of terminal devices, networks, and servers shown is merely illustrative. Depending on implementation needs, any number of terminal devices, networks, and servers can be included.

[0045] It should be noted that the sequence numbers of the operations in the following methods are for descriptive purposes only and should not be considered as indicating the execution order of the operations. Unless explicitly stated otherwise, the method does not need to be executed in the exact order shown.

[0046] The foregoing section described the system architecture for applying business processing methods provided in this disclosure. The following section will use... Figure 2 As an example, the business process disclosed herein will be further explained.

[0047] Figure 2 A flowchart illustrating a service processing method according to an embodiment of the present disclosure is shown schematically.

[0048] like Figure 2 As shown, the business processing method 200 is applied to a terminal device, which is equipped with a trusted execution environment and may include operations S210~S220.

[0049] In operation S210, in response to receiving a business processing request initiated by the target application, the pending privacy data related to the business processing request is obtained, wherein the business processing request includes pending business data.

[0050] In operation S220, in accordance with the business processing strategy used for business processing requests, the business data to be processed and the privacy data to be processed are processed in a trusted execution environment to obtain the business processing result and return the business processing result to the target application.

[0051] A terminal device refers to a hardware device with computing and storage capabilities. For example, a terminal device can be a smartphone, tablet, or IoT device. A trusted execution environment (TEX) refers to a secure execution zone within a terminal device, built through software and hardware isolation mechanisms, which ensures the confidentiality and integrity of the code and data within it.

[0052] The target application refers to the application that initiates the business processing request. A business processing request is an instruction sent by the target application to the server that requires computation using private data. For example, the target application could be a banking app, and the business processing request could be a credit scoring request initiated by a user through the banking app. The business data to be processed is external or cloud-based data required for business processing. For example, the business data to be processed could be model parameters or risk control rules sent by the server.

[0053] The triggering method for business processing requests can be configured according to actual business needs and is not limited here. For example, a user can click the "Credit Score" button in a bank's app, and the bank's app will call the trusted execution environment interface. Alternatively, business processing requests can be triggered by instructions issued from the cloud. Alternatively, business processing requests can be automatically triggered based on scheduled tasks or event-driven processes.

[0054] Upon receiving a business processing request, the required privacy data can be collected from the terminal's TEE secure storage area or through a trusted system application. For example, the privacy data to be processed can be read from the TEE secure storage area via a privacy data collection unit. Alternatively, the privacy data to be processed can be extracted from an encrypted local database or a secure chip. The privacy data to be processed is business-related data that involves user privacy. For example, the privacy data to be processed may be contacts, geolocation, health data, etc.

[0055] After acquiring the privacy data to be processed, data fusion computation can be performed based on pre-defined or distributed business processing strategies executed within the Trusted Execution Environment (TEE). A business processing strategy is the specific computational logic or algorithm executed within the TEE to handle business processing requests. For example, closed-source or open-source logic can be executed by a trusted application. Alternatively, it can support dynamically loading and verifying algorithm packages from trusted sources, or performing combined computations based on pre-built pluggable processing modules within the TEE.

[0056] The business processing result is the final data returned to the target application after being calculated by the trusted execution environment. For example, taking a credit scoring request initiated by a user through a bank's app as an example, the business processing result could be "Credit Score: A," without containing original privacy information. After obtaining the business processing result, only the result can be returned to the target application without disclosing intermediate data.

[0057] In the embodiments of this disclosure, by executing business processing requests and privacy data processing within a trusted execution environment (TEA) of the terminal device, the original privacy data is avoided from being uploaded to the cloud, thereby shortening the data transmission path and improving processing efficiency and real-time performance. Furthermore, by performing fusion computation within the TEA and returning business processing results without privacy information to the target application, the privacy risk can be avoided while ensuring data utility, thus improving the privacy and security of business processing.

[0058] The following is for reference. Figures 3-6 The following is a further description of the business processing method 200 according to an embodiment of the present invention.

[0059] Figure 3 The illustration shows an example schematic diagram of a terminal device and a trusted execution environment according to embodiments of the present disclosure.

[0060] like Figure 3 As shown in embodiment 300 of the terminal device and trusted execution environment, the application layer of the terminal device 310 can deploy applications such as system software, shopping software, dating software, and entertainment software. The operating system (OS) of the terminal device 310 can receive business processing requests from various applications and interact with the business logic processing unit in the trusted execution environment 320.

[0061] The business logic processing unit of the Trusted Execution Environment 320 can deploy multiple candidate trusted applications, such as a shopping trusted application corresponding to a shopping software, a dating trusted application corresponding to a dating software, and an entertainment trusted application corresponding to an entertainment software.

[0062] In response to receiving a business processing request initiated by a target application, the business logic processing unit of the Trusted Execution Environment 320 can utilize the data acquisition unit of the Trusted Execution Environment 320 to obtain unprocessed privacy data related to the business processing request from the terminal privacy data of the Trusted Execution Environment 320. For example, terminal privacy data may include system data, shopping software data, dating software data, entertainment software data, etc.

[0063] According to embodiments of this disclosure, a candidate trusted application may be deployed by: sending code for the candidate trusted application to a verifier to verify the code and obtain a verification result; in response to the verification result indicating that the code has passed verification, determining reference authentication information of the code; using the reference authentication information as an identifier of the code, running the code in a trusted execution environment to deploy the candidate trusted application.

[0064] A candidate trusted application is a software module with specific data processing functions that is intended to be deployed in a trusted execution environment on an end device. Code is the source code or compiled executable file used to implement the functionality of the candidate trusted application. The verifier is a credible third-party entity or platform independent of the developer and end-user, responsible for auditing and evaluating the code for security, compliance, or functionality.

[0065] Developers can submit the code of candidate trusted applications to a verification party for review and verification. The review process may include security vulnerability scanning, malware detection, privacy compliance review, and functional logic review. The verification result is a conclusive judgment issued by the verification party after evaluating the code, which can be "pass" or "fail," and may include an evaluation report or rating.

[0066] Once the code passes verification, reference authentication information can be generated that uniquely represents the code and possesses tamper-proof properties. Reference authentication information is generated based on the verified code and is used to uniquely identify and authenticate the code's identity. The method for generating reference authentication information can be configured according to actual business needs and is not limited here. For example, reference authentication information can be obtained from the cryptographic hash value calculated from the code, the digital certificate issued by the verifier, or the code's metric value digitally signed by the verifier.

[0067] When code is installed or loaded into a TEE, its reference authentication information can be registered as an identifier in the TEE's management module. This identifier serves as a credential for identifying and distinguishing different trusted applications within the trusted execution environment. Subsequently, before running the trusted application, the TEE will recalculate its runtime authentication information and compare it with the registered reference authentication information; execution is only permitted if they match.

[0068] In the embodiments disclosed herein, by introducing an independent verifier to conduct pre-audit of the code of candidate trusted applications, the security, compliance, and trustworthiness of the computing logic itself deployed in the TEE are ensured, reducing the risk of malicious code infiltrating the secure environment from the source. Based on this, by generating reference authentication information as a unique identifier for the code, a verifiable digital identity is established for the code, enabling accurate identification of code integrity. By deploying and running the application in the TEE based on this identifier, it is ensured that the actually running code is consistent with the verified code, enhancing the security of the entire terminal privacy computing.

[0069] According to embodiments of this disclosure, the code may have a functional description, which describes the business processing logic of the candidate trusted application in natural language.

[0070] A functional description is a textual explanation of the functions implemented by the code. It can be used to explain the code's input, processing, output, and business purpose. Natural language form refers to language that is readable and understandable to humans, distinct from programming languages, mathematical symbols, or machine code. Business processing logic refers to the data processing rules, algorithmic steps, or decision-making processes executed by the code at the business level. The functional description of the code can be sent as part of the verification to the verification party for verification. For business-sensitive code, only the functional description can be displayed, without open-sourcing the code.

[0071] For example, for a candidate trusted application used for "credit scoring", its accompanying function description can be "This application reads the local transaction records and APP usage time in the user's device, calculates a credit score of 0 to 100 through a logistic regression model, and the output only contains the score value and does not contain any raw data".

[0072] The method for generating feature descriptions can be configured according to actual business needs and is not limited here. For example, a feature description template can be created to guide developers to fill in standardized fields to generate feature descriptions that are both machine-readable and easy for users to read. Standardized fields may include input data types, processing algorithm names, output data types, privacy impact statements, etc.

[0073] In the embodiments disclosed herein, because the code contains functional descriptions in natural language, complex data processing logic becomes transparent and understandable to the data provider, allowing them to understand how the data is being used without requiring specialized technical background. Simultaneously, the functional descriptions enable the disclosure of business logic without revealing the core code, providing a parsable semantic foundation and facilitating compliance checks and audit trails of data processing activities.

[0074] According to embodiments of this disclosure, before invoking the target trusted application, the above method may further include the following operations: matching the target authentication information determined based on the target trusted application with the reference authentication information of the program corresponding to the target trusted application to obtain a matching result; and in response to the matching result indicating that the target authentication information matches the reference authentication information, invoking the target trusted application.

[0075] Before invoking the target trusted application, the cryptographic hash value of the target trusted application's current code or image can be calculated in real time as the target authentication information. This hash value is then compared with pre-stored, authoritatively verified reference authentication information. The target trusted application is a trusted application instance selected based on the business processing request, intended to perform specific computational tasks in the TEE. The target authentication information is an identity credential generated at the time of invocation using specific metrics for the current program entity corresponding to the target trusted application. The reference authentication information is a pre-determined identity credential used to identify the verified and correct version of the target trusted application.

[0076] For example, when a bank app requests to call the "credit risk control application", the trusted application measures its code by signing it during compilation and packaging and stores it in the metadata. When the trusted application is loaded into the TEE, it is decrypted using the public key stored in the secure storage area, and the hash value obtained after measuring the currently loaded file is compared with the hash value in the metadata.

[0077] The matching result is a consistency judgment obtained by comparing the target authentication information with the reference authentication information. For example, the matching result can be "match" or "not match". Business logic is only allowed to be executed or continue when the target authentication information matches the reference authentication information. It should be noted that tiered invocation can also be implemented, meaning that basic functions can be directly invoked after matching, but core functions involving more sensitive data require additional dynamic authorization on top of the matching, such as real-time user confirmation; alternatively, permission policies can be configured through the cloud to reflect the flexibility of permission granting.

[0078] In the embodiments of this disclosure, by performing strict code authentication and matching before invoking a trusted application, it is possible to effectively detect and prevent the execution of trusted application code that has been tampered with, replaced, or has inconsistent versions. Furthermore, by making successful matching a prerequisite for invocation, it ensures that the final operational business processing logic is consistent with the logic that has undergone security auditing and gained the trust of all parties, thereby guaranteeing the determinism and security of the data processing logic.

[0079] According to embodiments of this disclosure, multiple candidate trusted applications can be deployed in a trusted execution environment, and system data and candidate privacy data for each candidate trusted application can be stored in the secure storage area of ​​the trusted execution environment.

[0080] Candidate trusted applications are multiple trusted applications deployed within the TEE. Each candidate trusted application can have an independent identity and function. For example, candidate trusted applications may include health data analysis applications, payment risk control applications, location service applications, etc. The secure storage area is a hardware-protected encrypted storage space within the TEE, which can be used to persistently store sensitive data.

[0081] System data refers to basic or general information about the terminal device. For example, system data may include device identifiers (International Mobile Equipment Identity, IMEI), system time, network status, and common sensor parameters. Candidate privacy data refers to user privacy data that is pre-stored or collected and associated with each candidate trusted application. For example, candidate privacy data may include step counts and heart rate records for health applications; and local transaction history for payment applications.

[0082] According to an embodiment of this disclosure, operation S210 may include the following operations: determining a target trusted application corresponding to the target application from among multiple candidate trusted applications based on the type of the target application; invoking the target trusted application to obtain system data and target privacy data for the target trusted application from a secure storage area, thereby obtaining privacy data to be processed.

[0083] For the target application, the corresponding trusted application can be matched from multiple candidate trusted applications based on the target application's type. The type of the target application refers to the business or technology category to which the application initiating the request belongs. The type of the target application can be identified by application package name, signing certificate, registration information, or interface agreement, etc. For example, the type of the target application may include financial, health management, navigation, shopping, dating, entertainment, etc.

[0084] The method for determining the type of target application can be configured according to actual business needs and is not limited here. For example, it can be matched through preset call relationships or authentication lists. Alternatively, it can be dynamically selected based on business identifiers, data tags, or security policies in the business processing request. Alternatively, users can also be allowed to manually authorize and select from multiple candidate trusted applications.

[0085] A target trusted application is a trusted application selected from multiple candidate trusted applications based on the target application type, specifically designed to handle this type of business. After the target trusted application is determined, it can be activated, and then read its authorized system data and target privacy data from secure storage. Target privacy data is a subset of privacy data in the secure storage area specifically for the use of the target trusted application.

[0086] In the embodiments of this disclosure, by deploying multiple candidate trusted applications in a trusted execution environment and centrally managing privacy data, modularization and flexible matching of business processing capabilities are achieved, enabling precise scheduling of dedicated processing units based on application type. System data and application privacy data are uniformly stored in a secure area, avoiding the security risks and management redundancy caused by scattered data storage. Furthermore, by invoking target trusted applications on demand and granting access rights only to their corresponding subsets of data, unauthorized data access is effectively prevented, while simultaneously improving data retrieval efficiency and security.

[0087] According to embodiments of this disclosure, invoking a target trusted application to obtain system data and target privacy data for the target trusted application from a secure storage area to obtain privacy data to be processed may include the following operation: transmitting the system data and target privacy data in the secure storage area to a trusted execution environment in encrypted form through the target trusted application to obtain privacy data to be processed.

[0088] The secure storage area can be a hardware-protected, non-volatile storage space within the TEE (Trusted Execution Environment) used to persistently store sensitive data. When a target trusted application reads data from the secure storage area, it obtains the encrypted ciphertext and loads this ciphertext into the TEE's runtime memory or secure computing area for subsequent processing. The ciphertext is an unreadable data format processed by an encryption algorithm, thus ensuring that even when data is transmitted within the TEE, the plaintext is not exposed.

[0089] The specific method of ciphertext formation can be configured according to actual business needs and is not limited here. For example, a target trusted application can read the ciphertext through the secure storage API provided by TEEOS. Alternatively, a sealed storage mechanism can be used, where data is encrypted using a key bound to the TEE chip or platform identity, and can only be decrypted within the same TEE environment. Another alternative is Attribute-Based Encryption (ABE), where the ciphertext can be decrypted within the TEE by multiple trusted applications that meet the policy requirements, achieving controlled sharing.

[0090] According to embodiments of this disclosure, after obtaining the privacy data to be processed related to the business processing request, the following operation can also be performed: in a trusted execution environment, the privacy data to be processed is decrypted to obtain the decrypted privacy data to be processed.

[0091] Within the security boundary of the TEE, ciphertext can be decrypted into computable plaintext data using a preset or securely acquired decryption key. This decryption operation is performed only within the TEE, and the key does not leave the TEE. The specific decryption method can be configured according to actual business needs and is not limited here. For example, hardware decryption can be performed using the TEE's built-in security coprocessor to improve efficiency and security. Alternatively, multi-layer encryption and key derivation can be used, requiring multiple verifications during the decryption process, such as first using the device root key to decrypt one layer, and then using the session key to decrypt the data layer.

[0092] In the embodiments of this disclosure, since data is transmitted in encrypted form throughout the TEE from secure storage to usage, continuous protection is achieved between storage encryption and transmission encryption during usage, which can defend against the risk of plaintext data leakage due to internal software defects or improper access. Furthermore, by decrypting within the TEE, it is ensured that plaintext data exists in a protected environment during final computation, shortening the window for plaintext exposure and thereby enhancing the security of the data processing chain.

[0093] Figure 4 The illustration shows an example schematic diagram of a business processing procedure according to an embodiment of the present disclosure.

[0094] like Figure 4 As shown, in embodiment 400 of the business processing, the business processing process may include operations S401 to S411.

[0095] When operating S401, the cloud can send cloud data to the terminal device.

[0096] When operating S402, the terminal device can invoke the trusted execution environment.

[0097] When operating S403, TEEOS can verify the reliability of cloud data and terminal data sources and obtain the first verification result.

[0098] When operating S404, TEEOS can verify the target application's permission to access the trusted execution environment and obtain a second verification result.

[0099] When operating S405, TEEOS can send the first verification result and the second verification result to the terminal device.

[0100] In operation S406, in response to the first verification result indicating that the reliability has been verified and the second verification result indicating that the permission has been verified, the terminal device can send cloud data and terminal data to the trusted application.

[0101] When operating S407, a trusted application can identify a target trusted application that corresponds to a target application.

[0102] When operating S408, trusted applications can collect privacy data to be processed from TEEOS.

[0103] When operating S409, TEEOS can return pending privacy data to trusted applications.

[0104] When operating S410, trusted applications can process the business data to be processed and the privacy data to be processed according to the target business processing strategy to obtain the business processing results.

[0105] When operating S411, trusted applications can send service processing results to terminal devices.

[0106] According to embodiments of this disclosure, before acquiring the privacy data to be processed related to the business processing request, the above method may further include the following operations: verifying the reliability of the source of the business data to be processed to obtain a first verification result; verifying the permission of the target application to access the trusted execution environment to obtain a second verification result; and in response to the first verification result indicating that the reliability has been verified and the second verification result indicating that the permission has been verified, acquiring the privacy data to be processed is performed.

[0107] The source of the business data to be processed is the entity that initiated the business computation request or the source that provided the initial computation parameters. For example, the business data to be processed can be a cloud server, a third-party computing platform, or other security modules on a device. Before the data enters the processing flow, the reliability of the source of the business data to be processed can be verified to obtain a first verification result. The first verification result is a Boolean value or status identifier generated after the reliability verification of the data source. For example, the first verification result can be "Reliability verified" or "Reliability not verified".

[0108] Reliability verification refers to the process of confirming the authenticity of the data source and the integrity of data transmission through technical means, preventing data forgery or tampering. The specific methods of reliability verification can be configured according to actual business needs and are not limited here. For example, it can be cloud-based signing or terminal-based signature verification. Alternatively, chain verification based on digital certificates can be used to verify the complete trust chain from the data to the issuer's root certificate. Another alternative is to use hardware-based root of trust authentication to verify the true identity of the source entity.

[0109] Access permissions for a target application to the Trusted Execution Environment (TEE) determine whether the target application is authorized to call TEE services and use specific trusted applications. Before data enters the processing flow, the target application's access permissions to the TEE can be verified to obtain a second verification result. The second verification result is a conclusive output generated after verifying the target application's permissions; for example, the second verification result could be "permission verified" or "permission verified."

[0110] Permission verification refers to the process of verifying whether an individual's identity is on the permission list and whether their requested operation is within their authorized scope. The specific method of permission verification can be configured according to actual business needs and is not limited here. For example, TEEOS can be used to authenticate applications. Alternatively, a dynamic policy engine can be used to perform real-time permission assessment in conjunction with application context (such as installation source, user settings, etc.).

[0111] After obtaining the first and second verification results, if the first verification result is "reliability verified" and the second verification result is "permission verified", that is, when the data source is trustworthy and the target application has the necessary permissions, the subsequent privacy data acquisition and processing process is triggered.

[0112] In the embodiments disclosed herein, by performing a first layer of verification on the reliability of external data sources, malicious input data that has been forged or tampered with is effectively blocked from entering, ensuring the authenticity and integrity of the input on which the computing logic depends from the source; by performing a second layer of verification on the access permissions of calling applications, it is restricted that only legally authorized applications can trigger privacy computing within the TEE, preventing unauthorized applications from abusing or attacking the sensitive computing environment, thereby improving the security of the entire privacy computing process.

[0113] According to an embodiment of this disclosure, the service processing request is for a target service; operation S220 may include the following operations: based on the target service, determining a target service processing strategy for the target service from multiple candidate service processing strategies; and processing the service data to be processed and the privacy data to be processed in a trusted execution environment according to the target service processing strategy to obtain the service processing result.

[0114] The target business refers to the specific application scenario or service type that initiates the request. For example, the target business could be credit scoring, personalized recommendation, or health risk assessment. Candidate business processing strategies refer to a predefined set of data processing algorithms, models, or protocols used to achieve different business objectives.

[0115] For a business processing request, the most suitable target business processing strategy can be selected from a set of preset candidate strategies based on the explicit or implicit business type identifier in the request. The target business processing strategy is a specific algorithm or rule selected from the candidate strategies and specifically used to process the target business.

[0116] The selection method for the target business processing strategy can be configured according to actual business needs and is not limited here. For example, the target business processing strategy can be selected based on the preset mapping between application types and trusted applications. Alternatively, the business processing request can carry a business descriptor, which is then matched with the metadata tags of each candidate business processing strategy by parsing the business descriptor. Another alternative is to dynamically select the target business processing strategy using a rule engine or machine learning model, taking into account factors such as business type, data sensitivity level, and real-time resource status.

[0117] After determining the target service processing strategy, the algorithm defined by the selected target service processing strategy can be loaded and executed within the security boundary of the TEE to calculate the input service data and privacy data to be processed, and generate the final output. It should be noted that a target service can also be completed collaboratively by multiple service processing strategies, and an orchestration engine can be configured within the TEE to schedule the execution order of these service processing strategies.

[0118] In the embodiments of this disclosure, by determining the target business processing strategy from multiple candidate business processing strategies based on the target business, diverse business scenarios can be flexibly adapted, and the targeting and accuracy of data processing are improved through precise strategy matching. Furthermore, by executing the target business processing strategy in the TEE, the standardization and consistency of data processing logic are ensured, and privacy and security are guaranteed in various business scenarios.

[0119] According to embodiments of this disclosure, returning a business processing result to a target application may include the following operations: performing sensitivity analysis on the business processing result to obtain a sensitivity analysis result; returning the business processing result to the target application if the sensitivity analysis result indicates that the business processing result does not contain privacy information; and desensitizing the business processing result and returning the desensitized business processing result to the target application if the sensitivity analysis result indicates that the business processing result contains privacy information.

[0120] Before the business processing results leave the TEE (Transaction Execution Environment), a sensitivity analysis can be performed on their content to determine if there is a risk of privacy leakage. Sensitivity analysis refers to the process of using specific methods to assess whether the business processing results contain or may derive raw privacy information. The sensitivity analysis result can be "safe" or "sensitive," or it can be a more detailed risk level.

[0121] The specific methods of sensitivity analysis can be configured according to actual business needs and are not limited here. For example, a predefined sensitive word library (sensitive words such as ID card numbers, precise location coordinates, etc.) can be used to match business processing results. Alternatively, the privacy budget consumption can be calculated by analyzing whether the business processing results contain information that excessively relies on certain records in the input data.

[0122] If the sensitivity analysis results indicate that the business processing result does not contain private data and the specific data of the data source cannot be inferred from the business processing result, then it can be allowed to be output directly. If the sensitivity analysis results indicate that the business processing result contains private data, or the specific data of the data source can be inferred from the business processing result, then further anonymization of the business processing result is required.

[0123] Data anonymization refers to the process of processing data to remove or reduce the amount of private information it contains. Anonymization methods can include generalization, suppression, replacement, or adding noise. For example, if the original business processing result is "User's frequently visited location: Coffee Shop A (latitude and longitude)," the anonymized business processing result could be "User's frequently visited location type: Restaurant (administrative region)."

[0124] In the embodiments of this disclosure, by performing sensitivity analysis on the business processing results before output, it is possible to proactively identify and block output results that, although processed by TEE, may still unintentionally contain or expose privacy information. Based on this, by performing traffic triage based on the sensitivity analysis results—that is, by directly allowing secure results to pass through—unnecessary processing overhead is avoided, ensuring efficiency in security scenarios; and by desensitizing risky results, it is ensured that data leaving the secure environment will not expose privacy information, thus guaranteeing the security of the business processing process.

[0125] Figure 5 The illustration shows an example schematic diagram of an application initialization process according to an embodiment of the present disclosure.

[0126] like Figure 5 As shown, in the application initialization embodiment 500, the application initialization process may include operations S501 to S504.

[0127] When operating S501, users can request TEEOS to verify trusted applications based on package name.

[0128] When operating S502, TEEOS can send application proof reports to users.

[0129] When operating S503, users can determine whether a trusted application is the target trusted application based on the report.

[0130] When operating S504, the user can return a judgment result to TEEOS, indicating whether authorization is granted.

[0131] Figure 6 The illustration shows an example schematic diagram of a business processing procedure according to another embodiment of the present disclosure.

[0132] like Figure 6As shown, in embodiment 600 of the business processing, the business processing process may include operations S601 to S607.

[0133] When operating the S601, users can trigger functions.

[0134] When operating S602, an application can trigger computation to a trusted application.

[0135] When operating S603, trusted applications can collect system data from TEEOS.

[0136] When operating S604, TEEOS can determine whether a trusted application is the target application and whether it is authorized by the user.

[0137] When operating the S605, TEEOS can send system data to trusted applications.

[0138] When operating S606, trusted applications can perform fusion calculations on application data and system data to obtain business processing results.

[0139] When operating S607, trusted applications can send business processing results to applications.

[0140] According to embodiments of this disclosure, the business processing method may further include the following operations: in response to receiving a call request from a caller for a candidate trusted application, authenticating the caller and obtaining an authentication result, wherein the caller is different from the target application that initiated the business processing request; in response to the authentication result indicating that the caller has passed authentication, the candidate trusted application responds to the call request.

[0141] A caller is an entity that requests the use of a candidate trusted application's functionality but is different from the target application that initiated the business processing request. For example, a caller could be another application on the device, a system service, or an authorized third-party program. A call request is an instruction or message issued by the caller to the trusted execution environment or its management unit, intended to request a specific candidate trusted application to perform its functionality.

[0142] Upon receiving an external request, the first step is to verify the requester's identity and permissions, i.e., to authenticate the caller and obtain the authentication result. Authentication is the process of verifying the caller's identity and determining whether they have the legitimate permissions to use the requested trusted application. The authentication result is the conclusion generated after authenticating the caller; for example, the authentication result can be "authentication passed" or "authentication failed."

[0143] The specific authentication method can be configured according to actual business needs and is not limited here. For example, the caller's authentication information can be added to the trusted application for authentication. Alternatively, the caller can present a time-limited encrypted token issued by the target application or an authority center, and the application can authenticate by verifying the validity of this token. Alternatively, authentication can not only verify the caller's identity, but also perform a comprehensive evaluation based on contextual attributes (such as time, call frequency, device security status, etc.).

[0144] Once the caller is verified as a legitimate authorized party, the requested candidate trusted application can be provided as a plugin to external programs for invocation, ensuring that trusted applications can cover all devices. Alternatively, a protected session channel can be established between the caller and the application after authentication via secure inter-process communication (IPC) or remote procedure call (RPC) mechanisms, which are not limited here.

[0145] In the embodiments of this disclosure, by introducing an authentication mechanism for the caller, trusted applications can securely provide services to authorized entities other than their original application, achieving secure capability openness and sharing. Simultaneously, this authentication process effectively prevents unauthorized applications from maliciously calling or attacking trusted computing resources, ensuring that the services of trusted applications are accessed only within a controlled scope, thus improving their utilization and functional flexibility.

[0146] According to embodiments of this disclosure, candidate trusted applications can run as resident processes in a trusted execution environment; the above method may further include the following operations: processing real-time privacy data through resident processes to obtain intermediate processing results; and determining the business processing result from the intermediate processing results in response to a business processing request.

[0147] Trusted applications can run continuously within a TEE as either a service or a persistent process. A persistent process is a background process or service that is loaded and runs continuously after TEEOS starts, and its lifecycle is independent of the start and stop of any external application. In addition, a trusted application can also be initially in a dormant state, become persistent after being invoked for the first time, and be safely suspended by TEEOS while preserving its state when system resources are scarce.

[0148] Real-time privacy data refers to user privacy data sequences or snapshots that are continuously or periodically collected by the resident process and securely stored within the TEE before a business processing request is initiated. The resident process actively or periodically performs calculations on the accumulated privacy data in the background to obtain intermediate processing results. The intermediate processing results are generated by the resident process after performing preprocessing, aggregation, and feature extraction operations on the real-time privacy data.

[0149] The calculation process for intermediate processing results can be configured according to actual business needs and is not limited here. For example, when real-time privacy data accumulates to a certain threshold or a specific time window is reached, the calculation process for intermediate processing results can be started automatically. Alternatively, intermediate processing results can be saved in an incrementally updatable data structure, updating only the affected parts when new real-time privacy data arrives.

[0150] When the target application initiates a business processing request, there's no need to reprocess related privacy data. Instead, it directly queries or performs lightweight calculations on pre-computed intermediate processing results, thereby quickly generating the business processing result. For example, a resident process can expose a secure query API. After the target application passes in request parameters, the resident process retrieves and returns the business processing result from the intermediate processing result library. Alternatively, the intermediate processing result can be a feature vector. In response to the business processing request, a lightweight inference model can be loaded, and the business processing result can be obtained based on this feature vector.

[0151] In the embodiments of this disclosure, by setting the candidate trusted application as a resident process within the TEE, it possesses continuous and proactive data processing capabilities, providing low-latency data preparation for services with high real-time requirements. Through this resident process, real-time privacy data is preprocessed in the background and intermediate processing results are generated. Service requests can be quickly determined directly from these preprocessed intermediate results, reducing the response time of service processing requests and improving the user experience.

[0152] The above are merely exemplary embodiments, but are not limited thereto. Other business processing methods known in the art may also be included, as long as they can improve the privacy and security of business processing.

[0153] Based on the above-described business processing method, the present invention also provides a business processing apparatus. The following will be combined with... Figure 7 The device is described in detail.

[0154] Figure 7 A block diagram of a service processing apparatus according to an embodiment of the present disclosure is shown schematically.

[0155] like Figure 7 As shown, the service processing device 700 may include an acquisition module 710 and a first processing module 720.

[0156] The acquisition module 710 is used to acquire pending privacy data related to the business processing request in response to receiving a business processing request initiated by the target application, wherein the business processing request includes pending business data.

[0157] The first processing module 720 is used to process the business data to be processed and the privacy data to be processed in a trusted execution environment according to the business processing strategy used for the business processing request, obtain the business processing result, and return the business processing result to the target application.

[0158] According to embodiments of this disclosure, multiple candidate trusted applications are deployed in a trusted execution environment. The secure storage area of ​​the trusted execution environment stores system data and candidate privacy data for each candidate trusted application. The acquisition module 710 may include a first determining submodule and an acquisition submodule.

[0159] The first determination submodule is used to determine the target trusted application corresponding to the target application from multiple candidate trusted applications based on the type of the target application.

[0160] The acquisition submodule is used to call the target trusted application to retrieve system data and target privacy data for the target trusted application from the secure storage area, thus obtaining the privacy data to be processed.

[0161] According to embodiments of this disclosure, the acquisition submodule may include an encryption unit and a decryption unit.

[0162] The encryption unit is used to transmit system data and target privacy data in a secure storage area to a trusted execution environment in ciphertext through a target trusted application, thereby obtaining privacy data to be processed.

[0163] The decryption unit is used to decrypt the privacy data to be processed in a trusted execution environment to obtain the decrypted privacy data.

[0164] According to embodiments of this disclosure, the service processing apparatus 700 may further include a first verification module, a second verification module, and an execution module.

[0165] The first verification module is used to verify the reliability of the source of the business data to be processed and obtain the first verification result.

[0166] The second verification module is used to verify the target application's permission to access the trusted execution environment and obtain the second verification result.

[0167] The execution module is used to retrieve the privacy data to be processed in response to the first verification result indicating that the reliability has been verified and the second verification result indicating that the permission has been verified.

[0168] According to embodiments of this disclosure, a candidate trusted application is deployed by: sending code for the candidate trusted application to a verifier to verify the code and obtain a verification result; in response to the verification result indicating that the code has passed verification, determining reference authentication information for the code; using the reference authentication information as an identifier for the code, running the code in a trusted execution environment to deploy the candidate trusted application.

[0169] According to embodiments of this disclosure, the code has a functional description that describes the business processing logic of the candidate trusted application in natural language.

[0170] According to embodiments of this disclosure, the acquisition module 710 may further include a matching submodule and an execution submodule.

[0171] The matching submodule is used to match the target authentication information determined based on the target trusted application with the reference authentication information of the program corresponding to the target trusted application to obtain the matching result.

[0172] The execution submodule is used to execute and invoke the target trusted application in response to the matching result indicating that the target authentication information matches the reference authentication information.

[0173] According to embodiments of this disclosure, the service processing apparatus 700 may further include an authentication module and a response module.

[0174] The authentication module is used to respond to a call request from a caller for a candidate trusted application, authenticate the caller, and obtain the authentication result. The caller is different from the target application that initiated the business processing request.

[0175] The response module is used to respond to the authentication result indicating that the caller has passed authentication, and the candidate trusted application responds to the call request.

[0176] According to embodiments of this disclosure, the candidate trusted application runs as a resident process in a trusted execution environment; the business processing device 700 may further include a second processing module and a determination module.

[0177] The second processing module is used to process real-time privacy data through a resident process and obtain intermediate processing results.

[0178] The determination module is used to determine the business processing result from the intermediate processing results in response to the business processing request.

[0179] According to embodiments of this disclosure, the service processing request is for a target service; the first processing module 720 may include a second determining submodule and a processing submodule.

[0180] The second determination submodule is used to determine the target business processing strategy for the target business from multiple candidate business processing strategies based on the target business.

[0181] The processing submodule is used to process the business data to be processed and the privacy data to be processed in a trusted execution environment according to the target business processing strategy, and obtain the business processing result.

[0182] According to embodiments of this disclosure, the service processing apparatus 700 may further include a sensitivity analysis module, a third processing module, and a fourth processing module.

[0183] The sensitivity analysis module is used to perform sensitivity analysis on the results of business processing and obtain the sensitivity analysis results.

[0184] The third processing module is used to return the business processing result to the target application if the sensitivity analysis results indicate that there is no privacy information in the business processing result.

[0185] The fourth processing module is used to desensitize the business processing results when the sensitivity analysis information indicates that there is privacy information in the business processing results, and then return the desensitized business processing results to the target application.

[0186] Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure, or at least part of the functions of any one or more of them, can be implemented in one module. Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be implemented by dividing them into multiple modules. Any one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be at least partially implemented as hardware circuitry, such as a Field-Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a System-on-Chip, a System-on-a-Substrate, a System-on-Package, an Application-Specific Integrated Circuit (ASIC), or implemented in hardware or firmware by any other reasonable means of integrating or packaging circuitry, or implemented in software, hardware, or firmware, or in any suitable combination of any of these three implementation methods. Alternatively, one or more of the modules, submodules, units, and subunits according to embodiments of the present disclosure can be at least partially implemented as computer program modules, which, when run, can perform corresponding functions.

[0187] It should be noted that the service processing device part in the embodiments of this disclosure corresponds to the service processing method part in the embodiments of this disclosure. The description of the service processing device part is specifically referred to in the service processing method part, and will not be repeated here.

[0188] Figure 8 A block diagram of an electronic device suitable for implementing a business processing method according to an embodiment of the present disclosure is shown schematically. Figure 8 The electronic device shown is merely an example and should not be construed as limiting the functionality and scope of the embodiments disclosed herein.

[0189] like Figure 8 As shown, a computer electronic device 800 according to an embodiment of the present disclosure includes a processor 801, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 802 or a program loaded from a storage portion 809 into a random access memory (RAM) 803. The processor 801 may include, for example, a general-purpose microprocessor (e.g., a CPU), an instruction set processor and / or an associated chipset and / or a special-purpose microprocessor (e.g., an application-specific integrated circuit (ASIC)), etc. The processor 801 may also include onboard memory for caching purposes. The processor 801 may include a single processing unit or multiple processing units for performing different actions of the method flow according to an embodiment of the present disclosure.

[0190] RAM 803 stores various programs and data required for the operation of electronic device 800. Processor 801, ROM 802, and RAM 803 are interconnected via bus 804.

[0191] According to embodiments of this disclosure, the electronic device 800 may further include an input / output (I / O) interface 805, which is also connected to a bus 804. The electronic device 800 may also include one or more of the following components connected to the input / output (I / O) interface 805: an input section 806 including a keyboard, mouse, etc.; an output section 807 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and a speaker, etc.; a storage section 808 including a hard disk, etc.; and a communication section 809 including a network interface card such as a LAN card, modem, etc. The communication section 809 performs communication processing via a network such as the Internet. A drive 810 is also connected to the input / output (I / O) interface 805 as needed. A removable medium 811, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., is installed on the drive 810 as needed so that computer programs read from it can be installed into the storage section 808 as needed.

[0192] This disclosure also provides a computer-readable storage medium, which may be included in the device / apparatus / system described in the above embodiments; or it may exist independently and not assembled into the device / apparatus / system. The computer-readable storage medium carries one or more programs, which, when executed, implement the business processing method according to the embodiments of this disclosure.

[0193] In this disclosure, a computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.

[0194] Embodiments of this disclosure also include a computer program product comprising a computer program containing program code for performing the methods provided in the embodiments of this disclosure. When the computer program product is run on an electronic device, the program code is used to enable the electronic device to implement the business processing methods provided in the embodiments of this disclosure.

[0195] When the computer program is executed by the processor 801, it performs the functions defined in the system / apparatus of this disclosure embodiments. According to embodiments of this disclosure, the systems, apparatuses, modules, units, etc., described above can be implemented by computer program modules.

[0196] According to embodiments of this disclosure, program code for executing computer programs provided in embodiments of this disclosure can be written in any combination of one or more programming languages.

[0197] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this disclosure. It should also be noted that in some alternative implementations, the functions indicated in the boxes may occur in a different order than those shown in the drawings.

[0198] The embodiments of this disclosure have been described above. However, these embodiments are for illustrative purposes only and are not intended to limit the scope of this disclosure. Although various embodiments have been described above, this does not mean that the measures in the various embodiments cannot be used advantageously in combination. The scope of this disclosure is defined by the appended claims and their equivalents. Various substitutions and modifications can be made by those skilled in the art without departing from the scope of this disclosure, and all such substitutions and modifications should fall within the scope of this disclosure.

Claims

1. A business processing method applied to a terminal device, wherein the terminal device is equipped with a trusted execution environment, characterized in that, The method includes: In response to receiving a service processing request initiated by a target application, the system obtains pending privacy data related to the service processing request, wherein the service processing request includes pending service data; and In accordance with the business processing strategy used for the business processing request, the pending business data and the pending privacy data are processed in the trusted execution environment to obtain the business processing result, and the business processing result is returned to the target application.

2. The method according to claim 1, characterized in that, Multiple candidate trusted applications are deployed in the trusted execution environment, and system data and candidate privacy data for each candidate trusted application are stored in the secure storage area of ​​the trusted execution environment. The acquisition of the privacy data to be processed related to the business processing request includes: Based on the type of the target application, a target trusted application corresponding to the target application is determined from among the multiple candidate trusted applications; and The target trusted application is invoked to obtain the system data and target privacy data for the target trusted application from the secure storage area, thereby obtaining the privacy data to be processed.

3. The method according to claim 2, characterized in that, The process involves invoking the target trusted application, retrieving system data and target privacy data for the target trusted application from the secure storage area, and obtaining the privacy data to be processed, including: Through the target trusted application, the system data and the target privacy data in the secure storage area are transmitted in encrypted form to the trusted execution environment to obtain the privacy data to be processed; The method further includes, after obtaining the privacy data to be processed related to the business processing request: In the trusted execution environment, the privacy data to be processed is decrypted to obtain the decrypted privacy data to be processed.

4. The method according to any one of claims 1 to 3, further comprising, before acquiring the privacy data to be processed related to the business processing request: The reliability of the source of the business data to be processed is verified to obtain a first verification result; The permission of the target application to access the trusted execution environment is verified to obtain a second verification result; as well as In response to the first verification result indicating that the reliability has been verified and the second verification result indicating that the permission has been verified, the process of obtaining the privacy data to be processed is executed.

5. The method according to claim 2, characterized in that, The candidate trusted application is deployed in the following manner: The code used for the candidate trusted application is sent to the verifier so that the verifier can verify the code and obtain the verification result. In response to the verification result indicating that the code has passed verification, reference authentication information for the code is determined; as well as The reference authentication information is used as the identifier of the code, and the code is run in the trusted execution environment to deploy the candidate trusted application.

6. The method according to claim 5, characterized in that, The code has a functional description, which describes the business processing logic of the candidate trusted application in natural language.

7. The method of claim 5 or 6, further comprising, before invoking the target trusted application: The target authentication information determined based on the target trusted application and the reference authentication information of the program corresponding to the target trusted application are matched to obtain a matching result; and In response to the matching result indicating that the target authentication information matches the reference authentication information, the target trusted application is invoked.

8. The method according to claim 2, further comprising: In response to receiving a call request from a caller for the candidate trusted application, the caller is authenticated, and an authentication result is obtained, wherein the caller is different from the target application that initiated the business processing request; and In response to the authentication result indicating that the caller has passed authentication, the candidate trusted application responds to the call request.

9. The method according to claim 2, characterized in that, The candidate trusted applications run as resident processes in the trusted execution environment; The method further includes: The persistent process processes real-time privacy data to obtain intermediate processing results; and In response to the business processing request, the business processing result is determined from the intermediate processing result.

10. The method according to claim 1, characterized in that, The business processing request is targeted at the specific business; The process, in the trusted execution environment, according to the business processing strategy used for the business processing request, processes the business data to be processed and the privacy data to be processed to obtain the business processing result, including: Based on the target service, a target service processing strategy is determined from multiple candidate service processing strategies; and According to the target business processing strategy, the business data to be processed and the privacy data to be processed are processed in the trusted execution environment to obtain the business processing result.

11. The method according to claim 1, characterized in that, Returning the business processing result to the target application includes: Sensitivity analysis is performed on the business processing results to obtain the sensitivity analysis results; If the sensitivity analysis results indicate that the business processing result does not contain privacy information, the business processing result is returned to the target application; and If the sensitivity analysis information indicates that the business processing result contains privacy information, the business processing result is desensitized, and the desensitized business processing result is returned to the target application.

12. A business processing apparatus, applied to a terminal device, wherein the terminal device is provided with a trusted execution environment, characterized in that, The method includes: The acquisition module is configured to, in response to receiving a business processing request initiated by a target application, acquire pending privacy data related to the business processing request, wherein the business processing request includes pending business data; and The first processing module is configured to process the pending business data and the pending privacy data in the trusted execution environment according to the business processing strategy for the business processing request, obtain the business processing result, and return the business processing result to the target application.

13. An electronic device, comprising: One or more processors; Memory, used to store one or more computer programs. The characteristic feature is that the one or more processors execute the one or more computer programs to implement the steps of the method according to any one of claims 1 to 11.

14. A computer-readable storage medium having a computer program or instructions stored thereon, characterized in that, When the computer program or instructions are executed by a processor, they implement the steps of the method according to any one of claims 1 to 11.

15. A computer program product, comprising a computer program or instructions, characterized in that, When the computer program or instructions are executed by a processor, they implement the steps of the method according to any one of claims 1 to 11.

Images