Nothing Special   »   [go: up one dir, main page]

SG11201908946PA - Program execution and data proof scheme using multiple key pair signatures - Google Patents

Program execution and data proof scheme using multiple key pair signatures

Info

Publication number
SG11201908946PA
SG11201908946PA SG11201908946PA SG11201908946PA SG 11201908946P A SG11201908946P A SG 11201908946PA SG 11201908946P A SG11201908946P A SG 11201908946PA SG 11201908946P A SG11201908946P A SG 11201908946PA
Authority
SG
Singapore
Prior art keywords
sub
logic code
international
tee
executed
Prior art date
Application number
Inventor
Yirong Yu
Honglin Qiu
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Publication of SG11201908946PA publication Critical patent/SG11201908946PA/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 27 June 2019 (27.06.2019) WIPO I PCT 111111111111101111111111111111011111010111011111111111111111111111111111111011110111111 (10) International Publication Number WO 2019/120317 A2 (51) International Patent Classification: Not classified (21) International Application Number: PCT/CN2019/079715 (22) International Filing Date: 26 March 2019 (26.03.2019) (25) Filing Language: English (26) Publication Language: English (71) Applicant: ALIBABA GROUP HOLDING LIMITED [—/CN]; Fourth Floor, One Capital Place, P.O. BOX 847, George Town, Grand Cayman (KY). (72) Inventors: YU, Yirong; Alibaba Group Legal Department 5/F, Building 3, No. 969 West Wen Yi Road, Yu Hang Dis- trict, Hangzhou, Zhejiang 311121 (CN). QIU, Honglin; Al- ibaba Group Legal Department 5/F, Building 3, No. 969 West Wen Yi Road, Yu Hang District, Hangzhou, Zhejiang 311121 (CN). (74) Agent: BEIJING BESTIPR INTELLECTUAL PROP- ERTY LAW CORPORATION; Room 409, Tower B, Ka Wah Building, No. 9 Shangdi 3rd Street, Haidian District, Beijing 100085 (CN). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, 1E, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). (54) Title: PROGRAM EXECUTION AND DATA PROOF SCHEME USING MULTIPLE KEY PAIR SIGNATURES :300 320 Attestation Evidence Measurement Value — Public Key — Signature — (57) : Methods, systems, and apparatus, including computer programs encoded on computer storage media for program execution and data proof scheme to prove that sub-logic code that was expected to be executed within a TEE was indeed executed, and that the resulting data is trustworthy. In some implementations, each sub-logic code of a plurality of sub-logic code is registered, and stored within the TEE, and a key pair (private key, public key) corresponding to the sub-logic code is generat- ed. The client receives and stores the public key, sends requests to the TEE with an identifier of the sub-logic that is to be executed. The sub- 310 logic code corresponding to the identifier is executed within the TEE, which signs the result using a digital signature that is generated using the private key of the sub-logic code. The client verifies the result based on the digital signature and the public key of the sub-logic code. W O 20 19/ 1203 17 A2 AVR Attestation Evidence — Verification Result — Signature FIG. 3 [Continued on next page] WO 2019/12031'7 A2 I Illi I 01111I 011101011111111M0 1 0 111 0 HOIHNOMOIHHIMINHOHE Published: upon request of the applicant, before the expiration of the time limit referred to in Article 21(2)(a) without international search report and to be republished upon receipt of that report (Rule 48.2(g))
SG11201908946P 2019-03-26 2019-03-26 Program execution and data proof scheme using multiple key pair signatures SG11201908946PA (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/079715 WO2019120317A2 (en) 2019-03-26 2019-03-26 Program execution and data proof scheme using multiple key pair signatures

Publications (1)

Publication Number Publication Date
SG11201908946PA true SG11201908946PA (en) 2019-10-30

Family

ID=66994285

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201908946P SG11201908946PA (en) 2019-03-26 2019-03-26 Program execution and data proof scheme using multiple key pair signatures

Country Status (10)

Country Link
US (2) US10762197B1 (en)
EP (1) EP3610405B1 (en)
JP (1) JP2020522034A (en)
KR (1) KR102392420B1 (en)
CN (1) CN110998581B (en)
AU (1) AU2019204707B2 (en)
CA (1) CA3058499C (en)
SG (1) SG11201908946PA (en)
TW (1) TWI725655B (en)
WO (1) WO2019120317A2 (en)

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG11201908946PA (en) 2019-03-26 2019-10-30 Alibaba Group Holding Ltd Program execution and data proof scheme using multiple key pair signatures
US11537523B2 (en) * 2019-07-31 2022-12-27 Red Hat, Inc. Command result caching for building application container images
US20220292174A1 (en) * 2019-08-19 2022-09-15 Nokia Technologies Oy Verifiability for execution in trusted execution environment
CN110633328B (en) * 2019-09-25 2024-03-22 腾讯云计算(北京)有限责任公司 Information processing method, device and computer readable storage medium
EP4046360A4 (en) * 2019-10-18 2023-11-01 Tbcasoft, Inc. Verification requirement document for credential verification
EP4049406A1 (en) * 2019-10-23 2022-08-31 "Enkri Holding", Limited Liability Company Method and system for anonymous identification of a user
CN111090865B (en) * 2019-12-17 2022-01-25 支付宝(杭州)信息技术有限公司 Secret key authorization method and system
CN110890962B (en) * 2019-12-20 2021-04-13 支付宝(杭州)信息技术有限公司 Authentication key negotiation method, device, storage medium and equipment
US20210200858A1 (en) * 2019-12-28 2021-07-01 Intel Corporation Executing code in protected memory containers by trust domains
US11244077B2 (en) * 2020-01-31 2022-02-08 Fortanix, Inc. Securing data integrity for an application
EP4107903A4 (en) * 2020-02-21 2023-08-23 SDSE Networks, Inc. Method and system for secure communication
JP6830635B1 (en) * 2020-02-21 2021-02-17 株式会社LayerX Data management method
US11121864B1 (en) * 2020-03-13 2021-09-14 International Business Machines Corporation Secure private key distribution between endpoint instances
US11087016B1 (en) 2020-08-20 2021-08-10 Spideroak, Inc. Implementation of a file system on a block chain
CN112422500B (en) * 2020-09-25 2023-05-16 北京熠智科技有限公司 Cross-platform data transmission method and device, storage medium and electronic device
US11475140B1 (en) * 2020-11-24 2022-10-18 Amazon Technologies, Inc. Enclave-based cryptography services in edge computing environments
CN112700852A (en) * 2021-01-07 2021-04-23 福州数据技术研究院有限公司 Method for issuing and managing medical data assets based on block chain intelligent contracts and storage device
US20220245238A1 (en) * 2021-01-29 2022-08-04 Securosys SA Trusted Execution Environment to Provide Attestation of Code Execution Result
CN115237495A (en) * 2021-02-09 2022-10-25 支付宝(杭州)信息技术有限公司 Method and device for starting application program on target platform
KR102561252B1 (en) * 2021-03-18 2023-07-28 인하대학교 산학협력단 Blockchain-based crowdsensing method providing automatic quality verification
CN113221166A (en) * 2021-05-11 2021-08-06 支付宝(杭州)信息技术有限公司 Method and device for acquiring block chain data, electronic equipment and storage medium
CN112989319B (en) * 2021-05-12 2021-08-31 支付宝(杭州)信息技术有限公司 Method, device, electronic equipment and storage medium for realizing trusted computing
CN112948810B (en) * 2021-05-12 2021-08-31 支付宝(杭州)信息技术有限公司 Trusted computing program calling method and device, electronic equipment and storage medium
US11809607B2 (en) * 2021-08-05 2023-11-07 International Business Machines Corporation Customization of multi-part metadata of a secure guest
US11829495B2 (en) 2021-08-05 2023-11-28 International Business Machines Corporation Confidential data provided to a secure guest via metadata
US12056232B2 (en) * 2021-08-27 2024-08-06 EMC IP Holding Company LLC Function-based service framework with trusted execution platform
EP4145762B1 (en) * 2021-09-06 2023-10-25 Axis AB Method and system for enabling secure processing of data using a processing application
WO2023113573A1 (en) * 2021-12-17 2023-06-22 주식회사 크립토랩 Electronic device and encryption method
WO2023186328A1 (en) * 2022-04-01 2023-10-05 Huawei Technologies Co., Ltd. Method and apparatus for providing an application-level attestation for trusted applications
CN115065465A (en) * 2022-06-17 2022-09-16 湖南三湘银行股份有限公司 Personal data processing method and device based on zero-knowledge proof
CN116112187B (en) * 2023-04-10 2023-07-14 山东海量信息技术研究院 Remote proving method, device, equipment and readable storage medium

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9064109B2 (en) * 2012-12-20 2015-06-23 Intel Corporation Privacy enhanced key management for a web service provider using a converged security engine
US9698989B2 (en) * 2013-07-23 2017-07-04 Intel Corporation Feature licensing in a secure processing environment
US9444627B2 (en) * 2014-12-24 2016-09-13 Intel Corporation System and method for providing global platform compliant trusted execution environment
US9722775B2 (en) * 2015-02-27 2017-08-01 Verizon Patent And Licensing Inc. Network services via trusted execution environment
EP3271824A4 (en) * 2015-03-20 2018-09-05 Rivetz Corp. Automated attestation of device integrity using the block chain
CN104899506B (en) 2015-05-08 2018-01-12 深圳市雪球科技有限公司 Security system implementation method based on virtual secure element in credible performing environment
US9787478B2 (en) * 2015-06-10 2017-10-10 Qualcomm Incorporated Service provider certificate management
US10230529B2 (en) * 2015-07-31 2019-03-12 Microsft Technology Licensing, LLC Techniques to secure computation data in a computing environment
CN106899551B (en) * 2015-12-21 2020-04-17 中国电信股份有限公司 Authentication method, authentication terminal and system
US10419402B2 (en) * 2017-01-26 2019-09-17 Microsoft Technology Licensing, Llc Addressing a trusted execution environment using signing key
US10691793B2 (en) 2017-02-20 2020-06-23 AlphaPoint Performance of distributed system functions using a trusted execution environment
WO2018164955A1 (en) * 2017-03-06 2018-09-13 Rivetz Corp. Device enrollment protocol
US10397005B2 (en) * 2017-03-31 2019-08-27 Intel Corporation Using a trusted execution environment as a trusted third party providing privacy for attestation
JP7012741B2 (en) * 2017-04-11 2022-01-28 エヌチェーン ホールディングス リミテッド Rapid decentralized consensus on the blockchain
US10742393B2 (en) 2017-04-25 2020-08-11 Microsoft Technology Licensing, Llc Confidentiality in a consortium blockchain network
US11379573B2 (en) 2017-07-13 2022-07-05 Huawei Technologies Co., Ltd. Trusted application access control method and terminal
US10567359B2 (en) 2017-07-18 2020-02-18 International Business Machines Corporation Cluster of secure execution platforms
CN107464109B (en) * 2017-07-28 2020-10-20 中国工商银行股份有限公司 Trusted mobile payment device, system and method
CN107689868B (en) * 2017-09-12 2021-09-07 北京握奇智能科技有限公司 Communication method and device for client application and trusted application and terminal
US10887090B2 (en) * 2017-09-22 2021-01-05 Nec Corporation Scalable byzantine fault-tolerant protocol with partial tee support
CN108563953B (en) * 2018-03-26 2021-12-21 南京微可信信息技术有限公司 Safe and extensible trusted application development method
SG11201908946PA (en) 2019-03-26 2019-10-30 Alibaba Group Holding Ltd Program execution and data proof scheme using multiple key pair signatures

Also Published As

Publication number Publication date
WO2019120317A3 (en) 2020-02-20
CN110998581A (en) 2020-04-10
KR102392420B1 (en) 2022-05-02
AU2019204707A1 (en) 2019-06-27
KR20200116012A (en) 2020-10-08
TWI725655B (en) 2021-04-21
EP3610405A2 (en) 2020-02-19
JP2020522034A (en) 2020-07-27
CA3058499C (en) 2021-10-26
AU2019204707B2 (en) 2020-10-01
EP3610405B1 (en) 2021-07-21
EP3610405A4 (en) 2020-07-08
CN110998581B (en) 2024-05-24
US20200349252A1 (en) 2020-11-05
US10762197B1 (en) 2020-09-01
US10977362B2 (en) 2021-04-13
TW202036345A (en) 2020-10-01
WO2019120317A2 (en) 2019-06-27
CA3058499A1 (en) 2019-06-27

Similar Documents

Publication Publication Date Title
SG11201908946PA (en) Program execution and data proof scheme using multiple key pair signatures
SG11201908981SA (en) Retrieving public data for blockchain networks using highly available trusted execution environments
SG11201908552RA (en) Methods and devices for testing signature verification for blockchain system
SG11201909630TA (en) Anti-replay attack authentication protocol
SG11201910054WA (en) Securely executing smart contract operations in a trusted execution environment
SG11201908651SA (en) Methods and devices for protecting sensitive data of transaction activity based on smart contract in blockchain
SG11201908983WA (en) Retrieving access data for blockchain networks using highly available trusted execution environments
SG11201908982QA (en) Managing sensitive data elements in a blockchain network
SG11201909855YA (en) Distributed key management for trusted execution environments
SG11201906830XA (en) Verifying integrity of data stored in a consortium blockchain using a public sidechain
SG11201903566XA (en) Regulating blockchain confidential transactions
SG11201909948WA (en) Product promotion using smart contracts in blockchain networks
SG11201908387SA (en) Consensus system downtime recovery
SG11201908853YA (en) System and method for ending view change protocol
SG11201908890XA (en) System and method for implementing different types of blockchain contracts
SG11201906834SA (en) Achieving consensus among network nodes in a distributed system
SG11201909014QA (en) Preventing misrepresentation of input data by participants in a secure multi-party computation
SG11201906754SA (en) Off-chain smart contract service based on trusted execution environment
SG11201902778UA (en) System and method for information protection
SG11201908554PA (en) Methods and devices for acquiring and recording tracking information on blockchain
SG11201909112PA (en) Field-programmable gate array based trusted execution environment for use in a blockchain network
SG11201908294TA (en) System and method for parallel-processing blockchain transactions
SG11201909013RA (en) Authentication based on a recoverd public key
SG11201909946UA (en) Logistic regression modeling scheme using secrete sharing
SG11201909861UA (en) Transferring digital tickets based on blockchain networks