Nothing Special   »   [go: up one dir, main page]

WO2024198933A1 - Private key protection method, server access method, system, device, and storage medium - Google Patents

Private key protection method, server access method, system, device, and storage medium Download PDF

Info

Publication number
WO2024198933A1
WO2024198933A1 PCT/CN2024/081369 CN2024081369W WO2024198933A1 WO 2024198933 A1 WO2024198933 A1 WO 2024198933A1 CN 2024081369 W CN2024081369 W CN 2024081369W WO 2024198933 A1 WO2024198933 A1 WO 2024198933A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
private key
key
tee
client
Prior art date
Application number
PCT/CN2024/081369
Other languages
French (fr)
Chinese (zh)
Inventor
路放
Original Assignee
杭州阿里云飞天信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州阿里云飞天信息技术有限公司 filed Critical 杭州阿里云飞天信息技术有限公司
Publication of WO2024198933A1 publication Critical patent/WO2024198933A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Definitions

  • the present application relates to the field of communication technology, and in particular to a method, system, device and storage medium for private key protection and server access.
  • a key technology in privacy computing technology is cryptography.
  • the security of private keys determines the data security of each environment in the privacy computing process. How to improve the security of private keys and reduce the risk of private key leakage has become a technical problem that needs to be solved in this field.
  • Multiple aspects of the present application provide a private key protection and server access method, system, device and storage medium to reduce the risk of private key leakage and improve private key security.
  • an embodiment of the present application provides a private key protection method, including:
  • TEE Use the trusted execution environment TEE to obtain the target user's public and private key pairs to be protected
  • the private key in the public-private key pair is encrypted using the data key to obtain a ciphertext of the private key
  • the TEE is used to return the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key to the user's client, so that the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
  • an embodiment of the present application further provides a server access method, including:
  • the trusted execution environment TEE is used to obtain a decryption request initiated by the client;
  • the decryption request includes a ciphertext of a random number, a ciphertext of the data key, and a ciphertext of the private key;
  • the ciphertext of the random number is obtained by the server responding to the client's access request by encrypting the random number using the public key in the public-private key pair;
  • the client stores the ciphertext of the data key and the ciphertext of the private key;
  • the plain text of the random number is returned to the client, so that the client can access the server based on the plain text of the random number.
  • an embodiment of the present application further provides a private key protection method, including:
  • TEE Call the trusted execution environment TEE to encrypt the private key in the public-private key pair of the target user, so that the TEE can call the KMS to obtain the data key of the target user and the ciphertext of the data key, and use the data key to encrypt the private key to obtain the ciphertext of the private key;
  • the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key are stored.
  • an embodiment of the present application further provides a server access method, including:
  • the decryption request including the ciphertext of the random number, the ciphertext of the data key and the ciphertext of the private key, so that the TEE calls the KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number;
  • an embodiment of the present application further provides a communication system, including: a client, a first service node and a second service node; the first service node runs a trusted execution environment TEE; the second service node is used to provide a key management service;
  • the first service node is used to perform the steps in the method provided in the first aspect and/or the second aspect above;
  • the client is used to execute the steps in the method provided in the third aspect and/or the fourth aspect of the claim.
  • an embodiment of the present application further provides a computing device, comprising: a memory and a processor; wherein the memory is used to store a computer program;
  • the processor is coupled to the memory, and is configured to execute the computer program to execute the steps in the method performed by the first service node in the fifth aspect and/or the client in the fifth aspect.
  • an embodiment of the present application further provides a computer-readable storage medium storing computer instructions.
  • the computer instructions are executed by one or more processors, the one or more processors are caused to execute the steps in the method executed by the first service node in the fifth aspect and/or the client in the fifth aspect.
  • a Trusted Execution Environment (TEE) and a Key Management Service (KMS) are introduced to protect the private key in the security protocol.
  • TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage.
  • TEE encrypts the private key so that the plaintext of the private key remains in the TEE for confidential computing, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
  • FIG1 is a schematic diagram of a process for verifying login using a public and private key pair provided by the SSH protocol provided by a traditional solution;
  • FIGS. 2 and 3 are schematic diagrams of a process for private key protection by a communication system provided in an embodiment of the present application
  • FIG4 is a schematic diagram of a process of performing trusted authentication on a TEE by a communication system provided in an embodiment of the present application
  • FIG5 is a schematic diagram of a process of accessing a server by a communication system according to an embodiment of the present application
  • 6 and 7 are schematic flow diagrams of a private key protection method provided in an embodiment of the present application.
  • FIGS. 8 and 9 are schematic diagrams of a process of accessing a server provided in an embodiment of the present application.
  • FIG. 10 is a schematic diagram of the structure of a computing device provided in an embodiment of the present application.
  • FIG1 is a schematic diagram of a traditional solution for verifying a login using a public-private key pair provided by a secure shell (SSH) protocol.
  • SSH secure shell
  • the SSH protocol is a protocol used for secure remote login and other secure network services on an insecure network.
  • the communication system includes a client 10 and a server 20.
  • the client 10 refers to a computer device used by a user and having the functions of computing, surfing the Internet, communicating, etc. required by the user, such as a smart phone, a tablet computer, a personal computer, a wearable device, etc.
  • the client 10 can also be implemented as a server device.
  • it can be a single server device, a cloud server array, or a virtual machine (VM) running in a cloud server array.
  • VM virtual machine
  • it can also refer to other computing devices with corresponding service capabilities, such as computers and other terminal devices (running service programs), etc.
  • the server 20 refers to a server device that responds to requests from the client 10 and provides services to users.
  • the service end 20 can be a single server device, a cloud server array, or a virtual machine (VM) running in a cloud server array.
  • the server end 20 can also refer to other computing devices with corresponding service capabilities, such as computers and other terminal devices (running service programs), etc.
  • the specific implementation form of the service provided by the server end 20 is not limited.
  • the service provided by the server end 20 can be a live broadcast service, an online shopping service, an instant messaging service, an email service, a video service, an audio service or other services, etc.
  • the server 20 may verify the access rights of the target user of the client 10.
  • the client 10 accessing the server 20 may be implemented as the client 10 logging into the server 20 or the client 10 accessing the service provided by the server 20.
  • the public-private key pair mechanism provided by the SSH protocol can be used to verify access rights.
  • the client 10 can generate a public-private key pair and store the public-private key pair in a specified directory (corresponding to step 1 “generate a public-private key pair and store it” in FIG1 ). This is generally the “/.ssh” directory.
  • the client 10 can register the public key in the public-private key pair in the server 20 (corresponding to step 2 in FIG1 ).
  • the client 10 may initiate an access request to the server 20 (corresponding to step 3 of FIG. 1 ).
  • the access request may also be referred to as an SSH connection request.
  • the server 20 may generate a random number in response to the access request; and encrypt the random number using the public key in the public-private key pair to obtain a ciphertext of the random number (corresponding to step 4 “public key encryption of random number” of FIG. 1 ); thereafter, the ciphertext of the random number may be returned to the client 10 (corresponding to step 5 of FIG. 1 ).
  • the client 10 receives the ciphertext of the random number, and reads the private key in the public-private key pair from the "/.ssh" directory to decrypt the random number to obtain the plaintext of the random number (corresponding to step 6 "private key decrypts the ciphertext of the random number" in Figure 1); thereafter, the client 10 may send the plaintext of the random number to the server 20 (corresponding to step 7 in Figure 1).
  • the server 20 may perform access permission verification on the client 10 based on the comparison between the received random number and the random number stored by itself (corresponding to step 8 in Figure 1) to obtain the access permission verification result.
  • the access permission verification result indicates that the client has access permission to the service or does not have access permission.
  • the server 20 may send the access permission verification result to the client 10 (9 corresponds to step 9 in Figure 1). If the random number received by the server 20 is the same as the random number stored by itself, it is determined that the client 10 has access permission, and then an SSH connection is established with the client 10, and the client 10 can access the server 20. If the random number received by the server 20 is different from the random number stored by itself, the server 20 returns a prompt message of no access permission to the client 10, etc.
  • the private key in the public-private key pair is stored in plain text in the "/.ssh" directory of the client.
  • the "/.ssh” directory is a hidden directory, it is generally known to those skilled in the art that the public-private key pair is stored in this directory. Therefore, the private key in the public-private key pair is at risk of leakage. If an attacker steals the SSH private key, he can remotely access the client or even the server or perform other attacks.
  • a trusted execution environment (TEE) and a key management service (KMS) are introduced to protect the private key in the security protocol.
  • TEE calls KMS to obtain the data key and data of the user of the client.
  • the private key is encrypted with the data key in the TEE to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored on the client, realizing the encrypted storage of the private key and reducing the risk of private key leakage.
  • the private key is encrypted by the TEE, so that the plaintext of the private key remains in the TEE for confidential computing, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
  • the communication system includes: a client 10 , a first service node 30 and a second service node 40 .
  • the first service node 30 runs a trusted execution environment (TEE).
  • TEE trusted execution environment
  • the computing entity running TEE is called an enclave.
  • the calculations and memory operations performed in the enclave are invisible to user applications and the operating system kernel.
  • Enclave can provide a trusted isolation space to encapsulate software into the Enclave, ensuring the confidentiality and integrity of software code and data and protecting them from attacks by malicious software.
  • the first service node 30 may create an Enclave based on the Software Guard Extensions (SGX) technology as a Trusted Execution Environment (TEE); and may allocate a portion of the Enclave Page Cache (EPC) in the memory of the first service node 30 for the above-mentioned Enclave to reside.
  • the central processing unit (CPU) of the first service node 30 may create one or more Enclaves at the same time, and the codes run by different Enclaves may be the same or different, depending on the purpose of the corresponding Enclave.
  • the CPU may divide the computing resources and create the Enclave as a Trusted Execution Environment.
  • the computing resources may include a virtual CPU (vCPU) and memory.
  • the vCPU and memory allocated to the Enclave are isolated from other CPUs and memories on the host of the first service node 30.
  • the first service node 30 can be implemented as an independent physical machine to provide TEE services.
  • the first service node 30 can also be deployed on the same physical machine as the client 10, as a functional module providing TEE on the client 10.
  • the second service node 40 can provide a key management service (KMS).
  • KMS can provide a key management and data encryption service platform with simple, reliable, secure, and compliant data encryption protection capabilities.
  • the key management service can be implemented as a software as a service (SaaS) product and deployed in the cloud.
  • KMS can provide a customer master key (CMK). Each user corresponds to a unique CMK.
  • the user is generally a client 10 user.
  • CMK is a key created by a user or cloud service through key management, mainly used to encrypt and protect a data key (DK).
  • DK data key
  • a customer master key can encrypt multiple data keys.
  • a CMK can derive multiple DKs. Different applications of users can adopt Use different DKs to encrypt data, so that even if a DK is lost, it will not affect the use of other applications. If the same CMK is used to encrypt all application data of the user, once the CMK is lost, the security of all application data will be affected.
  • the client 10 can access the server 20 based on the security protocol.
  • the client 10 can be a client of the security protocol.
  • the server 20 can be a server of the security protocol.
  • the client 10 can access the server 20 using the public-private key pair mechanism provided by the security protocol.
  • a security protocol refers to a message exchange protocol based on cryptography, the purpose of which is to provide various security services in a network environment.
  • the security protocol may be the SSH protocol, the Telnet protocol, or the Secure Socket Layer (SSL) protocol, but is not limited thereto.
  • SSL Secure Socket Layer
  • TEE and KMS are introduced to protect the private key in the public-private key pair of the security protocol.
  • the client 10 can call the TEE provided by the first service node 30 to encrypt the private key in the public-private key pair of the target user (corresponding to step 1 in Figure 2 and step 1 in Figure 3).
  • the target user is the user of the client 10.
  • RA Remote Attestation
  • RA refers to a technology in which a computing system (prover) proves its software and/or hardware configuration and status to a remote system (verifier).
  • a remote attestation system usually consists of two parts: a prover and a verifier.
  • the prover side has a system integrity measurement (Integrity Measurement) mechanism, which can report the measurement value of its own system to the verifier through the remote attestation protocol (RAP) based on the remote attestation protocol (Remote Attestation Protocol, RAP) between the prover and the verifier, so that the verifier can verify the integrity of the prover system.
  • RAP remote attestation protocol
  • RAP Remote Attestation Protocol
  • the client 10 can act as a verifier, also known as a challenger.
  • the TEE in the first service node 30 acts as a prover.
  • the RA service node 50 refers to a device, module or virtual instance that provides remote attestation services.
  • a virtual instance can be a virtual machine, a container group (such as a Pod) or a container.
  • the remote attestation service provided by the RA service node 50 can be a SaaS product.
  • the remote attestation process of TEE is exemplified below in conjunction with Figure 4.
  • the client 10 Before using the TEE provided by the first service node 30, the client 10 needs to perform trustworthy verification on the TEE. Under the condition that the TEE is verified to be a trusted executable environment, the TEE can be called to encrypt the private key in the public-private key pair of the target user.
  • the client 10 can use remote attestation technology to verify the credibility of the TEE.
  • the client 10 can initiate a remote attestation (RA) request to the TEE in the first service node 30 (corresponding to step 1 in Figure 4).
  • the TEE in the first service node 30 receives the RA request, and in response to the RA request, generates the TEE's identity key and remote attestation report (Report) (corresponding to step 2 in Figure 4).
  • the first service node 30 can provide the TEE's identity key and remote attestation report (Report) to the RA service node 50 (corresponding to step 3 in Figure 4).
  • the RA service node 50 can verify the legitimacy of the TEE's identity key based on the remote attestation report (Report); and if the verification result shows that the TEE is legal, it will issue an identity authentication certificate for the TEE. Further, the RA service node 50 can obtain the TEE's citation information (Quotes), and use the local public key to encrypt the TEE's citation information to obtain the encrypted citation information (corresponding to step 4 of Figure 4).
  • the citation information may include: the Enclave's identity authentication certificate, measurement log, and signature value.
  • the measurement log may include: the TEE's operating status, security version number (Security Version Number, SVN), hardware signature information (such as PCK cert) and Trusted Computing Base (TCB) information, etc.
  • the RA service node 50 may send the encrypted reference information to the client 10 (corresponding to step 5 in FIG. 4 ).
  • the client 10 may call the RA service node 50 to perform remote certification on the encrypted reference information (corresponding to step 6 in FIG. 4 ).
  • the client 10 may provide the encrypted citation information to the RA service node 50.
  • the RA service node 50 may use the local private key to decrypt the encrypted citation information to obtain the citation information of the TEE.
  • the credibility of the TEE may be verified based on the citation information of the TEE (corresponding to step 7 of Figure 4), and the verification result may be returned to the client 10 (corresponding to step 8 of Figure 4).
  • the verification result is used to indicate whether the TEE is credible, that is, the verification result is whether the TEE is credible or not.
  • the above embodiment describes the TEE credibility verification process by way of example, but does not constitute a limitation.
  • the client 10 when the client 10 confirms that the TEE is credible, it can call the TEE to encrypt the private key in the public-private key pair of the target user (corresponding to step 1 in FIG2 and step 1 in FIG3 ).
  • the target user is the user of the client 10.
  • the first service node 30 can use TEE to obtain the public-private key pair to be protected of the target user (corresponding to step 2 of Figure 2 and step 2 of Figure 3).
  • the public-private key pair can be generated by the first service node 30 for the target user in TEE, or it can be the public-private key pair imported into TEE by the client 10.
  • the client 10 may initiate a key application request to the TEE (corresponding to step 1 in Figure 3).
  • the first service node 30 may use the TEE to receive the key application request, and use the TEE to generate a public-private key pair for the target user in response to the key application request as the public-private key pair to be protected (corresponding to step 2 in Figure 3).
  • the specific implementation method of TEE generating a public-private key pair for the target user is not limited.
  • TEE may use a key generator to generate a public-private key pair for the target user.
  • TEE may call the KMS provided by the second service node 40 to generate a public-private key pair for the target user.
  • the public-private key pair to be protected may also be the public-private key pair provided by the client 10 to the TEE (corresponding to step 1 "Importing the public-private key pair" in FIG. 3). Accordingly, the TEE may receive the public-private key pair provided by the client 10 as the public-private key pair to be protected (corresponding to step 2 "Obtaining the imported public-private key pair" in FIG. 3).
  • TEE can obtain the target user's data key and the ciphertext of the data key from KMS (corresponding to step 3 of Figure 2 and steps 3-5 of Figure 3).
  • TEE can initiate a key application request to KMS (corresponding to step 3 "Apply for DK" in Figure 3).
  • the key application request may include the identity of the target user.
  • KMS receives the key application request and obtains the target user's master key, that is, the target user's DMK, based on the identity of the target user carried in the key application request.
  • the target user's DMK is pre-created for the target user by KMS, that is, the target user has applied for KMS.
  • KMS can generate a data key of the target user based on the DMK of the target user (corresponding to step 3 and step 4 of Figure 2 "CMK derives DK").
  • KMS can derive at least one data key (DK) based on the DMK of the target user using a key derivation function.
  • KMS can encrypt the data key to obtain the ciphertext of the data key (corresponding to step 4 of Figure 3 "Generate ciphertext of DK").
  • the key for encrypting the data key is not limited.
  • the DMK of the target user can be used as a key to encrypt the data key to obtain the ciphertext of the data key.
  • KMS can use a key derivation function based on the DMK of the target user to derive multiple data keys (such as 2 data keys DK1 and DK2), and one of the multiple data keys (such as DK1) can be used as the data key of the target user; the other (such as DK2) can be used as the data key for encrypting the data key of the target user.
  • the data key DK2 can be used to encrypt the data key DK1 of the target user to obtain the ciphertext of the data key DK1 of the target user.
  • KMS can return the target user's data key and the ciphertext of the data key to TEE (corresponding to step 3 of Figure 2 and step 5 of Figure 3).
  • TEE can use the data key to encrypt the private key in the public-private key pair to obtain the ciphertext of the private key (corresponding to step 4 of Figure 2 and step 6 of Figure 3); further, the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key can be returned to the client 10 (corresponding to step 5 of Figure 2 and step 7 of Figure 3).
  • the client 10 may receive the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key; and store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key (corresponding to step 6 of FIG. 2 and step 8 of FIG. 3 ).
  • the client 10 may store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key in the .ssh directory.
  • TEE and KMS are introduced to protect the private key in the security protocol.
  • TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage.
  • TEE encrypts the private key so that the plaintext of the private key remains in the confidential computing TEE, and the external untrusted environment cannot access the private key, which can further improve the security of the private key.
  • the life cycle of the private key in the public-private key pair can be managed through the life cycle of the data key managed by KMS, and the key management method consistent with KMS can be maintained.
  • the private key can be cancelled by canceling the data key through KMS.
  • the ciphertext of the private key is encrypted with the data key as the key, after the data key is cancelled, the ciphertext of the private key will naturally become invalid because there is no decryption key.
  • the rotation of the data key can be achieved through KMS to rotate the private key.
  • key rotation means: in scenarios with high security requirements, the key of the encrypted data must be changed periodically, and the same key cannot be used to encrypt and protect the data for a long time.
  • This encryption method of regularly changing the key is called key rotation.
  • the data key can be rotated and updated through KMS; and the updated data key pair can be sent to TEE, which encrypts the private key in the public-private key pair to obtain the updated ciphertext of the private key, thereby realizing private key rotation.
  • the client 10 can also register the public key in the public-private key pair to the server 20 (corresponding to step 7 of FIG. 2 and step 9 of FIG. 3). Based on the private key protection method provided in the above embodiment, the embodiment of the present application also provides a corresponding server access method.
  • the following is an exemplary description of the server access process provided in the embodiment of the present application.
  • the client 10 when the client 10 accesses the server 20, it may initiate an access request to the server 20 (corresponding to step 1 in FIG5 ).
  • the server 20 receives the access request, generates a random number in response to the access request, and encrypts the random number using the public key in the public-private key pair of the target user to obtain the ciphertext of the random number (corresponding to step 2 “public key encryption of random number” in FIG5 ).
  • the server 20 may return the ciphertext of the random number to the client 10 (corresponding to step 3 in FIG5 ).
  • the client 10 receives the ciphertext of the random number and initiates a decryption request to the TEE in the first service node 30 (corresponding to step 4 in FIG. 5 ). Specifically, the client 10 can generate a decryption request based on the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user.
  • the decryption request includes the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user.
  • the client 10 can call the TEE through the ecall method and request the TEE to decrypt the ciphertext of the random number.
  • the ecall method is a method provided by the TEE (such as Enclave) and called by an external program (i.e., an untrusted environment) of the TEE (such as Enclave).
  • the ecall method is the only channel for the outside of the TEE to access the inside of the TEE, but its execution process is protected by a trusted environment.
  • the client 10 can call the TEE through the Application Programming Interface (API) and request the TEE to decrypt the ciphertext of the random number, etc.
  • API Application Programming Interface
  • TEE receives the decryption request and calls KMS to decrypt the ciphertext of the data key to obtain the data key of the target user (corresponding to steps 5-7 in Figure 5).
  • TEE can call KMS and send the ciphertext of the data key and the identifier of the target user to KMS (corresponding to step 5 of Figure 5).
  • KMS can decrypt the ciphertext of the data key to obtain the data key of the target user (corresponding to step 6 of Figure 5).
  • KMS can obtain the user master key (DMK) of the target user based on the identifier of the target user, and use the DMK to decrypt the ciphertext of the data key of the target user to obtain the data key of the target user.
  • another data key DK2 derived from the DMK of the target user is used to decrypt the ciphertext of the data key DK1 of the target user to obtain the data key DK1 of the target user.
  • KMS can return the data key of the target user to TEE (corresponding to step 7 of Figure 5).
  • TEE receives the data key and uses the data key of the target user to decrypt the ciphertext of the private key to obtain the plaintext of the private key (corresponding to step 8 of Figure 5).
  • TEE can use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number (corresponding to step 9 of Figure 5).
  • the TEE may return the plain text of the random number to the client 10 (corresponding to step 10 in FIG. 5 ).
  • the client 10 may access the server 20 based on the plain text of the random number.
  • the client 10 may send the plain text of the random number to the server 20 (corresponding to step 11 in FIG. 5 ).
  • the server 20 may perform access rights on the client 10 based on the random number received from the client and the random number generated by itself. Verify (corresponding to step 12 in FIG. 5 ), and return the permission verification result to the client 10 (corresponding to step 13 in FIG. 5 ). If the random number provided by the client received by the server 20 is consistent with the random number generated by itself, it means that the client 10 has the private key corresponding to the public key, that is, the client 10 has access rights, then it is determined that the client 10 has access rights to the server 20, and the client 10 is allowed to access the server 20.
  • the random number provided by the client received by the server 20 is inconsistent with the random number generated by itself, it means that the client 10 does not have the private key corresponding to the public key, then it is determined that the client 10 does not have access rights to the server 20, and the client 10 is blocked from accessing the server 20.
  • a prompt message indicating that there is no access right can also be returned to the client 10.
  • the private key in the public-private key pair of the security protocol is kept in the trusted execution environment (TEE) of confidential computing, and the private key cannot be accessed by an external untrusted environment. Even if the user's client, such as a virtual machine, is hacked, it can be guaranteed that the private key will not be lost, which can reduce the risk of private key leakage.
  • the private key is stored and transmitted in ciphertext, which can reduce the risk of plaintext exposure of the private key.
  • the above-mentioned interaction process between the client and the server is compatible with the original security protocol process (such as the SSH protocol process), and no changes are required to the server of the security protocol (such as SSH).
  • the client of the security protocol (such as SSH) can add a calling interface for TEE, such as an application programming interface (Application Programming Interface, API), to implement the call to TEE, thereby realizing the interaction process between the client and the server.
  • This lightweight modification can maintain good compatibility and improve the universality and versatility of the solution provided in this embodiment.
  • the embodiments of the present application also provide a private key access method and a server access method.
  • the following is an exemplary description of the private key access method and the server access method provided in the embodiments of the present application from the perspectives of the client and the first service node running TEE.
  • FIG6 is a flow chart of a private key access method provided in an embodiment of the present application.
  • the method can be applied to a service node running a TEE. As shown in FIG6 , the method mainly includes:
  • TEE obtain the public and private key pair to be protected of the target user.
  • TEE Use TEE to obtain the target user's data key and the ciphertext of the data key from KMS.
  • the private key in the public-private key pair is encrypted using the data key to obtain the ciphertext of the private key.
  • the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key are returned to the user's client, so that the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
  • FIG7 is a flow chart of another private key access method provided by an embodiment of the present application.
  • the method can be applied to a client of a security protocol. As shown in FIG7 , the method mainly includes:
  • TEE to encrypt the private key in the public-private key pair of the target user, so that TEE can call KMS to obtain the data key and ciphertext of the data key of the target user, and use the data key to encrypt the private key to obtain the ciphertext of the private key.
  • the client can access the server based on the security protocol.
  • the client can be a client of the security protocol.
  • the server may be a server of a security protocol. Specifically, the client may access the server using a public-private key pair mechanism provided by the security protocol.
  • TEE and KMS are introduced to protect the private key in the public-private key pair of the security protocol.
  • TEE can be called to encrypt the private key in the public-private key pair of the target user.
  • the target user is the user of the client.
  • TEE Before using TEE, the client needs to ensure that TEE is trustworthy. This requires trustworthy authentication of TEE.
  • trustworthy authentication of TEE please refer to the relevant content of Figure 4 above, which will not be repeated here.
  • the TEE may be called to encrypt the private key in the public-private key pair of the target user, where the target user is the user of the client 10 .
  • the public-private key pair to be protected of the target user can be obtained by using TEE in step 601.
  • the public-private key pair can be generated for the target user in TEE, or can be a public-private key pair imported into TEE by the client.
  • the client may initiate a key application request to the TEE.
  • the service node running the TEE may use the TEE to receive the key application request, and use the TEE to generate a public-private key pair for the target user in response to the key application request as the public-private key pair to be protected.
  • the public-private key pair to be protected may also be a public-private key pair provided by the client to the TEE. Accordingly, the TEE may be used to receive the public-private key pair provided by the client as the public-private key pair to be protected.
  • TEE can use TEE to obtain the data key and the ciphertext of the data key of the target user from KMS in step 602.
  • TEE may initiate a key application request to KMS.
  • the key application request may include the identifier of the target user.
  • KMS receives the key application request and obtains the target user's master key, that is, the target user's DMK, based on the identifier of the target user carried in the key application request.
  • the target user's DMK is pre-created by KMS for the target user, that is, the target user has applied for KMS.
  • KMS may generate a data key for the target user based on the target user's DMK.
  • KMS may use a key derivation function to derive at least one data key based on the target user's DMK.
  • KMS may encrypt the data key to obtain a ciphertext of the data key.
  • KMS can return the target user's data key and the ciphertext of the data key to TEE.
  • TEE can receive the target user's data key and the ciphertext of the data key.
  • the private key in the public-private key pair can be encrypted in TEE using the data key to obtain the ciphertext of the private key; further, in step 603, TEE can be used to return the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key to the client.
  • the client can receive the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key; and in step 703, store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key (corresponding to step 6 of Figure 2 and step 8 of Figure 3).
  • the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
  • the ciphertext of the public key and data key in the .ssh directory.
  • TEE and KMS are introduced to protect the private key in the security protocol.
  • TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage.
  • TEE encrypts the private key so that the plaintext of the private key remains in the confidential computing TEE, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
  • the life cycle of the private key in the public-private key pair can be managed through the life cycle of the data key managed by KMS, and the key management method consistent with KMS can be maintained.
  • the private key can be cancelled by canceling the data key through KMS.
  • the ciphertext of the private key is encrypted with the data key as the key, after the data key is cancelled, the ciphertext of the private key will naturally become invalid because there is no decryption key.
  • the rotation of the data key can be achieved through KMS to rotate the private key.
  • the data key can be rotated and updated through KMS; and the updated data key pair is sent to TEE, which encrypts the private key in the public-private key pair to obtain the updated ciphertext of the private key, thereby realizing private key rotation.
  • the client can also register the public key in the public-private key pair to the server. Based on the private key protection method provided in the above embodiment, the embodiment of the present application also provides a corresponding server access method.
  • the following is an exemplary description of the server access process provided in the embodiment of the present application.
  • FIG8 is a flow chart of a method for accessing a server provided in an embodiment of the present application.
  • the method is applicable to a client of a security protocol. As shown in FIG8 , the method mainly includes:
  • TEE Initiate a decryption request to TEE, where the decryption request includes the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key, so that TEE can call KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number.
  • FIG9 is a flow chart of another server access method provided in an embodiment of the present application.
  • the method can be applied to a service node running a TEE. As shown in FIG9 , the method mainly includes:
  • TEE Use TEE to call KMS to decrypt the ciphertext of the data key to obtain the data key.
  • TEE Use TEE to return the plain text of the random number to the client, so that the client can access the server based on the plain text of the random number.
  • the client when the client accesses the server, in step 801, it may initiate an access request to the server.
  • the server receives the access request, generates a random number in response to the access request, and encrypts the random number using the public key in the public-private key pair of the target user to obtain a ciphertext of the random number.
  • the server may return the ciphertext of the random number to the client.
  • a decryption request can be initiated to the TEE.
  • a decryption request can be generated based on the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user.
  • the decryption request includes the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user.
  • the TEE can be called through the ecall method to request the TEE to decrypt the ciphertext of the random number.
  • the client can call the TEE through the API to request the TEE to decrypt the ciphertext of the random number.
  • step 901 the decryption request can be received; and in step 902, TEE is used to call KMS to decrypt the ciphertext of the data key to obtain the data key of the target user.
  • TEE can call KMS and send the ciphertext of the data key and the identifier of the target user to KMS.
  • KMS can decrypt the ciphertext of the data key to obtain the data key of the target user.
  • KMS uses the user master key (DMK) of the target user as the key to encrypt the data key of the target user
  • KMS can obtain the user master key (DMK) of the target user according to the identifier of the target user, and use the DMK to decrypt the ciphertext of the data key of the target user to obtain the data key of the target user.
  • another data key DK2 derived from the DMK of the target user is used to decrypt the ciphertext of the data key DK1 of the target user to obtain the data key DK1 of the target user.
  • KMS can return the data key of the target user to TEE.
  • the data key can be received, and in step 903, the ciphertext of the private key is decrypted in TEE using the data key of the target user to obtain the plaintext of the private key. Further, in step 904, the ciphertext of the random number is decrypted in TEE using the private key to obtain the plaintext of the random number.
  • step 905 the plain text of the random number is returned to the client using TEE. Accordingly, in step 804, the client can receive the plain text of the random number returned by TEE; and in step 805, the server 20 is accessed based on the plain text of the random number.
  • the plain text of the random number can be sent to the server.
  • the server can verify the access rights of the client based on the random number provided by the client and the random number generated by itself, and return the result of the access rights verification to the client. If the random number provided by the client received by the server is consistent with the random number generated by itself, it means that the client has the private key corresponding to the public key, that is, the client has access rights, then it is determined that the client has access rights of the server, and the client is allowed to access.
  • Server The client can access the server.
  • the random number provided by the client received by the server is inconsistent with the random number generated by itself, it means that the client does not have the private key corresponding to the public key, that is, the client does not have the access rights of the server, then it is determined that the client does not have the access rights of the server, and the client is blocked from accessing the server.
  • a prompt message of no access rights can also be returned to the client.
  • the private key in the public-private key pair of the security protocol is kept in the trusted execution environment (TEE) of confidential computing, and the private key cannot be accessed by an external untrusted environment. Even if the user's client, such as a virtual machine, is hacked, it can ensure that the private key will not be lost, which can reduce the risk of private key leakage.
  • the private key is stored and transmitted in ciphertext, which can reduce the risk of plaintext exposure of the private key.
  • the above-mentioned interaction process between the client and the server is compatible with the original security protocol process (such as the SSH protocol process), and no changes are required to the server of the security protocol (such as SSH).
  • the client of the security protocol (such as SSH) can add a calling interface for TEE, such as API, to implement the call to TEE, thereby realizing the interaction process between the client and the server.
  • TEE such as API
  • the execution subject of each step of the method provided in the above embodiment can be the same device, or the method can be executed by different devices.
  • the execution subject of steps 701 and 702 can be device A; for another example, the execution subject of step 701 can be device A, and the execution subject of step 702 can be device B; and so on.
  • an embodiment of the present application also provides a computer-readable storage medium storing computer instructions.
  • the computer instructions are executed by one or more processors, the one or more processors are caused to execute the steps in the above-mentioned private key protection method and/or each server access method.
  • Fig. 10 is a schematic diagram of the structure of a computing device provided in an embodiment of the present application.
  • the computing device may include: a memory 100a and a processor 100b.
  • the memory 100a is used to store computer programs.
  • the computing device runs a TEE, which can be implemented as a service node running the TEE.
  • the processor 100b is coupled to the memory 100a, and is used to execute a computer program for: using the trusted execution environment (TEE) to obtain the public-private key pair to be protected of the target user; using the TEE to obtain the data key and the ciphertext of the data key from the key management service KMS of the target user; in the TEE, using the data key to encrypt the private key in the public-private key pair to obtain the ciphertext of the private key; and using the TEE to return the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key to the user's client, so that the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
  • TEE trusted execution environment
  • the processor 100b uses TEE to obtain the user's data key and the ciphertext of the data key from the key management service KMS, it is specifically used to: use TEE to call KMS so that KMS can The master key generates the user's data key and encrypts the data key to obtain the ciphertext of the data key; TEE is used to receive the data key and the ciphertext of the data key returned by KMS.
  • the processor 100b uses the trusted execution environment TEE to obtain the public-private key pair to be protected, it is specifically used to: use TEE to obtain a key application request provided by the client; use TEE to generate a public-private key pair for the target user in response to the key application request as the public-private key pair to be protected; or, use TEE to receive the public-private key pair provided by the client as the public-private key pair to be protected.
  • the processor 100b is also used to: use TEE to obtain a decryption request initiated by the client; the decryption request includes a ciphertext of a random number, a ciphertext of a data key, and a ciphertext of a private key; the ciphertext of the random number is obtained by the server responding to the client's access request, by encrypting the random number using the public key in the public-private key pair; use TEE to call KMS to decrypt the ciphertext of the data key to obtain the data key; use the data key in TEE to decrypt the ciphertext of the private key to obtain the private key; use the private key in TEE to decrypt the ciphertext of the random number to obtain the plaintext of the random number; return the plaintext of the random number to the client, so that the client can request the server to verify the access rights of the client based on the plaintext of the random number.
  • the computing device can also be implemented as a client of the security protocol.
  • the processor 100b is used to: call the trusted execution environment (TEE) to encrypt the private key in the public-private key pair of the target user, so that the TEE can call the KMS to obtain the data key and the ciphertext of the data key of the target user, and use the data key to encrypt the private key to obtain the ciphertext of the private key; receive the ciphertext of the private key returned by the TEE, the public key in the public-private key pair, and the ciphertext of the data key; store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
  • TEE trusted execution environment
  • the processor 100b is also used to: initiate an access request to the server through the communication component 100c, so that the server responds to the access request and uses the public key to encrypt the random number to obtain the ciphertext of the random number; receive the ciphertext of the random number returned by the server through the communication component 100c; and, initiate a decryption request to the TEE, the decryption request includes the ciphertext of the random number, the ciphertext of the data key and the ciphertext of the private key, so that the TEE calls the KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number; and receive the plaintext of the random number returned by the TEE; thereafter, based on the plaintext of the random number, access the server.
  • the computing device may further include optional components such as a power supply component 100d.
  • the computing device may be implemented as a terminal device such as a computer. Accordingly, the computing device may further include components such as a display component 100e and an audio component 100f.
  • FIG10 only schematically shows some components, which does not mean that the computing device must include all the components shown in FIG10 , nor does it mean that the computing device can only include the components shown in FIG10 .
  • the computing device provided in this embodiment introduces TEE and KMS to protect the private key in the security protocol.
  • TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage.
  • TEE encrypts the private key so that the plaintext of the private key remains in the confidential computing TEE, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
  • the memory is used to store a computer program and can be configured to store various other data to support operations on the device where it is located.
  • the processor can execute the computer program stored in the memory to implement the corresponding control logic.
  • the memory can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, disk or optical disk.
  • SRAM static random access memory
  • EEPROM electrically erasable programmable read-only memory
  • EPROM erasable programmable read-only memory
  • PROM programmable read-only memory
  • ROM read-only memory
  • magnetic memory magnetic memory
  • flash memory disk or optical disk.
  • the processor can be any hardware processing device that can execute the logic of the above method.
  • the processor can be a central processing unit (CPU), a graphics processing unit (GPU) or a microcontroller unit (MCU); it can also be a field programmable gate array (FPGA), a programmable array logic device (PAL), a general array logic device (GAL), a complex programmable logic device (CPLD) and other programmable devices; or an application specific integrated circuit (ASIC) chip; or an advanced reduced instruction set (RISC) processor (Advanced RISC Machines, ARM) or a system on chip (SoC), etc., but not limited to this.
  • CPU central processing unit
  • GPU graphics processing unit
  • MCU microcontroller unit
  • FPGA field programmable gate array
  • PAL programmable array logic device
  • GAL general array logic device
  • CPLD complex programmable logic device
  • ASIC application specific integrated circuit
  • RISC advanced reduced instruction set
  • RISC Advanced RISC Machines
  • the communication component is configured to facilitate wired or wireless communication between the device in which it is located and other devices.
  • the device in which the communication component is located can access a wireless network based on a communication standard, such as Wireless Fidelity (WiFi), 2G or 3G, 4G, 5G or a combination thereof.
  • WiFi Wireless Fidelity
  • the communication component receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel.
  • the communication component can also be based on Near Field Communication (NFC) technology, Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wide Band (UWB) technology, Bluetooth (BT) technology or other technologies.
  • NFC Near Field Communication
  • RFID Radio Frequency Identification
  • IrDA Infrared Data Association
  • UWB Ultra Wide Band
  • Bluetooth Bluetooth
  • the display component may include a liquid crystal display (LCD) and a touch panel (TP). If the display component includes a touch panel, the display component may be implemented as a touch screen to receive input signals from a user.
  • the touch panel includes one or more touch sensors to sense touches, slides, and gestures on the touch panel. The touch sensor may not only sense the boundaries of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
  • a power supply component is configured to provide power to various components of the device in which it is located.
  • the power supply component may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power to the device in which the power supply component is located.
  • the audio component can be configured to output and/or input audio signals.
  • the audio component includes a microphone (MIC).
  • MIC microphone
  • the audio component When the device where the audio component is located is in an operating mode, such as a call mode, In recording mode and speech recognition mode, the microphone is configured to receive an external audio signal.
  • the received audio signal can be further stored in a memory or sent via a communication component.
  • the audio component also includes a speaker for outputting an audio signal. For example, for a device with a language interaction function, voice interaction with a user can be achieved through the audio component.
  • user information including but not limited to user device information, user personal information, etc.
  • data including but not limited to data used for analysis, stored data, displayed data, etc.
  • user information including but not limited to user device information, user personal information, etc.
  • data including but not limited to data used for analysis, stored data, displayed data, etc.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present application may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, compact disc read-only memory (CD-ROM), optical storage, etc.) containing computer-usable program code.
  • CD-ROM compact disc read-only memory
  • optical storage etc.
  • These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
  • These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
  • a computing device includes one or more processors (such as a CPU, etc.), an input/output interface, a network interface, and a memory.
  • Memory may include non-permanent storage in computer-readable media, random-access memory (RAM) and/or non-volatile memory such as read-only memory (ROM). Memory, ROM) or Flash RAM. Memory is an example of a computer-readable medium.
  • RAM random-access memory
  • ROM read-only memory
  • Memory ROM
  • Flash RAM Flash RAM
  • the storage medium of a computer is a readable storage medium, which may also be referred to as a readable medium.
  • the readable storage medium includes permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information.
  • the information can be computer-readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, Phase-Change Memory (PRAM), Static Random-Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read-Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, magnetic cassettes, disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
  • PRAM Phase-Change Memory
  • SRAM Static Random-Access Memory
  • DRAM Dynamic Random Access Memory
  • RAM Random Access Memory
  • ROM Read-Only Memory
  • EEPROM Electrically Erasable Programmable Read Only Memory
  • Flash memory or other memory technology
  • CD-ROM Compact Disc Read-Only Memory
  • DVD Digital Versatile Disc
  • magnetic cassettes disk storage or other magnetic storage devices, or any other non-trans

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

Embodiments of the present application provide a private key protection method, a server access method, a system, a device, and a storage medium. In the embodiments of the present application, a TEE and a KMS are introduced to protect a private key in a security protocol. Specifically, a TEE calls a KMS to acquire a data key of a user of a client and a ciphertext of the data key, and the TEE encrypts a private key by using the data key to obtain a ciphertext of the private key; and then the ciphertext of the private key and the ciphertext of the data key are stored in the client, so that encrypted storage of the private key is realized, and the risk of leakage of the private key can be reduced. Additionally, the TEE encrypts the private key, so that a plaintext of the private key is kept in the TEE of confidential computing, and the private key cannot be accessed by an external untrusted environment, thereby further improving the security of the private key.

Description

私钥保护和服务端访问方法、系统、设备及存储介质Private key protection and server access method, system, device and storage medium
本申请要求于2023年03月29日提交中国专利局、申请号为202310333675.7、申请名称为“私钥保护和服务端访问方法、系统、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to a Chinese patent application filed with the Chinese Patent Office on March 29, 2023, with application number 202310333675.7 and application name “Private Key Protection and Server Access Method, System, Device and Storage Medium”, the entire contents of which are incorporated by reference in this application.
技术领域Technical Field
本申请涉及通信技术领域,尤其涉及一种私钥保护和服务端访问方法、系统、设备及存储介质。The present application relates to the field of communication technology, and in particular to a method, system, device and storage medium for private key protection and server access.
背景技术Background Art
随着隐私计算(Privacy compute)的蓬勃发展,隐私计算技术己经在各行各业得到了广泛的应用。在隐私计算技术中有一个关键的技术,就是密码学。其中,私钥的安全决定了隐私计算过程中各个环境的数据安全。如何提高私钥的安全性,降低私钥泄露风险成为本领域亟待解决的技术问题。With the vigorous development of privacy computing, privacy computing technology has been widely used in all walks of life. A key technology in privacy computing technology is cryptography. Among them, the security of private keys determines the data security of each environment in the privacy computing process. How to improve the security of private keys and reduce the risk of private key leakage has become a technical problem that needs to be solved in this field.
发明内容Summary of the invention
本申请的多个方面提供一种私钥保护和服务端访问方法、系统、设备及存储介质,用以降低私钥的泄露风险,提高私钥安全性。Multiple aspects of the present application provide a private key protection and server access method, system, device and storage medium to reduce the risk of private key leakage and improve private key security.
第一方面,本申请实施例提供一种私钥保护方法,包括:In a first aspect, an embodiment of the present application provides a private key protection method, including:
利用可信执行环境TEE,获取目标用户的待保护的公私钥对;Use the trusted execution environment TEE to obtain the target user's public and private key pairs to be protected;
利用所述TEE从密钥管理服务KMS中,获取所述目标用户的数据密钥及所述数据密钥的密文;Using the TEE to obtain the data key of the target user and the ciphertext of the data key from the key management service KMS;
在所述TEE中,利用所述数据密钥对所述公私钥对中的私钥进行加密处理,以得到所述私钥的密文;In the TEE, the private key in the public-private key pair is encrypted using the data key to obtain a ciphertext of the private key;
利用所述TEE将所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文,返回给所述用户的客户端,以供所述客户端存储所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文。The TEE is used to return the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key to the user's client, so that the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
第二方面,本申请实施例还提供一种服务端访问方法,包括:In a second aspect, an embodiment of the present application further provides a server access method, including:
利用可信执行环境TEE获取所述客户端发起的解密请求;所述解密请求包括随机数的密文、所述数据密钥的密文及所述私钥的密文;所述随机数的密文为服务端响应所述客户端的访问请求,利用所述公私钥对中的公钥对随机数加密得到的;所述客 户端存储有所述数据密钥的密文及所述私钥的密文;The trusted execution environment TEE is used to obtain a decryption request initiated by the client; the decryption request includes a ciphertext of a random number, a ciphertext of the data key, and a ciphertext of the private key; the ciphertext of the random number is obtained by the server responding to the client's access request by encrypting the random number using the public key in the public-private key pair; the client The client stores the ciphertext of the data key and the ciphertext of the private key;
利用所述TEE调用KMS对所述数据密钥的密文进行解密,以得到所述数据密钥;Using the TEE to call KMS to decrypt the ciphertext of the data key to obtain the data key;
在所述TEE中利用所述数据密钥对所述私钥的密文进行解密,以得到所述私钥;Decrypting the ciphertext of the private key using the data key in the TEE to obtain the private key;
在所述TEE中利用所述私钥对所述随机数的密文进行解密,以得到所述随机数的明文;Decrypting the ciphertext of the random number using the private key in the TEE to obtain the plaintext of the random number;
将所述随机数的明文返回至所述客户端,以供所述客户端基于所述随机数的明文访问所述服务端。The plain text of the random number is returned to the client, so that the client can access the server based on the plain text of the random number.
第三方面,本申请实施例还提供一种私钥保护方法,包括:In a third aspect, an embodiment of the present application further provides a private key protection method, including:
调用可信执行环境TEE对目标用户的公私钥对中的私钥进行加密处理,以供所述TEE调用KMS获取所述目标用户的数据密钥及所述数据密钥的密文,并利用所述数据密钥对所述私钥进行加密处理得到所述私钥的密文;Call the trusted execution environment TEE to encrypt the private key in the public-private key pair of the target user, so that the TEE can call the KMS to obtain the data key of the target user and the ciphertext of the data key, and use the data key to encrypt the private key to obtain the ciphertext of the private key;
接收所述TEE返回的所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文;Receive the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key returned by the TEE;
存储所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文。The ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key are stored.
第四方面,本申请实施例还提供一种服务端访问方法,包括:In a fourth aspect, an embodiment of the present application further provides a server access method, including:
向服务端发起访问请求,以供所述服务端响应于访问请求,利用客户端对应的目标用户的公私钥对中的公钥对随机数进行加密得到所述随机数的密文;所述客户端存储有所述公私钥对中的私钥的密文及所述目标用户的数据密钥的密文;Initiate an access request to the server, so that the server responds to the access request and uses the public key of the public-private key pair of the target user corresponding to the client to encrypt the random number to obtain the ciphertext of the random number; the client stores the ciphertext of the private key in the public-private key pair and the ciphertext of the data key of the target user;
接收所述服务端返回的所述随机数的密文;Receiving the ciphertext of the random number returned by the server;
向可信执行环境TEE发起解密请求,所述解密请求包含随机数的密文、所述数据密钥的密文及所述私钥的密文,以供所述TEE调用所述KMS对所述数据密钥的密文进行解密得到所述数据密钥,并利用所述数据密钥对所述私钥的密文进行解密得到所述私钥;以及利用所述私钥对所述随机数的密文进行解密得到所述随机数的明文;Initiate a decryption request to the trusted execution environment TEE, the decryption request including the ciphertext of the random number, the ciphertext of the data key and the ciphertext of the private key, so that the TEE calls the KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number;
接收所述TEE返回的所述随机数的明文;Receive the plaintext of the random number returned by the TEE;
基于所述随机数的明文,访问所述服务端。Based on the plain text of the random number, access the server.
第五方面,本申请实施例还提供一种通信系统,包括:客户端、第一服务节点和第二服务节点;所述第一服务节点运行有可信执行环境TEE;所述第二服务节点用于提供密钥管理服务;In a fifth aspect, an embodiment of the present application further provides a communication system, including: a client, a first service node and a second service node; the first service node runs a trusted execution environment TEE; the second service node is used to provide a key management service;
所述第一服务节点用于执行上述第一方面和/或第二方面提供的方法中的步骤;The first service node is used to perform the steps in the method provided in the first aspect and/or the second aspect above;
所述客户端用于执行权利要求上述第三方面和/或第四方面提供的方法中的步骤。The client is used to execute the steps in the method provided in the third aspect and/or the fourth aspect of the claim.
第六方面,本申请实施例还提供一种计算设备,包括:存储器和处理器;其中,所述存储器,用于存储计算机程序;In a sixth aspect, an embodiment of the present application further provides a computing device, comprising: a memory and a processor; wherein the memory is used to store a computer program;
所述处理器耦合至所述存储器,用于执行所述计算机程序以用于执行上述第五方面中第一服务节点和/或第五方面中客户端执行的方法中的步骤。The processor is coupled to the memory, and is configured to execute the computer program to execute the steps in the method performed by the first service node in the fifth aspect and/or the client in the fifth aspect.
第七方面,本申请实施例还提供一种存储有计算机指令的计算机可读存储介质, 当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行上述第五方面中第一服务节点和/或第五方面中客户端执行的方法中的步骤。In a seventh aspect, an embodiment of the present application further provides a computer-readable storage medium storing computer instructions. When the computer instructions are executed by one or more processors, the one or more processors are caused to execute the steps in the method executed by the first service node in the fifth aspect and/or the client in the fifth aspect.
在本申请实施例中,引入可信执行环境(Trusted Execution Environment,TEE)和密钥管理服务(Management Service,KMS)对安全协议中的私钥进行保护。具体地,由TEE调用KMS获取客户端的用户的数据密钥和数据密钥的密文,并在TEE中利用数据密钥对私钥进行加密,得到私钥的密文;之后,将私钥的密文和数据密钥的密文存储至客户端,实现了私钥的加密存储,可降低私钥泄露的风险。另一方面,由TEE对私钥进行加密,使得私钥的明文保持机密计算的TEE中,外部不可信的环境无法访问私钥,可进一步提高私钥的安全性。In the embodiments of the present application, a Trusted Execution Environment (TEE) and a Key Management Service (KMS) are introduced to protect the private key in the security protocol. Specifically, TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage. On the other hand, TEE encrypts the private key so that the plaintext of the private key remains in the TEE for confidential computing, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are used to provide a further understanding of the present application and constitute a part of the present application. The illustrative embodiments of the present application and their descriptions are used to explain the present application and do not constitute an improper limitation on the present application. In the drawings:
图1为传统方案提供的利用SSH协议提供的公私钥对进行验证登录的过程示意图;FIG1 is a schematic diagram of a process for verifying login using a public and private key pair provided by the SSH protocol provided by a traditional solution;
图2和图3为本申请实施例提供的通信系统进行私钥保护的过程示意图;2 and 3 are schematic diagrams of a process for private key protection by a communication system provided in an embodiment of the present application;
图4为本申请实施例提供的通信系统对TEE进行可信认证的过程示意图;FIG4 is a schematic diagram of a process of performing trusted authentication on a TEE by a communication system provided in an embodiment of the present application;
图5为本申请实施例提供的通信系统进行服务端访问的过程示意图;FIG5 is a schematic diagram of a process of accessing a server by a communication system according to an embodiment of the present application;
图6和图7为本申请实施例提供的私钥保护方法的流程示意图;6 and 7 are schematic flow diagrams of a private key protection method provided in an embodiment of the present application;
图8和图9为本申请实施例提供的服务端访问的流程示意图;8 and 9 are schematic diagrams of a process of accessing a server provided in an embodiment of the present application;
图10为本申请实施例提供的计算设备的结构示意图。FIG. 10 is a schematic diagram of the structure of a computing device provided in an embodiment of the present application.
具体实施方式DETAILED DESCRIPTION
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的附图对本申请技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solution and advantages of the present application clearer, the technical solution of the present application will be clearly and completely described below in combination with the specific embodiments of the present application and the corresponding drawings. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without making creative work are within the scope of protection of this application.
图1为传统方案提供的利用安全外壳(Secure Shell,SSH)协议提供的公私钥对进行验证登录的过程示意图。其中,SSH协议是一种在不安全网络上用于安全远程登录和其他安全网络服务的协议。如图1所示,该通信系统包括:客户端10和服务端20。FIG1 is a schematic diagram of a traditional solution for verifying a login using a public-private key pair provided by a secure shell (SSH) protocol. The SSH protocol is a protocol used for secure remote login and other secure network services on an insecure network. As shown in FIG1 , the communication system includes a client 10 and a server 20.
其中,客户端10是指用户使用的,具有用户所需计算、上网、通信等功能的计算机设备,例如可以是智能手机、平板电脑、个人电脑、穿戴设备等。当然,客户端10也可实现为服务端设备。例如,可以为单一服务器设备,也可以云化的服务器阵列,或者为云化的服务器阵列中运行的虚拟机(Virtual Machine,VM)。另外,也可以指具备相应服务能力的其他计算设备,例如电脑等终端设备(运行服务程序)等。The client 10 refers to a computer device used by a user and having the functions of computing, surfing the Internet, communicating, etc. required by the user, such as a smart phone, a tablet computer, a personal computer, a wearable device, etc. Of course, the client 10 can also be implemented as a server device. For example, it can be a single server device, a cloud server array, or a virtual machine (VM) running in a cloud server array. In addition, it can also refer to other computing devices with corresponding service capabilities, such as computers and other terminal devices (running service programs), etc.
服务端20是指响应客户端10的请求,向用户提供服务的服务端设备,一般具备承担 服务并保障服务的能力。服务端20可以为单一服务器设备,也可以云化的服务器阵列,或者为云化的服务器阵列中运行的虚拟机(Virtual Machine,VM)。另外,服务端20也可以指具备相应服务能力的其他计算设备,例如电脑等终端设备(运行服务程序)等。在本申请实施例中,不限定服务端20提供的服务的具体实现形态。可选地,服务端20提供的服务可为直播服务、在线购物服务、即时通信服务、邮箱服务、视频服务、音频服务或者其它服务等等。The server 20 refers to a server device that responds to requests from the client 10 and provides services to users. The service end 20 can be a single server device, a cloud server array, or a virtual machine (VM) running in a cloud server array. In addition, the server end 20 can also refer to other computing devices with corresponding service capabilities, such as computers and other terminal devices (running service programs), etc. In the embodiment of the present application, the specific implementation form of the service provided by the server end 20 is not limited. Optionally, the service provided by the server end 20 can be a live broadcast service, an online shopping service, an instant messaging service, an email service, a video service, an audio service or other services, etc.
在本实施例中,客户端10在访问服务端20时,服务端20可对客户端10的目标用户进行访问权限验证。其中,客户端10访问服务端20可实现为客户端10登录服务端20或者客户端10访问服务端20提供的服务等。In this embodiment, when the client 10 accesses the server 20, the server 20 may verify the access rights of the target user of the client 10. The client 10 accessing the server 20 may be implemented as the client 10 logging into the server 20 or the client 10 accessing the service provided by the server 20.
在一些实施例中,可利用SSH协议提供的公私钥对机制进行访问权限验证。具体地,如图1所示,客户端10可产生公私钥对,并将公私钥对存储于指定的目录下(对应图1步骤1“生成公私钥对,并存储”)。一般为“/.ssh”目录。进一步,客户端10可将公私钥对中的公钥注册于服务端20中(对应图1步骤2)。In some embodiments, the public-private key pair mechanism provided by the SSH protocol can be used to verify access rights. Specifically, as shown in FIG1 , the client 10 can generate a public-private key pair and store the public-private key pair in a specified directory (corresponding to step 1 “generate a public-private key pair and store it” in FIG1 ). This is generally the “/.ssh” directory. Furthermore, the client 10 can register the public key in the public-private key pair in the server 20 (corresponding to step 2 in FIG1 ).
客户端10在访问服务端20时,可向服务端20发起访问请求(对应图1步骤3)。该访问请求也可称为SSH连接请求。服务端20可响应于该访问请求,生成随机数;并利用公私钥对中的公钥对随机数进行加密,得到随机数的密文(对应图1步骤4“公钥加密随机数”);之后,可将随机数的密文返回至客户端10(对应图1步骤5)。When accessing the server 20, the client 10 may initiate an access request to the server 20 (corresponding to step 3 of FIG. 1 ). The access request may also be referred to as an SSH connection request. The server 20 may generate a random number in response to the access request; and encrypt the random number using the public key in the public-private key pair to obtain a ciphertext of the random number (corresponding to step 4 “public key encryption of random number” of FIG. 1 ); thereafter, the ciphertext of the random number may be returned to the client 10 (corresponding to step 5 of FIG. 1 ).
客户端10接收随机数的密文,并从“/.ssh”目录中读取公私钥对中的私钥对随机数进行解密,以得到随机数的明文(对应图1步骤6“私钥解密随机数的密文”);之后,客户端10可将随机数的明文发送至服务端20(对应图1步骤7)。服务端20可根据接收到的随机数和自身存储的随机数进行比较,来对客户端10进行访问权限验证(对应图1步骤8),得到访问权限验证结果。该访问权限验证结果表示客户端对服务具有访问权限或无访问权限。进一步,服务端20可将访问权限验证结果发送给客户端10(9对应图1步骤9)。若服务端20接收到的随机数和自身存储的随机数相同,确定客户端10具有访问权限,则建立与客户端10之间的SSH连接,客户端10可访问服务端20。若服务端20接收到的随机数和自身存储的随机数不同,服务端20向客户端10返回无访问权限的提示信息等等。The client 10 receives the ciphertext of the random number, and reads the private key in the public-private key pair from the "/.ssh" directory to decrypt the random number to obtain the plaintext of the random number (corresponding to step 6 "private key decrypts the ciphertext of the random number" in Figure 1); thereafter, the client 10 may send the plaintext of the random number to the server 20 (corresponding to step 7 in Figure 1). The server 20 may perform access permission verification on the client 10 based on the comparison between the received random number and the random number stored by itself (corresponding to step 8 in Figure 1) to obtain the access permission verification result. The access permission verification result indicates that the client has access permission to the service or does not have access permission. Further, the server 20 may send the access permission verification result to the client 10 (9 corresponds to step 9 in Figure 1). If the random number received by the server 20 is the same as the random number stored by itself, it is determined that the client 10 has access permission, and then an SSH connection is established with the client 10, and the client 10 can access the server 20. If the random number received by the server 20 is different from the random number stored by itself, the server 20 returns a prompt message of no access permission to the client 10, etc.
基于上述利用SSH协议访问服务端的过程可知,公私钥对中的私钥以明文形式存储在客户端的“/.ssh”目录中。“/.ssh”目录虽然为隐藏目录,但对于本领域技术人员来说一般都知道公私钥对存储在该目录下,因此,公私钥对中的私钥存在泄漏风险。攻击者若盗取SSH私钥,可对客户端甚至服务端进行远程访问控制或进行其它攻击行为等。Based on the above process of using the SSH protocol to access the server, it can be known that the private key in the public-private key pair is stored in plain text in the "/.ssh" directory of the client. Although the "/.ssh" directory is a hidden directory, it is generally known to those skilled in the art that the public-private key pair is stored in this directory. Therefore, the private key in the public-private key pair is at risk of leakage. If an attacker steals the SSH private key, he can remotely access the client or even the server or perform other attacks.
为了解决上述技术问题,在本申请一些实施例中,引入可信执行环境(Trusted Execution Environment,TEE)和密钥管理服务(Management Service,KMS)对安全协议中的私钥进行保护。具体地,由TEE调用KMS获取客户端的用户的数据密钥和数 据密钥的密文,并在TEE中利用数据密钥对私钥进行加密,得到私钥的密文;之后,将私钥的密文和数据密钥的密文存储至客户端,实现了私钥的加密存储,可降低私钥泄露的风险。另一方面,由TEE对私钥进行加密,使得私钥的明文保持机密计算的TEE中,外部不可信的环境无法访问私钥,可进一步提高私钥的安全性。In order to solve the above technical problems, in some embodiments of the present application, a trusted execution environment (TEE) and a key management service (KMS) are introduced to protect the private key in the security protocol. Specifically, TEE calls KMS to obtain the data key and data of the user of the client. The private key is encrypted with the data key in the TEE to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored on the client, realizing the encrypted storage of the private key and reducing the risk of private key leakage. On the other hand, the private key is encrypted by the TEE, so that the plaintext of the private key remains in the TEE for confidential computing, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
以下结合附图,详细说明本申请各实施例提供的技术方案。The technical solutions provided by various embodiments of the present application are described in detail below in conjunction with the accompanying drawings.
应注意到:相同的标号在下面的附图以及实施例中表示同一物体,因此,一旦某一物体在一个附图或实施例中被定义,则在随后的附图和实施例中不需要对其进行进一步讨论。It should be noted that the same reference numerals denote the same objects in the following drawings and embodiments, and therefore, once an object is defined in one drawing or embodiment, it does not need to be further discussed in the subsequent drawings and embodiments.
图2-图5为本申请实施例提供的通信系统的结构示意图。结合图2-图5,该通信系统包括:客户端10、第一服务节点30及第二服务节点40。2 to 5 are schematic diagrams of the structure of the communication system provided in the embodiment of the present application. In conjunction with FIG2 to 5 , the communication system includes: a client 10 , a first service node 30 and a second service node 40 .
关于客户端10的实现形态,可参见图1的相关内容,在此不再赘述。第一服务节点30运行有可信执行环境(Trusted Execution Environment,TEE)。在机密计算中TEE运行的计算实体称为飞地(Enclave),在Enclave中进行的计算和内存操作都是对用户应用以及操作系统内核不可见的。Regarding the implementation form of the client 10, please refer to the relevant content of Figure 1, which will not be repeated here. The first service node 30 runs a trusted execution environment (TEE). In confidential computing, the computing entity running TEE is called an enclave. The calculations and memory operations performed in the enclave are invisible to user applications and the operating system kernel.
Enclave可提供一个可信的隔离空间可将软件封装到Enclave中,保障软件代码和数据的机密性与完整性,不受恶意软件的攻击。Enclave can provide a trusted isolation space to encapsulate software into the Enclave, ensuring the confidentiality and integrity of software code and data and protecting them from attacks by malicious software.
第一服务节点30,可基于软件防护扩展(Software Guard Extensions,SGX)技术创建Enclave,作为可信执行环境(Trusted Execution Environment,TEE);并可在第一服务节点30的内存中分配一部分飞地页面缓存(Enclave Page Cache,EPC),以用于驻留上述的Enclave。第一服务节点30的中央处理器(Central Processing Unit,CPU)可以同时创建一个或多个Enclave,不同Enclave所运行的代码可以相同或不同,这取决于相应Enclave的用途。CPU可切分计算资源,创建Enclave作为可信执行环境。计算资源可包括虚拟CPU(Virtual CPU,vCPU)和内存。分配给Enclave的vCPU和内存,与第一服务节点30的主机上的其它CPU和内存隔离。The first service node 30 may create an Enclave based on the Software Guard Extensions (SGX) technology as a Trusted Execution Environment (TEE); and may allocate a portion of the Enclave Page Cache (EPC) in the memory of the first service node 30 for the above-mentioned Enclave to reside. The central processing unit (CPU) of the first service node 30 may create one or more Enclaves at the same time, and the codes run by different Enclaves may be the same or different, depending on the purpose of the corresponding Enclave. The CPU may divide the computing resources and create the Enclave as a Trusted Execution Environment. The computing resources may include a virtual CPU (vCPU) and memory. The vCPU and memory allocated to the Enclave are isolated from other CPUs and memories on the host of the first service node 30.
在本实施例中,第一服务节点30可实现为独立的物理机,提供TEE服务。当然,第一服务节点30也可与客户端10部署于同一物理机,作为客户端10上提供TEE的功能模块等。In this embodiment, the first service node 30 can be implemented as an independent physical machine to provide TEE services. Of course, the first service node 30 can also be deployed on the same physical machine as the client 10, as a functional module providing TEE on the client 10.
在本实施例中,第二服务节点40可提供密钥管理服务(Management Service,KMS)。KMS可提供密钥管理和数据加密服务平台,具有简单、可靠、安全、合规的数据加密保护能力。密钥管理服务可实现为一种软件即服务(Software as a Service,SaaS)产品,部署于云端。In this embodiment, the second service node 40 can provide a key management service (KMS). KMS can provide a key management and data encryption service platform with simple, reliable, secure, and compliant data encryption protection capabilities. The key management service can be implemented as a software as a service (SaaS) product and deployed in the cloud.
为了提高密钥安全性,KMS可提供用户主密钥(Customer Master Key,CMK)。每个用户对应唯一的CMK。该用户一般为客户端10的用户。CMK是用户或云服务通过密钥管理创建的密钥,主要用于加密并保护数据密钥(Data Key,DK)。一个用户主密钥可以加密多个数据密钥。一个CMK可以派生出多个DK。用户的不同应用可采 用不同的DK进行数据加密,这样即便某个DK丢失,也不会影响其它应用的使用。而如果使用同一CMK对该用户所有的应用数据进行加密,一旦CMK丢失,则会影响所有应用数据的安全性。To improve key security, KMS can provide a customer master key (CMK). Each user corresponds to a unique CMK. The user is generally a client 10 user. CMK is a key created by a user or cloud service through key management, mainly used to encrypt and protect a data key (DK). A customer master key can encrypt multiple data keys. A CMK can derive multiple DKs. Different applications of users can adopt Use different DKs to encrypt data, so that even if a DK is lost, it will not affect the use of other applications. If the same CMK is used to encrypt all application data of the user, once the CMK is lost, the security of all application data will be affected.
基于上述图1示出的客户端10与服务端20之间基于安全协议进行通信的场景,客户端10可基于安全协议访问服务端20。客户端10可为安全协议的客户端。服务端20可为安全协议的服务端。具体地,客户端10可利用安全协议提供的公私钥对机制访问服务端20。安全协议是指以密码学为基础的消息交换协议,其目的是在网络环境中提供各种安全服务。安全协议可为SSH协议、远程终端(Telnet)协议或安全套接层(Secure Socket Layer,SSL)协议等,但不限于此。关于客户端10利用安全协议提供的公私钥对机制访问服务端20的过程,可参见上述图1的相关内容,在此不再赘述。Based on the scenario of communication between the client 10 and the server 20 based on a security protocol as shown in FIG1 above, the client 10 can access the server 20 based on the security protocol. The client 10 can be a client of the security protocol. The server 20 can be a server of the security protocol. Specifically, the client 10 can access the server 20 using the public-private key pair mechanism provided by the security protocol. A security protocol refers to a message exchange protocol based on cryptography, the purpose of which is to provide various security services in a network environment. The security protocol may be the SSH protocol, the Telnet protocol, or the Secure Socket Layer (SSL) protocol, but is not limited thereto. Regarding the process of the client 10 accessing the server 20 using the public-private key pair mechanism provided by the security protocol, please refer to the relevant content of FIG1 above, which will not be repeated here.
在本实施例中,为了提高私钥安全性,引入TEE和KMS对安全协议的公私钥对中的私钥进行保护。具体地,结合图2和图3,客户端10可调用第一服务节点30提供的TEE对目标用户的公私钥对中的私钥进行加密处理(对应图2步骤1及图3步骤1)。其中,目标用户为客户端10的用户。In this embodiment, in order to improve the security of the private key, TEE and KMS are introduced to protect the private key in the public-private key pair of the security protocol. Specifically, in conjunction with Figures 2 and 3, the client 10 can call the TEE provided by the first service node 30 to encrypt the private key in the public-private key pair of the target user (corresponding to step 1 in Figure 2 and step 1 in Figure 3). Among them, the target user is the user of the client 10.
值得说明的是,客户端10在使用第一服务节点30运行的TEE之前,需要确保TEE是可信的。这就需要对TEE进行可信认证。远程证明(Remote Attestation,RA)可用于对Enclave的可信认证。其中,RA指的是一个计算系统(证明者,Prover)向一个远程系统(验证者,Verifier)证明它的软件和/或硬件配置和状态的一种技术。一个远程证明系统通常包括证明者和验证者两部分。证明者端具有系统完整性度量(Integrity Measurement)机制,能够根据证明者和验证者之间的远程证明协议(Remote Attestation Protocol,RAP),将自身系统的度量值通过远程证明协议汇报给验证者,以便验证者验证证明者系统完整性。It is worth noting that before using the TEE running on the first service node 30, the client 10 needs to ensure that the TEE is trustworthy. This requires trusted authentication of the TEE. Remote Attestation (RA) can be used for trusted authentication of the Enclave. Among them, RA refers to a technology in which a computing system (prover) proves its software and/or hardware configuration and status to a remote system (verifier). A remote attestation system usually consists of two parts: a prover and a verifier. The prover side has a system integrity measurement (Integrity Measurement) mechanism, which can report the measurement value of its own system to the verifier through the remote attestation protocol (RAP) based on the remote attestation protocol (Remote Attestation Protocol, RAP) between the prover and the verifier, so that the verifier can verify the integrity of the prover system.
在本实施例中,客户端10可作为验证者,也可称为挑战者。第一服务节点30中的TEE作为证明者。RA服务节点50是指提供远程证明服务的设备、模块或虚拟实例等。虚拟实例可为虚拟机、容器组(如Pod)或容器(Container)。RA服务节点50提供的远程证明服务可为一种SaaS形态产品。下面结合图4对TEE的远程证明过程进行示例性说明。In this embodiment, the client 10 can act as a verifier, also known as a challenger. The TEE in the first service node 30 acts as a prover. The RA service node 50 refers to a device, module or virtual instance that provides remote attestation services. A virtual instance can be a virtual machine, a container group (such as a Pod) or a container. The remote attestation service provided by the RA service node 50 can be a SaaS product. The remote attestation process of TEE is exemplified below in conjunction with Figure 4.
客户端10在使用第一服务节点30提供的TEE之前,需要对TEE进行可信验证,在验证TEE为受信任的可执行环境的条件下,可调用TEE对目标用户的公私钥对中的私钥进行加密处理。Before using the TEE provided by the first service node 30, the client 10 needs to perform trustworthy verification on the TEE. Under the condition that the TEE is verified to be a trusted executable environment, the TEE can be called to encrypt the private key in the public-private key pair of the target user.
如图4所示,客户端10可利用远程证明技术对TEE进行可信性验证。具体地,客户端10可向第一服务节点30中的TEE发起远程证明(RA)请求(对应图4步骤1)。第一服务节点30中的TEE接收该RA请求,并响应于RA请求,生成TEE的身份密钥和远程证明报告(Report)(对应图4步骤2)。第一服务节点30可将TEE的身份密钥和远程证明报告(Report)提供给RA服务节点50(对应图4步骤3)。 As shown in Figure 4, the client 10 can use remote attestation technology to verify the credibility of the TEE. Specifically, the client 10 can initiate a remote attestation (RA) request to the TEE in the first service node 30 (corresponding to step 1 in Figure 4). The TEE in the first service node 30 receives the RA request, and in response to the RA request, generates the TEE's identity key and remote attestation report (Report) (corresponding to step 2 in Figure 4). The first service node 30 can provide the TEE's identity key and remote attestation report (Report) to the RA service node 50 (corresponding to step 3 in Figure 4).
RA服务节点50可基于远程证明报告(Report)对TEE的身份密钥进行合法性验证;并在验证结果为TEE合法的情况下,为TEE签发身份认证证书。进一步,RA服务节点50可获取TEE的引证信息(Quotes),并利用本地公钥对TEE的引证信息进行加密,得到加密的引证信息(对应图4步骤4)。引证信息可包括:Enclave的身份认证证书、度量日志及签名值等。度量日志可包括:TEE的运行状态、安全版本号(Security Version Number,SVN)、硬件签名信息(如PCK cert)及可信计算基础(Trusted Computing Base,TCB)信息等。The RA service node 50 can verify the legitimacy of the TEE's identity key based on the remote attestation report (Report); and if the verification result shows that the TEE is legal, it will issue an identity authentication certificate for the TEE. Further, the RA service node 50 can obtain the TEE's citation information (Quotes), and use the local public key to encrypt the TEE's citation information to obtain the encrypted citation information (corresponding to step 4 of Figure 4). The citation information may include: the Enclave's identity authentication certificate, measurement log, and signature value. The measurement log may include: the TEE's operating status, security version number (Security Version Number, SVN), hardware signature information (such as PCK cert) and Trusted Computing Base (TCB) information, etc.
进一步,RA服务节点50可将加密的引证信息发送给客户端10(对应图4步骤5)。客户端10可调用RA服务节点50对加密的引证信息进行远程证明(对应图4步骤6)。Furthermore, the RA service node 50 may send the encrypted reference information to the client 10 (corresponding to step 5 in FIG. 4 ). The client 10 may call the RA service node 50 to perform remote certification on the encrypted reference information (corresponding to step 6 in FIG. 4 ).
具体地,客户端10可将加密的引证信息提供给RA服务节点50。RA服务节点50可利用本地私钥对加密的引证信息进行解密,得到TEE的引证信息。进一步,可根据TEE的引证信息对TEE进行可信性验证(对应图4步骤7),并向客户端10返回验证结果(对应图4步骤8)。验证结果用于表示TEE是否可信,即验证结果为TEE可信或不可信。Specifically, the client 10 may provide the encrypted citation information to the RA service node 50. The RA service node 50 may use the local private key to decrypt the encrypted citation information to obtain the citation information of the TEE. Further, the credibility of the TEE may be verified based on the citation information of the TEE (corresponding to step 7 of Figure 4), and the verification result may be returned to the client 10 (corresponding to step 8 of Figure 4). The verification result is used to indicate whether the TEE is credible, that is, the verification result is whether the TEE is credible or not.
上述实施例示例性的描述了TEE的可信性验证过程,但不构成限定。如图2所示,客户端10在确认TEE可信的情况下,可调用TEE对目标用户的公私钥对中的私钥进行加密处理(对应图2步骤1及图3步骤1)。其中,目标用户为客户端10的用户。The above embodiment describes the TEE credibility verification process by way of example, but does not constitute a limitation. As shown in FIG2 , when the client 10 confirms that the TEE is credible, it can call the TEE to encrypt the private key in the public-private key pair of the target user (corresponding to step 1 in FIG2 and step 1 in FIG3 ). The target user is the user of the client 10.
相应地,对于第一服务节点30可利用TEE获取目标用户的待保护的公私钥对(对应图2步骤2及图3步骤2)。该公私钥对可为第一服务节点30在TEE中为目标用户生成的,也可为客户端10导入至TEE中的公私钥对。Accordingly, the first service node 30 can use TEE to obtain the public-private key pair to be protected of the target user (corresponding to step 2 of Figure 2 and step 2 of Figure 3). The public-private key pair can be generated by the first service node 30 for the target user in TEE, or it can be the public-private key pair imported into TEE by the client 10.
在一些实施例中,客户端10可向TEE发起密钥申请请求(对应图3步骤1)。第一服务节点30可利用TEE接收该密钥申请请求,并利用TEE响应于密钥申请请求为目标用户生成公私钥对,作为待保护的公私钥对(对应图3步骤2)。在本申请实施例中,不限定TEE为目标用户生成公私钥对的具体实施方式。可选地,TEE可利用密钥生成器为目标用户生成公私钥对。或者,TEE可调用第二服务节点40提供的KMS,为目标用户生成公私钥对等。In some embodiments, the client 10 may initiate a key application request to the TEE (corresponding to step 1 in Figure 3). The first service node 30 may use the TEE to receive the key application request, and use the TEE to generate a public-private key pair for the target user in response to the key application request as the public-private key pair to be protected (corresponding to step 2 in Figure 3). In the embodiment of the present application, the specific implementation method of TEE generating a public-private key pair for the target user is not limited. Optionally, TEE may use a key generator to generate a public-private key pair for the target user. Alternatively, TEE may call the KMS provided by the second service node 40 to generate a public-private key pair for the target user.
在另一些实施例中,待保护的公私钥对也可为客户端10提供给TEE的公私钥对(对应图3步骤1“导入公私钥对”)。相应地,TEE可接收客户端10提供的公私钥对,作为待保护的公私钥对(对应图3步骤2中“获取导入的公私钥对”)。In other embodiments, the public-private key pair to be protected may also be the public-private key pair provided by the client 10 to the TEE (corresponding to step 1 "Importing the public-private key pair" in FIG. 3). Accordingly, the TEE may receive the public-private key pair provided by the client 10 as the public-private key pair to be protected (corresponding to step 2 "Obtaining the imported public-private key pair" in FIG. 3).
TEE在获取目标用户的待保护的公私钥对之后,可从KMS中,获取目标用户的数据密钥及数据密钥的密文(对应图2步骤3及图3步骤3-5)。After obtaining the target user's public and private key pair to be protected, TEE can obtain the target user's data key and the ciphertext of the data key from KMS (corresponding to step 3 of Figure 2 and steps 3-5 of Figure 3).
具体地,TEE可向KMS发起密钥申请请求(对应图3步骤3“申请DK”)。该密钥申请请求可包括目标用户的标识。相应地,KMS接收该密钥申请请求,并基于密钥申请请求携带的目标用户的标识,获取目标用户的主密钥,即目标用户的DMK。其中,目标用户的DMK为KMS预先为目标用户创建的,即目标用户已申请KMS。进 一步,KMS可基于目标用户的DMK,生成目标用户的数据密钥(对应图2步骤3步骤4“CMK派生出DK”)。可选地,KMS可利用密钥派生函数基于目标用户的DMK,派生出至少一个数据密钥(DK)。Specifically, TEE can initiate a key application request to KMS (corresponding to step 3 "Apply for DK" in Figure 3). The key application request may include the identity of the target user. Accordingly, KMS receives the key application request and obtains the target user's master key, that is, the target user's DMK, based on the identity of the target user carried in the key application request. The target user's DMK is pre-created for the target user by KMS, that is, the target user has applied for KMS. In the first step, KMS can generate a data key of the target user based on the DMK of the target user (corresponding to step 3 and step 4 of Figure 2 "CMK derives DK"). Optionally, KMS can derive at least one data key (DK) based on the DMK of the target user using a key derivation function.
进一步,KMS可对数据密钥进行加密,得到数据密钥的密文(对应图3步骤4“生成DK的密文”)。在本实施例中,不限定对数据密钥进行加密的密钥。在一些实施例中,可利用目标用户的DMK作为密钥,对数据密钥进行加密,得到数据密钥的密文。在另一些实施例中,KMS可利用密钥派生函数基于目标用户的DMK,派生出多个数据密钥(如2个数据密钥DK1和DK2),可将多个数据密钥的其中一个(如DK1)作为目标用户的数据密钥;另一个(如DK2)作为对目标用户的数据密钥进行加密的数据密钥。相应地,可利用数据密钥DK2对目标用户的数据密钥DK1进行加密,得到目标用户的数据密钥DK1的密文。Further, KMS can encrypt the data key to obtain the ciphertext of the data key (corresponding to step 4 of Figure 3 "Generate ciphertext of DK"). In this embodiment, the key for encrypting the data key is not limited. In some embodiments, the DMK of the target user can be used as a key to encrypt the data key to obtain the ciphertext of the data key. In other embodiments, KMS can use a key derivation function based on the DMK of the target user to derive multiple data keys (such as 2 data keys DK1 and DK2), and one of the multiple data keys (such as DK1) can be used as the data key of the target user; the other (such as DK2) can be used as the data key for encrypting the data key of the target user. Accordingly, the data key DK2 can be used to encrypt the data key DK1 of the target user to obtain the ciphertext of the data key DK1 of the target user.
进一步,KMS可将目标用户的数据密钥和该数据密钥的密文返回至TEE(对应图2步骤3及图3步骤5)。TEE可利用数据密钥对公私钥对中的私钥进行加密处理,以得到私钥的密文(对应图2步骤4及图3步骤6);进一步,可将私钥的密文、公私钥对中的公钥及数据密钥的密文返回至客户端10(对应图2步骤5及图3步骤7)。Furthermore, KMS can return the target user's data key and the ciphertext of the data key to TEE (corresponding to step 3 of Figure 2 and step 5 of Figure 3). TEE can use the data key to encrypt the private key in the public-private key pair to obtain the ciphertext of the private key (corresponding to step 4 of Figure 2 and step 6 of Figure 3); further, the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key can be returned to the client 10 (corresponding to step 5 of Figure 2 and step 7 of Figure 3).
客户端10可接收私钥的密文、公私钥对中的公钥及数据密钥的密文;并存储私钥的密文、公私钥对中的公钥及数据密钥的密文(对应图2步骤6及图3步骤8)。可选地,对于SSH协议,客户端10可将私钥的密文、公私钥对中的公钥及数据密钥的密文存储至.ssh目录下。The client 10 may receive the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key; and store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key (corresponding to step 6 of FIG. 2 and step 8 of FIG. 3 ). Optionally, for the SSH protocol, the client 10 may store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key in the .ssh directory.
在本实施例中,引入TEE和KMS对安全协议中的私钥进行保护。具体地,由TEE调用KMS获取客户端的用户的数据密钥和数据密钥的密文,并在TEE中利用数据密钥对私钥进行加密,得到私钥的密文;之后,将私钥的密文和数据密钥的密文存储至客户端,实现了私钥的加密存储,可降低私钥泄露的风险。另一方面,由TEE对私钥进行加密,使得私钥的明文保持机密计算的TEE中,外部不可信的环境无法访问私钥,可进一步提高私钥的安全性。In this embodiment, TEE and KMS are introduced to protect the private key in the security protocol. Specifically, TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage. On the other hand, TEE encrypts the private key so that the plaintext of the private key remains in the confidential computing TEE, and the external untrusted environment cannot access the private key, which can further improve the security of the private key.
由于目标用户的数据密钥是由KMS进行管理和控制的,因此可通过KMS的管理数据密钥的生存周期,实现对公私钥对中私钥的生存周期的管理,保持和KMS一致的密钥管理方法。例如,可通过KMS注销数据密钥来注销私钥。由于私钥的密文是以数据密钥为密钥加密得到的,因此,数据密钥被注销后,私钥的密文由于无解密的密钥,也就自然失效。又例如,可通过KMS对数据密钥的轮转,实现私钥轮转等。Since the target user's data key is managed and controlled by KMS, the life cycle of the private key in the public-private key pair can be managed through the life cycle of the data key managed by KMS, and the key management method consistent with KMS can be maintained. For example, the private key can be cancelled by canceling the data key through KMS. Since the ciphertext of the private key is encrypted with the data key as the key, after the data key is cancelled, the ciphertext of the private key will naturally become invalid because there is no decryption key. For another example, the rotation of the data key can be achieved through KMS to rotate the private key.
其中,密钥轮转是指:在安全性要求较高的场景下,要求加密后的数据,其密钥必须周期性的发生变更,不能长时间使用同一密钥对数据进行加密保护。这种定期变更密钥的加密方式,称之为密钥轮转。具体地,可通过KMS对数据密钥进行轮转,更新数据密钥;并将更新后的数据密钥对发送至TEE,由TEE对公私钥对中的私钥进行加密,得到私钥的更新密文,实现私钥轮转。 Among them, key rotation means: in scenarios with high security requirements, the key of the encrypted data must be changed periodically, and the same key cannot be used to encrypt and protect the data for a long time. This encryption method of regularly changing the key is called key rotation. Specifically, the data key can be rotated and updated through KMS; and the updated data key pair can be sent to TEE, which encrypts the private key in the public-private key pair to obtain the updated ciphertext of the private key, thereby realizing private key rotation.
在本申请实施例中,客户端10还可将公私钥对中的公钥注册到服务端20(对应图2步骤7及图3步骤9)。基于上述实施例提供的私钥保护方式,本申请实施例还提供相应的服务端访问方法。下面对本申请实施例提供的服务端访问过程进行示例性说明。In the embodiment of the present application, the client 10 can also register the public key in the public-private key pair to the server 20 (corresponding to step 7 of FIG. 2 and step 9 of FIG. 3). Based on the private key protection method provided in the above embodiment, the embodiment of the present application also provides a corresponding server access method. The following is an exemplary description of the server access process provided in the embodiment of the present application.
如图5所示,客户端10在访问服务端20时,可向服务端20发起访问请求(对应图5步骤1)。服务端20接收该访问请求,并响应于该访问请求生成随机数,并利用目标用户的公私钥对中的公钥对该随机数进行加密,得到随机数的密文(对应图5步骤2“公钥加密随机数”)。之后,服务端20可将随机数的密文返回至客户端10(对应图5步骤3)。As shown in FIG5 , when the client 10 accesses the server 20, it may initiate an access request to the server 20 (corresponding to step 1 in FIG5 ). The server 20 receives the access request, generates a random number in response to the access request, and encrypts the random number using the public key in the public-private key pair of the target user to obtain the ciphertext of the random number (corresponding to step 2 “public key encryption of random number” in FIG5 ). Afterwards, the server 20 may return the ciphertext of the random number to the client 10 (corresponding to step 3 in FIG5 ).
客户端10接收随机数的密文;并向第一服务节点30中的TEE发起解密请求(对应图5步骤4)。具体地,客户端10可根据随机数的密文、数据密钥的密文及目标用户的公私钥对中私钥的密文,生成解密请求。该解密请求包括随机数的密文、数据密钥的密文及目标用户的公私钥对中私钥的密文。The client 10 receives the ciphertext of the random number and initiates a decryption request to the TEE in the first service node 30 (corresponding to step 4 in FIG. 5 ). Specifically, the client 10 can generate a decryption request based on the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user. The decryption request includes the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user.
可选地,客户端10可通过ecall方法调用TEE,请求TEE对随机数的密文进行解密。ecall方法为TEE(如Enclave)提供的被TEE(如Enclave)外部程序(即不可信环境)调用的方法。换言之,ecall方法为TEE外部访问TEE内部的唯一通道,但其执行过程是受可信环境保护的。或者,客户端10可通过应用程序编程接口(Application Programming Interface,API)调用TEE,请求TEE对随机数的密文进行解密等。Optionally, the client 10 can call the TEE through the ecall method and request the TEE to decrypt the ciphertext of the random number. The ecall method is a method provided by the TEE (such as Enclave) and called by an external program (i.e., an untrusted environment) of the TEE (such as Enclave). In other words, the ecall method is the only channel for the outside of the TEE to access the inside of the TEE, but its execution process is protected by a trusted environment. Alternatively, the client 10 can call the TEE through the Application Programming Interface (API) and request the TEE to decrypt the ciphertext of the random number, etc.
相应地,TEE接收该解密请求;并调用KMS对数据密钥的密文进行解密,以得到目标用户的数据密钥(对应图5步骤5-7)。Correspondingly, TEE receives the decryption request and calls KMS to decrypt the ciphertext of the data key to obtain the data key of the target user (corresponding to steps 5-7 in Figure 5).
具体地,TEE可调用KMS,并向KMS发送数据密钥的密文及目标用户的标识(对应图5步骤5)。KMS可对数据密钥的密文进行解密,以得到目标用户的数据密钥(对应图5步骤6)。具体地,对于上述KMS以目标用户的用户主密钥(DMK)为密钥,对目标用户的数据密钥进行加密的实施例,KMS可根据目标用户的标识,获取目标用户的用户主密钥(DMK),并利用该DMK对目标用户的数据密钥的密文进行解密,以得到目标用户的数据密钥。对于上述KMS以基于目标用户的DMK派生出的另一数据密钥DK2,对目标用户的数据密钥DK1的密文进行解密,以得到目标用户的数据密钥DK1。Specifically, TEE can call KMS and send the ciphertext of the data key and the identifier of the target user to KMS (corresponding to step 5 of Figure 5). KMS can decrypt the ciphertext of the data key to obtain the data key of the target user (corresponding to step 6 of Figure 5). Specifically, for the above-mentioned KMS using the user master key (DMK) of the target user as the key to encrypt the data key of the target user, KMS can obtain the user master key (DMK) of the target user based on the identifier of the target user, and use the DMK to decrypt the ciphertext of the data key of the target user to obtain the data key of the target user. For the above-mentioned KMS, another data key DK2 derived from the DMK of the target user is used to decrypt the ciphertext of the data key DK1 of the target user to obtain the data key DK1 of the target user.
进一步,KMS可将目标用户的数据密钥返回至TEE(对应图5步骤7)。TEE接收该数据密钥,并利用目标被用户的数据密钥,对私钥的密文进行解密,以得到私钥的明文(对应图5步骤8)。进一步,TEE可利用私钥对随机数的密文进行解密,以得到随机数的明文(对应图5步骤9)。Furthermore, KMS can return the data key of the target user to TEE (corresponding to step 7 of Figure 5). TEE receives the data key and uses the data key of the target user to decrypt the ciphertext of the private key to obtain the plaintext of the private key (corresponding to step 8 of Figure 5). Furthermore, TEE can use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number (corresponding to step 9 of Figure 5).
进一步,TEE可将随时数的明文返回至客户端10(对应图5步骤10)。客户端10可基于随机数的明文访问服务端20。Furthermore, the TEE may return the plain text of the random number to the client 10 (corresponding to step 10 in FIG. 5 ). The client 10 may access the server 20 based on the plain text of the random number.
具体地,客户端10可将随机数的明文发送至服务端20(对应图5步骤11)。服务端20可根据接收到客户端提供的随机数,与自身生成的随机数,对客户端10进行访问权限 验证(对应图5步骤12),并将权限验证结果返回至客户端10(对应图5步骤13)。若服务端20接收到的客户端提供的随机数与自身生成的随机数一致,说明客户端10拥有公钥对应的私钥,即客户端10具有访问权限,则确定客户端10具有服务端20的访问权限,允许客户端10访问服务端20。相应地,若服务端20接收到的客户端提供的随机数与自身生成的随机数不一致,说明客户端10无公钥对应的私钥,则确定客户端10无服务端20的访问权限,则阻止客户端10访问服务端20。当然,还可向客户端10返回无访问权限提示信息等。Specifically, the client 10 may send the plain text of the random number to the server 20 (corresponding to step 11 in FIG. 5 ). The server 20 may perform access rights on the client 10 based on the random number received from the client and the random number generated by itself. Verify (corresponding to step 12 in FIG. 5 ), and return the permission verification result to the client 10 (corresponding to step 13 in FIG. 5 ). If the random number provided by the client received by the server 20 is consistent with the random number generated by itself, it means that the client 10 has the private key corresponding to the public key, that is, the client 10 has access rights, then it is determined that the client 10 has access rights to the server 20, and the client 10 is allowed to access the server 20. Correspondingly, if the random number provided by the client received by the server 20 is inconsistent with the random number generated by itself, it means that the client 10 does not have the private key corresponding to the public key, then it is determined that the client 10 does not have access rights to the server 20, and the client 10 is blocked from accessing the server 20. Of course, a prompt message indicating that there is no access right can also be returned to the client 10.
在本实施例中,对于客户端基于公私钥对机制访问服务端的访问权限验证过程中,安全协议的公私钥对中的私钥保持在机密计算的可信执行环境(TEE)中,外部不可信的环境无法访问私钥。即时用户的客户端如虚拟机被入侵,也可保证私钥不会丢失,可降低私钥泄露风险。另一方面,私钥在以密文形式存储和传输,可降低私钥的明文暴露的风险。In this embodiment, during the access rights verification process of the client accessing the server based on the public-private key pair mechanism, the private key in the public-private key pair of the security protocol is kept in the trusted execution environment (TEE) of confidential computing, and the private key cannot be accessed by an external untrusted environment. Even if the user's client, such as a virtual machine, is hacked, it can be guaranteed that the private key will not be lost, which can reduce the risk of private key leakage. On the other hand, the private key is stored and transmitted in ciphertext, which can reduce the risk of plaintext exposure of the private key.
另外,上述客户端与服务端的交互流程可兼容原有安全协议流程(如SSH协议流程),不需要对安全协议(如SSH)的服务端进行任何改动,在安全协议(如SSH)的客户端可增加对TEE的调用接口,如应用程序编程接口(Application Programming Interface,API),即可实现对TEE的调用,从而实现客户端与服务端之间的交互流程。这种轻量的改动,能够保持较好的兼容性,提高本实施例提供方案的普适性和通用性。In addition, the above-mentioned interaction process between the client and the server is compatible with the original security protocol process (such as the SSH protocol process), and no changes are required to the server of the security protocol (such as SSH). The client of the security protocol (such as SSH) can add a calling interface for TEE, such as an application programming interface (Application Programming Interface, API), to implement the call to TEE, thereby realizing the interaction process between the client and the server. This lightweight modification can maintain good compatibility and improve the universality and versatility of the solution provided in this embodiment.
除了上述系统实施例之外,本申请实施例还提供私钥访问方法和服务端访问方法。下面分别从客户端和上述运行有TEE的第一服务节点的角度,对本申请实施例提供的私钥访问方法和服务端访问方法进行示例性说明。In addition to the above system embodiments, the embodiments of the present application also provide a private key access method and a server access method. The following is an exemplary description of the private key access method and the server access method provided in the embodiments of the present application from the perspectives of the client and the first service node running TEE.
图6为本申请实施例提供的一种私钥访问方法的流程示意图。该方法可适用于运行有TEE的服务节点。如图6所示,该方法主要包括:FIG6 is a flow chart of a private key access method provided in an embodiment of the present application. The method can be applied to a service node running a TEE. As shown in FIG6 , the method mainly includes:
601、利用TEE,获取目标用户的待保护的公私钥对。601. Using TEE, obtain the public and private key pair to be protected of the target user.
602、利用TEE从KMS中,获取目标用户的数据密钥及数据密钥的密文。602. Use TEE to obtain the target user's data key and the ciphertext of the data key from KMS.
603、在TEE中,利用数据密钥对公私钥对中的私钥进行加密处理,以得到私钥的密文。603. In the TEE, the private key in the public-private key pair is encrypted using the data key to obtain the ciphertext of the private key.
604、利用TEE将私钥的密文、公私钥对中的公钥及数据密钥的密文,返回给用户的客户端,以供客户端存储私钥的密文、公私钥对中的公钥及数据密钥的密文。604. Using TEE, the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key are returned to the user's client, so that the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
图7为本申请实施例提供的另一种私钥访问方法的流程示意图。该方法可适用于安全协议的客户端。如图7所示,该方法主要包括:FIG7 is a flow chart of another private key access method provided by an embodiment of the present application. The method can be applied to a client of a security protocol. As shown in FIG7 , the method mainly includes:
701、调用TEE对目标用户的公私钥对中的私钥进行加密处理,以供TEE调用KMS获取目标用户的数据密钥及数据密钥的密文,并利用数据密钥对私钥进行加密处理得到私钥的密文。701. Call TEE to encrypt the private key in the public-private key pair of the target user, so that TEE can call KMS to obtain the data key and ciphertext of the data key of the target user, and use the data key to encrypt the private key to obtain the ciphertext of the private key.
702、接收TEE返回的私钥的密文、公私钥对中的公钥及数据密钥的密文。702. Receive the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key returned by the TEE.
703、存储私钥的密文、公私钥对中的公钥及数据密钥的密文。703. Store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
在本实施例中,客户端可基于安全协议访问服务端。客户端可为安全协议的客户 端。服务端可为安全协议的服务端。具体地,客户端可利用安全协议提供的公私钥对机制访问服务端。In this embodiment, the client can access the server based on the security protocol. The client can be a client of the security protocol. The server may be a server of a security protocol. Specifically, the client may access the server using a public-private key pair mechanism provided by the security protocol.
在本实施例中,为了提高私钥安全性,引入TEE和KMS对安全协议的公私钥对中的私钥进行保护。具体地,对于客户端,如图7步骤701所示,可调用TEE对目标用户的公私钥对中的私钥进行加密处理。其中,目标用户为客户端的用户。In this embodiment, in order to improve the security of the private key, TEE and KMS are introduced to protect the private key in the public-private key pair of the security protocol. Specifically, for the client, as shown in step 701 of Figure 7, TEE can be called to encrypt the private key in the public-private key pair of the target user. The target user is the user of the client.
值得说明的是,客户端在使用TEE之前,需要确保TEE是可信的。这就需要对TEE进行可信认证。关于对TEE进行可信认证的具体实施方式,可参见上述图4的相关内容,在此不再赘述。It is worth noting that before using TEE, the client needs to ensure that TEE is trustworthy. This requires trustworthy authentication of TEE. For the specific implementation of trustworthy authentication of TEE, please refer to the relevant content of Figure 4 above, which will not be repeated here.
客户端在确认TEE可信的情况下,在步骤701中,可调用TEE对目标用户的公私钥对中的私钥进行加密处理。其中,目标用户为客户端10的用户。When the client confirms that the TEE is credible, in step 701 , the TEE may be called to encrypt the private key in the public-private key pair of the target user, where the target user is the user of the client 10 .
相应地,对于运行有TEE的服务节点,在步骤601中,可利用TEE获取目标用户的待保护的公私钥对。该公私钥对可为在TEE中为目标用户生成的,也可为客户端导入至TEE中的公私钥对。Accordingly, for a service node running TEE, the public-private key pair to be protected of the target user can be obtained by using TEE in step 601. The public-private key pair can be generated for the target user in TEE, or can be a public-private key pair imported into TEE by the client.
在一些实施例中,客户端可向TEE发起密钥申请请求。运行有TEE的服务节点,可利用TEE接收该密钥申请请求,并利用TEE响应于密钥申请请求为目标用户生成公私钥对,作为待保护的公私钥对。In some embodiments, the client may initiate a key application request to the TEE. The service node running the TEE may use the TEE to receive the key application request, and use the TEE to generate a public-private key pair for the target user in response to the key application request as the public-private key pair to be protected.
在另一些实施例中,待保护的公私钥对也可为客户端提供给TEE的公私钥对。相应地,可利用TEE接收客户端提供的公私钥对,作为待保护的公私钥对。In other embodiments, the public-private key pair to be protected may also be a public-private key pair provided by the client to the TEE. Accordingly, the TEE may be used to receive the public-private key pair provided by the client as the public-private key pair to be protected.
TEE在获取目标用户的待保护的公私钥对之后,在步骤602中,可利用TEE从KMS中,获取目标用户的数据密钥及数据密钥的密文。After obtaining the public and private key pair to be protected of the target user, TEE can use TEE to obtain the data key and the ciphertext of the data key of the target user from KMS in step 602.
具体地,TEE可向KMS发起密钥申请请求。该密钥申请请求可包括目标用户的标识。相应地,KMS接收该密钥申请请求,并基于密钥申请请求携带的目标用户的标识,获取目标用户的主密钥,即目标用户的DMK。其中,目标用户的DMK为KMS预先为目标用户创建的,即目标用户已申请KMS。进一步,KMS可基于目标用户的DMK,生成目标用户的数据密钥。可选地,KMS可利用密钥派生函数基于目标用户的DMK,派生出至少一个数据密钥。进一步,KMS可对数据密钥进行加密,得到数据密钥的密文。Specifically, TEE may initiate a key application request to KMS. The key application request may include the identifier of the target user. Accordingly, KMS receives the key application request and obtains the target user's master key, that is, the target user's DMK, based on the identifier of the target user carried in the key application request. Among them, the target user's DMK is pre-created by KMS for the target user, that is, the target user has applied for KMS. Further, KMS may generate a data key for the target user based on the target user's DMK. Optionally, KMS may use a key derivation function to derive at least one data key based on the target user's DMK. Further, KMS may encrypt the data key to obtain a ciphertext of the data key.
进一步,KMS可将目标用户的数据密钥和该数据密钥的密文返回至TEE。相应地,对于TEE可接收目标用户的数据密钥和该数据密钥的密文。进一步,在步骤602中,在TEE中可利用数据密钥对公私钥对中的私钥进行加密处理,以得到私钥的密文;进一步,在步骤603中,可利用TEE将私钥的密文、公私钥对中的公钥及数据密钥的密文返回至客户端。Furthermore, KMS can return the target user's data key and the ciphertext of the data key to TEE. Accordingly, TEE can receive the target user's data key and the ciphertext of the data key. Furthermore, in step 602, the private key in the public-private key pair can be encrypted in TEE using the data key to obtain the ciphertext of the private key; further, in step 603, TEE can be used to return the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key to the client.
客户端在步骤702中,可接收私钥的密文、公私钥对中的公钥及数据密钥的密文;并在步骤703中,存储私钥的密文、公私钥对中的公钥及数据密钥的密文(对应图2步骤6及图3步骤8)。可选地,对于SSH协议,客户端可将私钥的密文、公私钥对 中的公钥及数据密钥的密文存储至.ssh目录下。In step 702, the client can receive the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key; and in step 703, store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key (corresponding to step 6 of Figure 2 and step 8 of Figure 3). Optionally, for the SSH protocol, the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key. The ciphertext of the public key and data key in the .ssh directory.
在本实施例中,引入TEE和KMS对安全协议中的私钥进行保护。具体地,由TEE调用KMS获取客户端的用户的数据密钥和数据密钥的密文,并在TEE中利用数据密钥对私钥进行加密,得到私钥的密文;之后,将私钥的密文和数据密钥的密文存储至客户端,实现了私钥的加密存储,可降低私钥泄露的风险。另一方面,由TEE对私钥进行加密,使得私钥的明文保持机密计算的TEE中,外部不可信的环境无法访问私钥,可进一步提高私钥的安全性。In this embodiment, TEE and KMS are introduced to protect the private key in the security protocol. Specifically, TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage. On the other hand, TEE encrypts the private key so that the plaintext of the private key remains in the confidential computing TEE, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
由于目标用户的数据密钥是由KMS进行管理和控制的,因此可通过KMS的管理数据密钥的生存周期,实现对公私钥对中私钥的生存周期的管理,保持和KMS一致的密钥管理方法。例如,可通过KMS注销数据密钥来注销私钥。由于私钥的密文是以数据密钥为密钥加密得到的,因此,数据密钥被注销后,私钥的密文由于无解密的密钥,也就自然失效。又例如,可通过KMS对数据密钥的轮转,实现私钥轮转等。Since the target user's data key is managed and controlled by KMS, the life cycle of the private key in the public-private key pair can be managed through the life cycle of the data key managed by KMS, and the key management method consistent with KMS can be maintained. For example, the private key can be cancelled by canceling the data key through KMS. Since the ciphertext of the private key is encrypted with the data key as the key, after the data key is cancelled, the ciphertext of the private key will naturally become invalid because there is no decryption key. For another example, the rotation of the data key can be achieved through KMS to rotate the private key.
具体地,可通过KMS对数据密钥进行轮转,更新数据密钥;并将更新后的数据密钥对发送至TEE,由TEE对公私钥对中的私钥进行加密,得到私钥的更新密文,实现私钥轮转。Specifically, the data key can be rotated and updated through KMS; and the updated data key pair is sent to TEE, which encrypts the private key in the public-private key pair to obtain the updated ciphertext of the private key, thereby realizing private key rotation.
在本申请实施例中,客户端还可将公私钥对中的公钥注册到服务端。基于上述实施例提供的私钥保护方式,本申请实施例还提供相应的服务端访问方法。下面对本申请实施例提供的服务端访问过程进行示例性说明。In the embodiment of the present application, the client can also register the public key in the public-private key pair to the server. Based on the private key protection method provided in the above embodiment, the embodiment of the present application also provides a corresponding server access method. The following is an exemplary description of the server access process provided in the embodiment of the present application.
图8为本申请实施例提供的一种服务端访问方法的流程示意图。该方法可适用于安全协议的客户端。如图8所示,该方法主要包括:FIG8 is a flow chart of a method for accessing a server provided in an embodiment of the present application. The method is applicable to a client of a security protocol. As shown in FIG8 , the method mainly includes:
801、向服务端发起访问请求,以供服务端响应于访问请求,利用客户端对应的目标用户的公私钥对中的公钥对随机数进行加密得到随机数的密文;客户端存储有公私钥对中的私钥的密文及目标用户的数据密钥的密文。801. Initiate an access request to the server, so that the server responds to the access request and uses the public key in the public-private key pair of the target user corresponding to the client to encrypt the random number to obtain the ciphertext of the random number; the client stores the ciphertext of the private key in the public-private key pair and the ciphertext of the data key of the target user.
802、接收服务端返回的随机数的密文。802. Receive the ciphertext of the random number returned by the server.
803、向TEE发起解密请求,解密请求包含随机数的密文、数据密钥的密文及私钥的密文,以供TEE调用KMS对数据密钥的密文进行解密得到数据密钥,并利用数据密钥对私钥的密文进行解密得到私钥;以及利用私钥对随机数的密文进行解密得到随机数的明文。803. Initiate a decryption request to TEE, where the decryption request includes the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key, so that TEE can call KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number.
804、接收TEE返回的随机数的明文。804. Receive the plaintext of the random number returned by TEE.
805、基于随机数的明文,访问服务端。805. Access the server based on the plain text of the random number.
图9为本申请实施例提供的另一种服务端访问方法的流程示意图。该方法可适用于运行有TEE的服务节点。如图9所示,该方法主要包括:FIG9 is a flow chart of another server access method provided in an embodiment of the present application. The method can be applied to a service node running a TEE. As shown in FIG9 , the method mainly includes:
901、利用TEE获取客户端发起的解密请求;解密请求包括随机数的密文、数据密钥的密文及私钥的密文;随机数的密文为服务端响应客户端的访问请求,利用公私钥对中的公钥对随机数加密得到的;客户端存储有数据密钥的密文及私钥的密文。 901. Use TEE to obtain the decryption request initiated by the client; the decryption request includes the ciphertext of the random number, the ciphertext of the data key and the ciphertext of the private key; the ciphertext of the random number is obtained by the server responding to the client's access request, using the public key in the public-private key pair to encrypt the random number; the client stores the ciphertext of the data key and the ciphertext of the private key.
902、利用TEE调用KMS对数据密钥的密文进行解密,以得到数据密钥。902. Use TEE to call KMS to decrypt the ciphertext of the data key to obtain the data key.
903、在TEE中利用数据密钥对私钥的密文进行解密,以得到私钥。903. Decrypt the ciphertext of the private key using the data key in the TEE to obtain the private key.
904、在TEE中利用私钥对随机数的密文进行解密,以得到随机数的明文。904. Decrypt the ciphertext of the random number using the private key in the TEE to obtain the plaintext of the random number.
905、利用TEE将随机数的明文返回至客户端,以供客户端基于随机数的明文访问服务端。905. Use TEE to return the plain text of the random number to the client, so that the client can access the server based on the plain text of the random number.
在本实施例中,客户端在访问服务端时,在步骤801中,可向服务端发起访问请求。服务端接收该访问请求,并响应于该访问请求生成随机数,并利用目标用户的公私钥对中的公钥对该随机数进行加密,得到随机数的密文。之后,服务端可将随机数的密文返回至客户端。In this embodiment, when the client accesses the server, in step 801, it may initiate an access request to the server. The server receives the access request, generates a random number in response to the access request, and encrypts the random number using the public key in the public-private key pair of the target user to obtain a ciphertext of the random number. Afterwards, the server may return the ciphertext of the random number to the client.
对于客户端,在步骤802中,可接收服务端返回的随机数的密文;并在步骤803中,向TEE发起解密请求。具体地,可根据随机数的密文、数据密钥的密文及目标用户的公私钥对中私钥的密文,生成解密请求。该解密请求包括随机数的密文、数据密钥的密文及目标用户的公私钥对中私钥的密文。For the client, in step 802, the ciphertext of the random number returned by the server can be received; and in step 803, a decryption request can be initiated to the TEE. Specifically, a decryption request can be generated based on the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user. The decryption request includes the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair of the target user.
可选地,可通过ecall方法调用TEE,请求TEE对随机数的密文进行解密。或者,客户端可通过API调用TEE,请求TEE对随机数的密文进行解密等。Optionally, the TEE can be called through the ecall method to request the TEE to decrypt the ciphertext of the random number. Alternatively, the client can call the TEE through the API to request the TEE to decrypt the ciphertext of the random number.
相应地,对于运行TEE的服务节点,在步骤901中,可接收该解密请求;并在步骤902中,利用TEE调用KMS对数据密钥的密文进行解密,以得到目标用户的数据密钥。Correspondingly, for the service node running TEE, in step 901, the decryption request can be received; and in step 902, TEE is used to call KMS to decrypt the ciphertext of the data key to obtain the data key of the target user.
具体地,TEE可调用KMS,并向KMS发送数据密钥的密文及目标用户的标识。KMS可对数据密钥的密文进行解密,以得到目标用户的数据密钥。具体地,对于上述KMS以目标用户的用户主密钥(DMK)为密钥,对目标用户的数据密钥进行加密的实施例,KMS可根据目标用户的标识,获取目标用户的用户主密钥(DMK),并利用该DMK对目标用户的数据密钥的密文进行解密,以得到目标用户的数据密钥。对于上述KMS以基于目标用户的DMK派生出的另一数据密钥DK2,对目标用户的数据密钥DK1的密文进行解密,以得到目标用户的数据密钥DK1。Specifically, TEE can call KMS and send the ciphertext of the data key and the identifier of the target user to KMS. KMS can decrypt the ciphertext of the data key to obtain the data key of the target user. Specifically, for the above-mentioned embodiment in which KMS uses the user master key (DMK) of the target user as the key to encrypt the data key of the target user, KMS can obtain the user master key (DMK) of the target user according to the identifier of the target user, and use the DMK to decrypt the ciphertext of the data key of the target user to obtain the data key of the target user. For the above-mentioned KMS, another data key DK2 derived from the DMK of the target user is used to decrypt the ciphertext of the data key DK1 of the target user to obtain the data key DK1 of the target user.
进一步,KMS可将目标用户的数据密钥返回至TEE。对于运行TEE的服务节点,可接收该数据密钥,并在步骤903中,在TEE中利用目标被用户的数据密钥,对私钥的密文进行解密,以得到私钥的明文。进一步,在步骤904中,在TEE中利用私钥对随机数的密文进行解密,以得到随机数的明文。Furthermore, KMS can return the data key of the target user to TEE. For the service node running TEE, the data key can be received, and in step 903, the ciphertext of the private key is decrypted in TEE using the data key of the target user to obtain the plaintext of the private key. Further, in step 904, the ciphertext of the random number is decrypted in TEE using the private key to obtain the plaintext of the random number.
进一步,在步骤905中,利用TEE将随时数的明文返回至客户端。相应地,在步骤804中,客户端可接收TEE返回的随机数的明文;并在步骤805中,基于随机数的明文访问服务端20。Further, in step 905, the plain text of the random number is returned to the client using TEE. Accordingly, in step 804, the client can receive the plain text of the random number returned by TEE; and in step 805, the server 20 is accessed based on the plain text of the random number.
具体地,可将随机数的明文发送至服务端。服务端可根据接收到客户端提供的随机数,与自身生成的随机数,对客户端进行访问权限验证,并将权限验证结果返回至客户端。若服务端接收到的客户端提供的随机数与自身生成的随机数一致,说明客户端拥有公钥对应的私钥,即客户端具有访问权限,则确定客户端具有服务端的访问权限,允许客户端访问 服务端。客户端可访问服务端。相应地,若服务端接收到的客户端提供的随机数与自身生成的随机数不一致,说明客户端无公钥对应的私钥,即客户端无服务端的访问权限,则确定客户端无服务端的访问权限,则阻止客户端访问服务端。当然,还可向客户端返回无访问权限提示信息等。Specifically, the plain text of the random number can be sent to the server. The server can verify the access rights of the client based on the random number provided by the client and the random number generated by itself, and return the result of the access rights verification to the client. If the random number provided by the client received by the server is consistent with the random number generated by itself, it means that the client has the private key corresponding to the public key, that is, the client has access rights, then it is determined that the client has access rights of the server, and the client is allowed to access. Server. The client can access the server. Accordingly, if the random number provided by the client received by the server is inconsistent with the random number generated by itself, it means that the client does not have the private key corresponding to the public key, that is, the client does not have the access rights of the server, then it is determined that the client does not have the access rights of the server, and the client is blocked from accessing the server. Of course, a prompt message of no access rights can also be returned to the client.
在本实施例中,对于客户端基于公私钥对机制访问服务端的访问权限验证过程中,安全协议的公私钥对中的私钥保持在机密计算的可信执行环境(TEE)中,外部不可信的环境无法访问私钥。即时用户的客户端如虚拟机被入侵,也可保证私钥不会丢失,可降低私钥泄露风险。另一方面,私钥在以密文形式存储和传输,可降低私钥的明文暴露的风险。In this embodiment, during the access rights verification process of the client accessing the server based on the public-private key pair mechanism, the private key in the public-private key pair of the security protocol is kept in the trusted execution environment (TEE) of confidential computing, and the private key cannot be accessed by an external untrusted environment. Even if the user's client, such as a virtual machine, is hacked, it can ensure that the private key will not be lost, which can reduce the risk of private key leakage. On the other hand, the private key is stored and transmitted in ciphertext, which can reduce the risk of plaintext exposure of the private key.
另外,上述客户端与服务端的交互流程可兼容原有安全协议流程(如SSH协议流程),不需要对安全协议(如SSH)的服务端进行任何改动,在安全协议(如SSH)的客户端可增加对TEE的调用接口,如API等,即可实现对TEE的调用,从而实现客户端与服务端之间的交互流程。这种轻量的改动,能够保持较好的兼容性,提高本实施例提供方案的普适性和通用性。In addition, the above-mentioned interaction process between the client and the server is compatible with the original security protocol process (such as the SSH protocol process), and no changes are required to the server of the security protocol (such as SSH). The client of the security protocol (such as SSH) can add a calling interface for TEE, such as API, to implement the call to TEE, thereby realizing the interaction process between the client and the server. This lightweight change can maintain good compatibility and improve the universality and versatility of the solution provided by this embodiment.
需要说明的是,上述实施例所提供方法的各步骤的执行主体均可以是同一设备,或者,该方法也由不同设备作为执行主体。比如,步骤701和702的执行主体可以为设备A;又比如,步骤701的执行主体可以为设备A,步骤702的执行主体可以为设备B;等等。It should be noted that the execution subject of each step of the method provided in the above embodiment can be the same device, or the method can be executed by different devices. For example, the execution subject of steps 701 and 702 can be device A; for another example, the execution subject of step 701 can be device A, and the execution subject of step 702 can be device B; and so on.
另外,在上述实施例及附图中的描述的一些流程中,包含了按照特定顺序出现的多个操作,但是应该清楚了解,这些操作可以不按照其在本文中出现的顺序来执行或并行执行,操作的序号如701、702等,仅仅是用于区分开各个不同的操作,序号本身不代表任何的执行顺序。另外,这些流程可以包括更多或更少的操作,并且这些操作可以按顺序执行或并行执行。In addition, in some of the processes described in the above embodiments and the accompanying drawings, multiple operations appearing in a specific order are included, but it should be clearly understood that these operations may not be executed in the order in which they appear in this document or may be executed in parallel, and the sequence numbers of the operations, such as 701, 702, etc., are only used to distinguish between different operations, and the sequence numbers themselves do not represent any execution order. In addition, these processes may include more or fewer operations, and these operations may be executed in sequence or in parallel.
相应地,本申请实施例还提供一种存储有计算机指令的计算机可读存储介质,当计算机指令被一个或多个处理器执行时,致使一个或多个处理器执行上述私钥保护方法和/或各服务端访问方法中的步骤。Accordingly, an embodiment of the present application also provides a computer-readable storage medium storing computer instructions. When the computer instructions are executed by one or more processors, the one or more processors are caused to execute the steps in the above-mentioned private key protection method and/or each server access method.
图10为本申请实施例提供的计算设备的结构示意图。如图10所示,该计算设备可包括:存储器100a和处理器100b。其中,存储器100a,用于存储计算机程序。Fig. 10 is a schematic diagram of the structure of a computing device provided in an embodiment of the present application. As shown in Fig. 10, the computing device may include: a memory 100a and a processor 100b. The memory 100a is used to store computer programs.
在一些实施例中,计算设备运行有TEE,可实现为运行TEE的服务节点。相应地,处理器100b耦合至存储器100a,用于执行计算机程序以用于:利用可信执行环境(TEE),获取目标用户的待保护的公私钥对;利用TEE从密钥管理服务KMS中,获取目标用户的数据密钥及数据密钥的密文;在TEE中,利用数据密钥对公私钥对中的私钥进行加密处理,以得到私钥的密文;以及,利用TEE将私钥的密文、公私钥对中的公钥及数据密钥的密文,返回给用户的客户端,以供客户端存储私钥的密文、公私钥对中的公钥及数据密钥的密文。In some embodiments, the computing device runs a TEE, which can be implemented as a service node running the TEE. Accordingly, the processor 100b is coupled to the memory 100a, and is used to execute a computer program for: using the trusted execution environment (TEE) to obtain the public-private key pair to be protected of the target user; using the TEE to obtain the data key and the ciphertext of the data key from the key management service KMS of the target user; in the TEE, using the data key to encrypt the private key in the public-private key pair to obtain the ciphertext of the private key; and using the TEE to return the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key to the user's client, so that the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
可选地,处理器100b在利用TEE从密钥管理服务KMS中,获取用户的数据密钥及数据密钥的密文时,具体用于:利用TEE调用KMS,以供KMS基于目标用户的 主密钥生成用户的数据密钥,并对数据密钥进行加密处理得到数据密钥的密文;利用TEE接收KMS返回的数据密钥及数据密钥的密文。Optionally, when the processor 100b uses TEE to obtain the user's data key and the ciphertext of the data key from the key management service KMS, it is specifically used to: use TEE to call KMS so that KMS can The master key generates the user's data key and encrypts the data key to obtain the ciphertext of the data key; TEE is used to receive the data key and the ciphertext of the data key returned by KMS.
可选地,处理器100b在利用可信执行环境TEE获取待保护的公私钥对时,具体用于:利用TEE,获取客户端提供的密钥申请请求;利用TEE响应于密钥申请请求为目标用户生成公私钥对,作为待保护的公私钥对;或者,利用TEE接收客户端提供的公私钥对,作为待保护的公私钥对。Optionally, when the processor 100b uses the trusted execution environment TEE to obtain the public-private key pair to be protected, it is specifically used to: use TEE to obtain a key application request provided by the client; use TEE to generate a public-private key pair for the target user in response to the key application request as the public-private key pair to be protected; or, use TEE to receive the public-private key pair provided by the client as the public-private key pair to be protected.
在一些实施例中,处理器100b还用于:利用TEE获取客户端发起的解密请求;解密请求包括随机数的密文、数据密钥的密文及私钥的密文;随机数的密文为服务端响应客户端的访问请求,利用公私钥对中的公钥对随机数加密得到的;利用TEE调用KMS对数据密钥的密文进行解密,以得到数据密钥;在TEE中利用数据密钥对私钥的密文进行解密,以得到私钥;在TEE中利用私钥对随机数的密文进行解密,以得到随机数的明文;将随机数的明文返回至客户端,以供客户端基于随机数的明文请求服务端对客户端进行访问权限校验。In some embodiments, the processor 100b is also used to: use TEE to obtain a decryption request initiated by the client; the decryption request includes a ciphertext of a random number, a ciphertext of a data key, and a ciphertext of a private key; the ciphertext of the random number is obtained by the server responding to the client's access request, by encrypting the random number using the public key in the public-private key pair; use TEE to call KMS to decrypt the ciphertext of the data key to obtain the data key; use the data key in TEE to decrypt the ciphertext of the private key to obtain the private key; use the private key in TEE to decrypt the ciphertext of the random number to obtain the plaintext of the random number; return the plaintext of the random number to the client, so that the client can request the server to verify the access rights of the client based on the plaintext of the random number.
在本申请一些实施例中,计算设备还可实现为安全协议的客户端。相应地,处理器100b用于:调用可信执行环境(TEE)对目标用户的公私钥对中的私钥进行加密处理,以供TEE调用KMS获取目标用户的数据密钥及数据密钥的密文,并利用数据密钥对私钥进行加密处理得到私钥的密文;接收TEE返回的私钥的密文、公私钥对中的公钥及数据密钥的密文;存储私钥的密文、公私钥对中的公钥及数据密钥的密文。In some embodiments of the present application, the computing device can also be implemented as a client of the security protocol. Accordingly, the processor 100b is used to: call the trusted execution environment (TEE) to encrypt the private key in the public-private key pair of the target user, so that the TEE can call the KMS to obtain the data key and the ciphertext of the data key of the target user, and use the data key to encrypt the private key to obtain the ciphertext of the private key; receive the ciphertext of the private key returned by the TEE, the public key in the public-private key pair, and the ciphertext of the data key; store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
在一些实施例中,处理器100b还用于:通过通信组件100c向服务端发起访问请求,以供服务端响应于访问请求,利用公钥对随机数进行加密,以得到随机数的密文;通过通信组件100c接收服务端返回的随机数的密文;以及,向TEE发起解密请求,该解密请求包含随机数的密文、数据密钥的密文及私钥的密文,以供TEE调用KMS对数据密钥的密文进行解密,以得到数据密钥,并利用数据密钥对私钥的密文进行解密,以得到私钥;以及利用私钥对随机数的密文进行解密,以得到随机数的明文;并接收TEE返回的随机数的明文;之后,基于随机数的明文,访问服务端。In some embodiments, the processor 100b is also used to: initiate an access request to the server through the communication component 100c, so that the server responds to the access request and uses the public key to encrypt the random number to obtain the ciphertext of the random number; receive the ciphertext of the random number returned by the server through the communication component 100c; and, initiate a decryption request to the TEE, the decryption request includes the ciphertext of the random number, the ciphertext of the data key and the ciphertext of the private key, so that the TEE calls the KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number; and receive the plaintext of the random number returned by the TEE; thereafter, based on the plaintext of the random number, access the server.
在一些可选实施方式中,如图10所示,该计算设备还可以包括:电源组件100d等可选组件。在一些实施例中,计算设备可实现为电脑等终端设备。相应地,计算设备还可包括:显示组件100e及音频组件100f等组件。图10中仅示意性给出部分组件,并不意味着计算设备必须包含图10所示全部组件,也不意味着计算设备只能包括图10所示组件。In some optional implementations, as shown in FIG10 , the computing device may further include optional components such as a power supply component 100d. In some embodiments, the computing device may be implemented as a terminal device such as a computer. Accordingly, the computing device may further include components such as a display component 100e and an audio component 100f. FIG10 only schematically shows some components, which does not mean that the computing device must include all the components shown in FIG10 , nor does it mean that the computing device can only include the components shown in FIG10 .
本实施例提供的计算设备,引入TEE和KMS对安全协议中的私钥进行保护。具体地,由TEE调用KMS获取客户端的用户的数据密钥和数据密钥的密文,并在TEE中利用数据密钥对私钥进行加密,得到私钥的密文;之后,将私钥的密文和数据密钥的密文存储至客户端,实现了私钥的加密存储,可降低私钥泄露的风险。另一方面,由TEE对私钥进行加密,使得私钥的明文保持机密计算的TEE中,外部不可信的环境无法访问私钥,可进一步提高私钥的安全性。 The computing device provided in this embodiment introduces TEE and KMS to protect the private key in the security protocol. Specifically, TEE calls KMS to obtain the data key and ciphertext of the data key of the client user, and encrypts the private key in TEE using the data key to obtain the ciphertext of the private key; then, the ciphertext of the private key and the ciphertext of the data key are stored in the client, thereby realizing the encrypted storage of the private key and reducing the risk of private key leakage. On the other hand, TEE encrypts the private key so that the plaintext of the private key remains in the confidential computing TEE, and the private key cannot be accessed by an external untrusted environment, which can further improve the security of the private key.
在本申请实施例中,存储器用于存储计算机程序,并可被配置为存储其它各种数据以支持在其所在设备上的操作。其中,处理器可执行存储器中存储的计算机程序,以实现相应控制逻辑。存储器可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(Static Random-Access Memory,SRAM),电可擦除可编程只读存储器(Electrically Erasable Programmable Read Only Memory,EEPROM),可擦除可编程只读存储器(Electrical Programmable Read Only Memory,EPROM),可编程只读存储器(Programmable Read Only Memory,PROM),只读存储器(Read Only Memory,ROM),磁存储器,快闪存储器,磁盘或光盘。In an embodiment of the present application, the memory is used to store a computer program and can be configured to store various other data to support operations on the device where it is located. Among them, the processor can execute the computer program stored in the memory to implement the corresponding control logic. The memory can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, disk or optical disk.
在本申请实施例中,处理器可以为任意可执行上述方法逻辑的硬件处理设备。可选地,处理器可以为中央处理器(Central Processing Unit,CPU)、图形处理器(Graphics Processing Unit,GPU)或微控制单元(Microcontroller Unit,MCU);也可以为现场可编程门阵列(Field-Programmable Gate Array,FPGA)、可编程阵列逻辑器件(Programmable Array Logic,PAL)、通用阵列逻辑器件(General Array Logic,GAL)、复杂可编程逻辑器件(Complex Programmable Logic Device,CPLD)等可编程器件;或者为专用集成电路(Application Specific Integrated Circuit,ASIC)芯片;或者为先进精简指令集(Reduced Instruction Set Compute,RISC)处理器(Advanced RISC Machines,ARM)或系统芯片(System on Chip,SoC)等等,但不限于此。In the embodiment of the present application, the processor can be any hardware processing device that can execute the logic of the above method. Optionally, the processor can be a central processing unit (CPU), a graphics processing unit (GPU) or a microcontroller unit (MCU); it can also be a field programmable gate array (FPGA), a programmable array logic device (PAL), a general array logic device (GAL), a complex programmable logic device (CPLD) and other programmable devices; or an application specific integrated circuit (ASIC) chip; or an advanced reduced instruction set (RISC) processor (Advanced RISC Machines, ARM) or a system on chip (SoC), etc., but not limited to this.
在本申请实施例中,通信组件被配置为便于其所在设备和其他设备之间有线或无线方式的通信。通信组件所在设备可以接入基于通信标准的无线网络,如无线保真(Wireless Fidelity,WiFi),2G或3G,4G,5G或它们的组合。在一个示例性实施例中,通信组件经由广播信道接收来自外部广播管理系统的广播信号或广播相关信息。在一个示例性实施例中,通信组件还可基于近场通信(Near Field Communication,NFC)技术、射频识别(Radio Frequency Identification,RFID)技术、红外数据协会(Infrared Data Association,IrDA)技术、超宽带(Ultra Wide Band,UWB)技术、蓝牙(Bluetooth,BT)技术或其他技术来实现。In an embodiment of the present application, the communication component is configured to facilitate wired or wireless communication between the device in which it is located and other devices. The device in which the communication component is located can access a wireless network based on a communication standard, such as Wireless Fidelity (WiFi), 2G or 3G, 4G, 5G or a combination thereof. In an exemplary embodiment, the communication component receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component can also be based on Near Field Communication (NFC) technology, Radio Frequency Identification (RFID) technology, Infrared Data Association (IrDA) technology, Ultra Wide Band (UWB) technology, Bluetooth (BT) technology or other technologies.
在本申请实施例中,显示组件可以包括液晶显示器(Liquid Crystal Display,LCD)和触摸面板(Touch Panel,TP)。如果显示组件包括触摸面板,显示组件可以被实现为触摸屏,以接收来自用户的输入信号。触摸面板包括一个或多个触摸传感器以感测触摸、滑动和触摸面板上的手势。触摸传感器可以不仅感测触摸或滑动动作的边界,而且还检测与触摸或滑动操作相关的持续时间和压力。In an embodiment of the present application, the display component may include a liquid crystal display (LCD) and a touch panel (TP). If the display component includes a touch panel, the display component may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, slides, and gestures on the touch panel. The touch sensor may not only sense the boundaries of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
在本申请实施例中,电源组件被配置为其所在设备的各种组件提供电力。电源组件可以包括电源管理系统,一个或多个电源,及其他与为电源组件所在设备生成、管理和分配电力相关联的组件。In an embodiment of the present application, a power supply component is configured to provide power to various components of the device in which it is located. The power supply component may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power to the device in which the power supply component is located.
在本申请实施例中,音频组件可被配置为输出和/或输入音频信号。例如,音频组件包括一个麦克风(Microphone,MIC),当音频组件所在设备处于操作模式,如呼叫模式、 记录模式和语音识别模式时,麦克风被配置为接收外部音频信号。所接收的音频信号可以被进一步存储在存储器或经由通信组件发送。在一些实施例中,音频组件还包括一个扬声器,用于输出音频信号。例如,对于具有语言交互功能的设备,可通过音频组件实现与用户的语音交互等。In the embodiment of the present application, the audio component can be configured to output and/or input audio signals. For example, the audio component includes a microphone (MIC). When the device where the audio component is located is in an operating mode, such as a call mode, In recording mode and speech recognition mode, the microphone is configured to receive an external audio signal. The received audio signal can be further stored in a memory or sent via a communication component. In some embodiments, the audio component also includes a speaker for outputting an audio signal. For example, for a device with a language interaction function, voice interaction with a user can be achieved through the audio component.
需要说明的是,本申请所涉及的用户信息(包括但不限于用户设备信息、用户个人信息等)和数据(包括但不限于用于分析的数据、存储的数据、展示的数据等),均为经用户授权或者经过各方充分授权的信息和数据,并且相关数据的收集、使用和处理需要遵守相关国家和地区的相关法律法规和标准,并提供有相应的操作入口,供用户选择授权或者拒绝。It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, stored data, displayed data, etc.) involved in this application are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data must comply with the relevant laws, regulations and standards of the relevant countries and regions, and provide corresponding operation entrances for users to choose to authorize or refuse.
还需要说明的是,本文中的“第一”、“第二”等描述,是用于区分不同的消息、设备、模块等,不代表先后顺序,也不限定“第一”和“第二”是不同的类型。It should also be noted that the descriptions such as "first" and "second" in this article are used to distinguish different messages, devices, modules, etc., and do not represent the order of precedence, nor do they limit "first" and "second" to different types.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、只读光盘(Compact Disc Read-Only Memory,CD-ROM)、光学存储器等)上实施的计算机程序产品的形式。It should be understood by those skilled in the art that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present application may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, compact disc read-only memory (CD-ROM), optical storage, etc.) containing computer-usable program code.
本申请是参照根据本申请实施例的方法、设备(或系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to the flowchart and/or block diagram of the method, device (or system) and computer program product according to the embodiment of the present application. It should be understood that each process and/or box in the flowchart and/or block diagram, and the combination of the process and/or box in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for realizing the function specified in one process or multiple processes in the flowchart and/or one box or multiple boxes in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(如CPU等)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (such as a CPU, etc.), an input/output interface, a network interface, and a memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(Random-Access Memory,RAM)和/或非易失性内存等形式,如只读存储器(Read Only  Memory,ROM)或闪存(Flash RAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in computer-readable media, random-access memory (RAM) and/or non-volatile memory such as read-only memory (ROM). Memory, ROM) or Flash RAM. Memory is an example of a computer-readable medium.
计算机的存储介质为可读存储介质,也可称为可读介质。可读存储介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(Phase-Change Memory,PRAM)、静态随机存取存储器(Static Random-Access Memory,SRAM)、动态随机存取存储器(Dynamic Random Access Memory,DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(Electrically Erasable Programmable Read Only Memory,EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(Digital Video Disc,DVD)或其他光学存储、磁盒式磁带,磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(Transitory Media),如调制的数据信号和载波。The storage medium of a computer is a readable storage medium, which may also be referred to as a readable medium. The readable storage medium includes permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information. The information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, Phase-Change Memory (PRAM), Static Random-Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read-Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash memory or other memory technology, Compact Disc Read-Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, magnetic cassettes, disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined in this article, computer-readable media does not include temporary computer-readable media (transitory media), such as modulated data signals and carriers.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括上述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, commodity or device. In the absence of further restrictions, the elements defined by the sentence "comprises a ..." do not exclude the existence of other identical elements in the process, method, commodity or device including the above elements.
以上内容仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。 The above contents are only embodiments of the present application and are not intended to limit the present application. For those skilled in the art, the present application may have various changes and variations. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included within the scope of the claims of the present application.

Claims (11)

  1. 一种私钥保护方法,其特征在于,包括:A private key protection method, characterized by comprising:
    利用可信执行环境TEE,获取目标用户的待保护的公私钥对;Use the trusted execution environment TEE to obtain the target user's public and private key pairs to be protected;
    利用所述TEE从密钥管理服务KMS中,获取所述目标用户的数据密钥及所述数据密钥的密文;Using the TEE to obtain the data key of the target user and the ciphertext of the data key from the key management service KMS;
    在所述TEE中,利用所述数据密钥对所述公私钥对中的私钥进行加密处理,以得到所述私钥的密文;In the TEE, the private key in the public-private key pair is encrypted using the data key to obtain a ciphertext of the private key;
    利用所述TEE将所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文,返回给所述用户的客户端,以供所述客户端存储所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文。The TEE is used to return the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key to the user's client, so that the client can store the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key.
  2. 根据权利要求1所述的方法,其特征在于,所述利用所述TEE从密钥管理服务KMS中,获取用户的数据密钥及所述数据密钥的密文,包括:The method according to claim 1, characterized in that the using the TEE to obtain the user's data key and the ciphertext of the data key from the key management service KMS includes:
    利用所述TEE调用所述KMS,以供所述KMS基于所述目标用户的主密钥生成所述用户的数据密钥,并对所述数据密钥进行加密处理得到所述数据密钥的密文;Using the TEE to call the KMS, the KMS generates a data key of the user based on the master key of the target user, and encrypts the data key to obtain a ciphertext of the data key;
    利用所述TEE接收所述KMS返回的所述数据密钥及所述数据密钥的密文。The TEE is used to receive the data key and the ciphertext of the data key returned by the KMS.
  3. 根据权利要求1所述的方法,其特征在于,所述利用可信执行环境TEE获取待保护的公私钥对,包括:The method according to claim 1, characterized in that the step of obtaining the public and private key pair to be protected by using the trusted execution environment TEE comprises:
    利用所述TEE,获取所述客户端提供的密钥申请请求;利用所述TEE响应于所述密钥申请请求为所述目标用户生成公私钥对,作为所述待保护的公私钥对;Using the TEE, obtaining a key application request provided by the client; using the TEE to generate a public-private key pair for the target user in response to the key application request as the public-private key pair to be protected;
    或者,or,
    利用所述TEE接收所述客户端提供的公私钥对,作为所述待保护的公私钥对。The TEE is used to receive the public-private key pair provided by the client as the public-private key pair to be protected.
  4. 根据权利要求1所述的方法,其特征在于,还包括:The method according to claim 1, further comprising:
    利用所述TEE获取所述客户端发起的解密请求;所述解密请求包括随机数的密文、所述数据密钥的密文及所述私钥的密文;所述随机数的密文为服务端响应所述客户端的访问请求,利用所述公私钥对中的公钥对随机数加密得到的;The TEE is used to obtain a decryption request initiated by the client; the decryption request includes a ciphertext of a random number, a ciphertext of the data key, and a ciphertext of the private key; the ciphertext of the random number is obtained by the server responding to the client's access request by encrypting the random number using the public key in the public-private key pair;
    利用所述TEE调用所述KMS对所述数据密钥的密文进行解密,以得到所述数据密钥;Using the TEE to call the KMS to decrypt the ciphertext of the data key to obtain the data key;
    在所述TEE中利用所述数据密钥对所述私钥的密文进行解密,以得到所述私钥;Decrypting the ciphertext of the private key using the data key in the TEE to obtain the private key;
    在所述TEE中利用所述私钥对所述随机数的密文进行解密,以得到所述随机数的明文;Decrypting the ciphertext of the random number using the private key in the TEE to obtain the plaintext of the random number;
    将所述随机数的明文返回至所述客户端,以供所述客户端基于所述随机数的明文请求所述服务端对所述客户端进行访问权限校验。The plain text of the random number is returned to the client, so that the client can request the server to perform access rights verification on the client based on the plain text of the random number.
  5. 一种服务端访问方法,其特征在于,包括:A server access method, characterized by comprising:
    利用可信执行环境TEE获取客户端发起的解密请求;所述解密请求包括随机数的密文、数据密钥的密文及公私钥对中私钥的密文;所述随机数的密文为服务端响应所 述客户端的访问请求,利用所述公私钥对中的公钥对随机数加密得到的;所述客户端存储有所述数据密钥的密文及所述私钥的密文;The trusted execution environment TEE is used to obtain the decryption request initiated by the client; the decryption request includes the ciphertext of the random number, the ciphertext of the data key, and the ciphertext of the private key in the public-private key pair; the ciphertext of the random number is the ciphertext of the server response. The access request of the client is obtained by encrypting a random number using the public key in the public-private key pair; the client stores the ciphertext of the data key and the ciphertext of the private key;
    利用所述TEE调用KMS对所述数据密钥的密文进行解密,以得到所述数据密钥;Using the TEE to call KMS to decrypt the ciphertext of the data key to obtain the data key;
    在所述TEE中利用所述数据密钥对所述私钥的密文进行解密,以得到所述私钥;Decrypting the ciphertext of the private key using the data key in the TEE to obtain the private key;
    在所述TEE中利用所述私钥对所述随机数的密文进行解密,以得到所述随机数的明文;Decrypting the ciphertext of the random number using the private key in the TEE to obtain the plaintext of the random number;
    将所述随机数的明文返回至所述客户端,以供所述客户端基于所述随机数的明文访问所述服务端。The plain text of the random number is returned to the client, so that the client can access the server based on the plain text of the random number.
  6. 一种私钥保护方法,其特征在于,包括:A private key protection method, characterized by comprising:
    调用可信执行环境TEE对目标用户的公私钥对中的私钥进行加密处理,以供所述TEE调用KMS获取所述目标用户的数据密钥及所述数据密钥的密文,并利用所述数据密钥对所述私钥进行加密处理得到所述私钥的密文;Call the trusted execution environment TEE to encrypt the private key in the public-private key pair of the target user, so that the TEE can call the KMS to obtain the data key of the target user and the ciphertext of the data key, and use the data key to encrypt the private key to obtain the ciphertext of the private key;
    接收所述TEE返回的所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文;Receive the ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key returned by the TEE;
    存储所述私钥的密文、所述公私钥对中的公钥及所述数据密钥的密文。The ciphertext of the private key, the public key in the public-private key pair, and the ciphertext of the data key are stored.
  7. 根据权利要求6所述的方法,其特征在于,包括:The method according to claim 6, characterized in that it comprises:
    向服务端发起访问请求,以供所述服务端响应于访问请求,利用所述公钥对随机数进行加密,以得到所述随机数的密文;Initiate an access request to the server, so that the server responds to the access request and encrypts the random number using the public key to obtain a ciphertext of the random number;
    接收所述服务端返回的所述随机数的密文;Receiving the ciphertext of the random number returned by the server;
    向所述TEE发起解密请求,该解密请求包含随机数的密文、所述数据密钥的密文及所述私钥的密文,以供所述TEE调用所述KMS对所述数据密钥的密文进行解密,以得到所述数据密钥,并利用所述数据密钥对所述私钥的密文进行解密,以得到所述私钥;以及利用所述私钥对所述随机数的密文进行解密,以得到所述随机数的明文;Initiate a decryption request to the TEE, the decryption request including the ciphertext of the random number, the ciphertext of the data key and the ciphertext of the private key, so that the TEE calls the KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number;
    接收所述TEE返回的所述随机数的明文;Receive the plaintext of the random number returned by the TEE;
    基于所述随机数的明文,访问所述服务端。Based on the plain text of the random number, access the server.
  8. 一种服务端访问方法,其特征在于,包括:A server access method, characterized by comprising:
    向服务端发起访问请求,以供所述服务端响应于访问请求,利用客户端对应的目标用户的公私钥对中的公钥对随机数进行加密得到所述随机数的密文;所述客户端存储有所述公私钥对中的私钥的密文及所述目标用户的数据密钥的密文;Initiate an access request to the server, so that the server responds to the access request and uses the public key of the public-private key pair of the target user corresponding to the client to encrypt the random number to obtain the ciphertext of the random number; the client stores the ciphertext of the private key in the public-private key pair and the ciphertext of the data key of the target user;
    接收所述服务端返回的所述随机数的密文;Receiving the ciphertext of the random number returned by the server;
    向可信执行环境TEE发起解密请求,所述解密请求包含随机数的密文、所述数据密钥的密文及所述私钥的密文,以供所述TEE调用KMS对所述数据密钥的密文进行解密得到所述数据密钥,并利用所述数据密钥对所述私钥的密文进行解密得到所述私钥;以及利用所述私钥对所述随机数的密文进行解密得到所述随机数的明文;Initiate a decryption request to the trusted execution environment TEE, the decryption request includes the ciphertext of the random number, the ciphertext of the data key and the ciphertext of the private key, so that the TEE calls the KMS to decrypt the ciphertext of the data key to obtain the data key, and use the data key to decrypt the ciphertext of the private key to obtain the private key; and use the private key to decrypt the ciphertext of the random number to obtain the plaintext of the random number;
    接收所述TEE返回的所述随机数的明文; Receive the plaintext of the random number returned by the TEE;
    基于所述随机数的明文,访问所述服务端。Based on the plain text of the random number, access the server.
  9. 一种通信系统,其特征在于,包括:客户端、第一服务节点和第二服务节点;所述第一服务节点运行有可信执行环境TEE;所述第二服务节点用于提供密钥管理服务;A communication system, characterized in that it comprises: a client, a first service node, and a second service node; the first service node runs a trusted execution environment TEE; the second service node is used to provide a key management service;
    所述第一服务节点用于执行权利要求1-5任一项所述方法中的步骤;The first service node is used to perform the steps in the method according to any one of claims 1 to 5;
    所述客户端用于执行权利要求6-8任一项所述方法中的步骤。The client is used to execute the steps in the method according to any one of claims 6 to 8.
  10. 一种计算设备,其特征在于,包括:存储器和处理器;其中,所述存储器,用于存储计算机程序;A computing device, comprising: a memory and a processor; wherein the memory is used to store a computer program;
    所述处理器耦合至所述存储器,用于执行所述计算机程序以用于执行权利要求9中所述第一服务节点和/或所述客户端执行的方法中的步骤。The processor is coupled to the memory, and is configured to execute the computer program for performing the steps of the method performed by the first service node and/or the client in claim 9.
  11. 一种存储有计算机指令的计算机可读存储介质,其特征在于,当所述计算机指令被一个或多个处理器执行时,致使所述一个或多个处理器执行权利要求9中所述第一服务节点和/或所述客户端执行的方法中的步骤。 A computer-readable storage medium storing computer instructions, characterized in that when the computer instructions are executed by one or more processors, the one or more processors are caused to execute the steps in the method executed by the first service node and/or the client in claim 9.
PCT/CN2024/081369 2023-03-29 2024-03-13 Private key protection method, server access method, system, device, and storage medium WO2024198933A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310333675.7 2023-03-29
CN202310333675.7A CN116346341A (en) 2023-03-29 2023-03-29 Private key protection and server access method, system, equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2024198933A1 true WO2024198933A1 (en) 2024-10-03

Family

ID=86875930

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2024/081369 WO2024198933A1 (en) 2023-03-29 2024-03-13 Private key protection method, server access method, system, device, and storage medium

Country Status (2)

Country Link
CN (1) CN116346341A (en)
WO (1) WO2024198933A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116346341A (en) * 2023-03-29 2023-06-27 阿里云计算有限公司 Private key protection and server access method, system, equipment and storage medium
CN117879819B (en) * 2024-03-13 2024-06-04 鹏城实验室 Key management method, device, storage medium, equipment and computing power service system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110011801A (en) * 2018-11-16 2019-07-12 阿里巴巴集团控股有限公司 Remote certification method and device, the electronic equipment of trusted application
US20220131687A1 (en) * 2019-01-21 2022-04-28 Samsung Electronics Co., Ltd. Device and method for updating immobilizer token in digital key sharing system
CN114584287A (en) * 2020-11-18 2022-06-03 华为技术有限公司 Method and device for key management
CN114629639A (en) * 2022-03-10 2022-06-14 阿里云计算有限公司 Key management method and device based on trusted execution environment and electronic equipment
CN116346341A (en) * 2023-03-29 2023-06-27 阿里云计算有限公司 Private key protection and server access method, system, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110011801A (en) * 2018-11-16 2019-07-12 阿里巴巴集团控股有限公司 Remote certification method and device, the electronic equipment of trusted application
US20220131687A1 (en) * 2019-01-21 2022-04-28 Samsung Electronics Co., Ltd. Device and method for updating immobilizer token in digital key sharing system
CN114584287A (en) * 2020-11-18 2022-06-03 华为技术有限公司 Method and device for key management
CN114629639A (en) * 2022-03-10 2022-06-14 阿里云计算有限公司 Key management method and device based on trusted execution environment and electronic equipment
CN116346341A (en) * 2023-03-29 2023-06-27 阿里云计算有限公司 Private key protection and server access method, system, equipment and storage medium

Also Published As

Publication number Publication date
CN116346341A (en) 2023-06-27

Similar Documents

Publication Publication Date Title
CN111181720B (en) Service processing method and device based on trusted execution environment
CN109361668B (en) Trusted data transmission method
CN107743133B (en) Mobile terminal and access control method and system based on trusted security environment
KR102443857B1 (en) Addressing technique of trusted execution environment using encryption key
US10462114B2 (en) System and associated software for providing advanced data protections in a defense-in-depth system by integrating multi-factor authentication with cryptographic offloading
US9602549B2 (en) Establishing trust between applications on a computer
KR102489790B1 (en) Addressing scheme of trusted execution environment using signing key
WO2019218919A1 (en) Private key management method and apparatus in blockchain scenario, and system
WO2015180691A1 (en) Key agreement method and device for verification information
WO2024198933A1 (en) Private key protection method, server access method, system, device, and storage medium
US20110197059A1 (en) Securing out-of-band messages
CN109510802B (en) Authentication method, device and system
US9524394B2 (en) Method and apparatus for providing provably secure user input/output
US11783091B2 (en) Executing entity-specific cryptographic code in a cryptographic coprocessor
US11483136B2 (en) Wrapped keys with access control predicates
WO2024158886A1 (en) Non-custodial techniques for data encryption and decryption
US20220217000A1 (en) Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization
US20210111901A1 (en) Executing entity-specific cryptographic code in a trusted execution environment
US20240267215A1 (en) Equipment identity authentication method and apparatus, electronic device, and storage medium
CN112131597A (en) Method and device for generating encrypted information and intelligent equipment
CN115996126B (en) Information interaction method, application device, auxiliary platform and electronic device
JP7385025B2 (en) Execution of Entity-Specific Cryptographic Code in a Cryptographic Coprocessor
Culnane et al. Formalising Application-Driven Authentication & Access-Control based on Users’ Companion Devices
KR20220002616A (en) Encryption key orchestration between trusted containers in a multi-node cluster
JP2012169983A (en) Data processing apparatus and program