Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.


  1. Advanced Patent Search
Publication numberCN105408913 A
Publication typeApplication
Application numberCN 201380078406
PCT numberPCT/US2013/055915
Publication dateMar 16, 2016
Filing dateAug 21, 2013
Priority dateAug 21, 2013
Also published asEP3036680A1, EP3036680A4, US9521126, US20150058629, WO2015026336A1
Publication number201380078406.5, CN 105408913 A, CN 105408913A, CN 201380078406, CN-A-105408913, CN105408913 A, CN105408913A, CN201380078406, CN201380078406.5, PCT/2013/55915, PCT/US/13/055915, PCT/US/13/55915, PCT/US/2013/055915, PCT/US/2013/55915, PCT/US13/055915, PCT/US13/55915, PCT/US13055915, PCT/US1355915, PCT/US2013/055915, PCT/US2013/55915, PCT/US2013055915, PCT/US201355915
InventorsMD雅维斯, J波尔特, SK加吉, 李宏
Export CitationBiBTeX, EndNote, RefMan
External Links: SIPO, Espacenet
Processing data privately in the cloud
CN 105408913 A
While cloud services can offer processing from personal devices or synthesized data from multiple sources, many users prefer their data to remain private. According to some embodiments, private user data may be processed in the cloud without revealing the user identity to the cloud service provider. Only the user or an authorized agent of the user and the service's hardware platform have access to certain keys. The service application software and operating system only have access to encrypted data.
Claims(18)  translated from Chinese
1.一种方法,包括: 经由不受信云服务提供商在云中与受信方建立安全通道; 与所述受信方交换公钥而不将所述密钥暴露给所述提供商; 经由所述安全通道通过所述提供商发送经加密的数据以便由所述受信方与所述提供商分离地处理;以及经由所述安全通道通过所述提供商从所述受信方接收所述处理的经加密的结果。 1. A method comprising: via untrusted cloud service providers in the cloud and trusted entering into a secure channel; and the trusted parties exchange public keys instead of the keys exposed to the provider; via the a secure channel in order to deal separately by the provider transmitting encrypted data by the trusted party and the provider; and via the secure channel encrypted by the provider from the trusted party to receive the treatment the result of.
2.如权利要求1所述的方法,包括从所述受信方接收公钥。 2. The method of claim 1, comprising receiving the public key from the trusted party.
3.如权利要求2所述的方法,包括在将所述数据发送到所述受信方之前使用所述公钥加密所述数据。 3. The method according to claim, comprising sending to the data by using the public key to encrypt the data prior to the channel side.
4.如权利要求3所述的方法,包括将经加密的客户端公钥发送到所述方。 4. The method of claim 3, comprising the encrypted public key is sent to the client side.
5.如权利要求4所述的方法,包括接收用所述客户端公钥加密的结果。 5. The method according to claim 4, comprising receiving the client public key encryption results.
6.如权利要求1所述的方法,其中,所述受信方是第三方。 6. The method according to claim 1, wherein the party is a trusted third party.
7.如权利要求1所述的方法,其中,所述受信方是受信环境。 7. The method of claim 1, wherein the trusted party is a trusted environment.
8.如权利要求1所述的方法,包括将带有所述方的公钥的隐私数据用所述客户端的公钥和会话密钥加密并与用所述会话密钥加密的随机值一起提供给所述受信方。 8. The method of claim 1, comprising the public key and the session key encrypted with the public key of the party's private data with the client with the session key encrypted using the random value provided with to the trusted party.
9.至少一种机器可读介质,包括多个指令,响应于在计算设备上被执行,所述指令致使所述计算设备执行根据权利要求1至9中任一项所述的方法。 9. at least one machine-readable medium comprising a plurality of instructions in response to being executed on a computing device, the instructions cause the device to perform the method of any one of 1 to 9 according to claim calculation.
10.一种装置,被安排成用于执行如权利要求1至9中任一项所述的方法。 10. An apparatus for performing a method is claimed in claim 1 to 9, in any one of the arrangements.
11.如权利要求10所述的装置,包括用于通过企业服务器建立到所述受信方的安全通道的企业客户端设备。 11. The apparatus of claim 10, comprising means for establishing a secure channel to the side of the channel by the corporate client devices over the enterprise server.
12.—种方法,包括: 经由不受信云服务提供商与客户端建立安全通道; 与所述客户端交换密钥; 经由所述安全通道接收经加密的数据; 处理所述经加密的数据;以及经由所述安全通道通过所述不受信云服务提供商发送所述处理的经加密的结果。 12.- method comprising: via a letter from a cloud service provider and the client to establish a secure channel; a key exchange with the client; receiving encrypted data via the secure channel; processing the encrypted data; and results via the secure channel by sending the letter cloud service providers processing the encrypted not.
13.如权利要求12所述的方法,包括从所述客户端接收公钥。 13. The method as recited in claim 12, comprising receiving the public key from the client.
14.如权利要求13所述的方法,包括在将所述数据发送到所述客户端之前使用所述公钥加密所述数据。 14. The method as recited in claim 13, comprising, before sending the data to the client using the public key to encrypt the data.
15.如权利要求14所述的方法,包括将经加密的服务器公钥发送到所述客户端。 15. The method of claim 14, comprising transmitting to the client the server's public key encrypted.
16.如权利要求15所述的方法,包括发送用所述客户端公钥加密的结果。 16. A method as claimed in claim 15, comprising transmitting said client public key encryption results.
17.至少一种机器可读介质,包括多个指令,响应于在计算设备上被执行,所述指令致使所述计算设备执行根据权利要求12至16中任一项所述的方法。 17. at least one machine-readable medium comprising a plurality of instructions in response to being executed on a computing device, the instructions cause the computing device to perform the method of any one of claims 12 to 16 claim.
18.一种装置,被安排成用于执行如权利要求12至16中任一项所述的方法。 18. An apparatus for performing the method is arranged in any one of claims 12 to 16 as claim.
Description  translated from Chinese

在云中隐私地处理数据 Privacy in the cloud processing data

[0001] 背景 [0001] BACKGROUND

[0002] 本发明总体上涉及在云中处理数据。 [0002] processing data in the cloud, the present invention relates generally.

[0003] 云基本上是为客户端(诸如移动电话、膝上计算机、个人计算机以及实际上可通过有线或无线网络与服务器通信的任何基于处理器的设备)提供存储或处理服务的任何服务器。 [0003] cloud is basically for the client (mobile phone, a laptop computer, a personal computer, and indeed by any processor-based device such as a wired or wireless network communications with the server) store or provide any server processing service. 云计算是用于使得能够对可以用最小的管理努力或服务提供商交互快速供应并释放的可配置计算资源共享池(例如,网络、服务器、存储、应用以及服务)进行无处不在的、方便的、按需的网络访问的模型。 Cloud computing is for enabling the supply of quick release and with minimal management effort or service provider interaction configurable shared pool of computing resources (eg, networks, servers, storage, applications and services) were ubiquitous, convenient the model of the demand for network access.

[0004] 通常,从客户端到服务器提供各种任务。 [0004] In general, from the client to the server provides a variety of tasks. 结合苹果iPhone的常见任务是使用Siri语音识别服务。 Apple iPhone combined with common task is to use Siri voice recognition services. 用户可说出问题并且该信息可由服务器处理,然后该服务器提供答案。 Users can tell the problem and the information processed by the server, and the server provides the answer.

[0005] 某些人更喜欢云服务提供商不访问正在被处理的数据。 [0005] some people prefer the cloud service provider does not access the data being processed. 该数据可包括用户的语音、任何其他用户隐私数据以及用户正在提供的实际内容。 This data can include the user's voice, any other user data privacy and the actual content of the user being provided. 然而,用户在许多情况下具有很少的选择,因为电话提供商也是提供云服务的提供商。 However, in many cases, the user has little choice because telephone providers also offer a cloud service provider.

[0006] 附图简要说明 [0006] BRIEF DESCRIPTION

[0007] 参照以下附图描述一些实施例: [0007] reference to the following description of some embodiments of the drawings:

[0008] 图1是根据一个实施例的客户端服务器的架构图; [0008] FIG. 1 is based on the client server architecture of one embodiment of the FIG;

[0009] 图2是根据一个实施例的通信流; [0009] FIG. 2 is a communication flow according to one embodiment;

[0010]图3是在一个实施例中有用的分组格式的图; [0010] FIG. 3 is an embodiment useful format of an embodiment of a packet;

[0011] 图4是根据一个实施例的受信执行环境的图; [0011] Figure 4 is an embodiment of FIG trusted execution environment;

[0012] 图5是根据一个实施例的使用第三方受信服务提供商的架构的图; [0012] FIG. 5 is an embodiment in accordance with the use of third party trusted ISP architecture diagram;

[0013] 图6是来自企业内的受信服务提供商的架构图; [0013] FIG. 6 is a chart from a trusted service provider within the enterprise;

[0014] 图7是客户端处的一个实施例的流程图; [0014] FIG. 7 is a flowchart of an embodiment at the client;

[0015] 图8是服务器处的一个实施例的流程图;以及 [0015] FIG. 8 is a flowchart of an embodiment at the server; and

[0016] 图9是一个实施例的系统图。 [0016] FIG. 9 is a system diagram of an embodiment.

[0017] 详细描述 [0017] Detailed Description

[0018] 尽管云服务可提供来自个人设备的处理或来自多个源的合成数据,但是许多用户喜欢对他们的数据保持隐私。 [0018] Although cloud service can provide treatment or synthesized data from personal devices from multiple sources, but many users prefer to keep their data privacy. 根据某些实施例,隐私用户数据可在云中处理而不向云服务提供商暴露用户身份。 According to some embodiments, the privacy of user data can be processed without exposure to the cloud service provider user identities in the cloud. 仅用户或用户的授权代理和服务的硬件平台能访问某些密钥并因此访问未经加密的数据。 Only users or authorized agent and service hardware platform access to certain key and thus access to unencrypted data. 服务应用软件和操作系统仅能访问加密数据。 Service applications and operating systems can only access the encrypted data.

[0019] 根据一个实施例,云服务中的受信计算库使得服务能够隐私地处理用户数据。 [0019] According to one embodiment, the cloud service trusted computing base so that services can deal with the privacy of user data. 数据可仅以加密格式存储并传输。 Data can be transmitted and stored in encrypted form only. 明文数据的处理可仅在云服务中的受信硬件组件中发生。 Plaintext data processing can take place only in the cloud trusted hardware components. 云服务操作系统应用软件仅能访问经加密的数据。 Cloud services operating system, application software can only access the encrypted data.

[0020] 参照图1,客户端10可通过通信路径30与服务或服务器12通信。 [0020] Referring to FIG. 1, a client 10 may communicate via the communication path 12 and 30 or the server service. 通信路径30可以是任何有线或无线通信路径。 Communications path 30 may be any wired or wireless communication path. 客户端10可以是任何基于处理器的设备,包括平板计算机、蜂窝电话、膝上计算机或个人计算机。 Client 10 may be any processor-based devices, including tablet computers, cellular telephones, laptop computers or personal computer. 其还可以是电视接收器、打印机游戏设备或可穿戴设备。 It may also be a television receiver, a printer or a gaming device wearable device. 客户端10包括隐私上下文14,该隐私上下文可包括用户更喜欢保持机密的信息和应用。 Clients include 10 14 privacy context, the context may include privacy of users prefer to keep confidential information and applications. 其还可以包括多个客户端应用20,每个客户端应用具有其自身所分配的公钥16和私钥18。 It may also include a plurality of client applications 20, each client application has its own assigned 16 public and 18 private.

[0021] 在一个实施例中,通信路径30可例如结合超文本传输协议安全(HTTPS)协议实现传输层安全(TLS)连接。 [0021] In one embodiment, the communication path 30 may for example be combined hypertext transfer protocol secure (HTTPS) protocol Transport Layer Security (TLS) connection. 客户端可建立到服务12内的受信执行环境24的TLS连接。 Clients can establish to the service within 12 trusted execution environment TLS 24 connection. 例如,在一个实施例中,通过TLS连接30的通信可依赖于向客户端保证受信执行环境是特定的受信执行环境的证书交换。 For example, in one embodiment, the TLS communication connection 30 may depend on the client to ensure that the certificate is a trusted execution environment specific trusted execution environment switching. 客户端可存储被受信接受的执行环境列表。 Clients may store a list of execution is trusted environment acceptable. 例如,Verisign证书可向客户端提供充分的信息:客户端可确信受信执行环境的身份。 For example, Verisign certificate provides sufficient information to the client: The client can be assured that the identity of the letter of the execution environment. 然后,客户端仅需检查数据库以便确定受信执行环境是否是客户端可信任的那个。 Then, the client only checks the database to determine whether a trusted execution environment that is trusted client.

[0022] 证书可由服务(诸如Verisign)生成,该证书向用户确保正在与其通信的实体是实体所说的实体。 [0022] Certificate by the service (such as Verisign) is generated, the certificate to ensure that the user is working with its communication entity is an entity of said entities.

[0023] 服务12可包括不受信服务22,路径30通过该不受信服务22到达受信执行环境24。 [0023] 12 can include services from telecommunication services 22, 30 through the path 22 to the communication service is not trusted execution environment 24. 然而,不受信服务仅可访问经加密的数据。 However, not only communication services accessible to the encrypted data. 仅受信执行环境24具有将用户数据隐私地从客户端10传送到受信执行环境24所需的公钥26和私钥28。 Only trusted execution environment 24 having the privacy of user data from the client 10 to the trusted execution environment required 24 public and 26 private key 28. 不受信服务可以例如是互联网服务提供商或蜂窝电话服务提供商,作为两个示例。 Untrusted services such as Internet service provider or cellular telephone service provider, as two examples.

[0024] 因此,参照图2,客户端10可通过不受信服务22与受信执行环境24通信。 [0024] Thus, referring to FIG. 2, the client service 10 may communicate 24 with a trusted execution environment 22 by the non-trusted. 客户端10包括公钥和私钥并且使用TLS通道30验证受信执行环境的身份。 Identity of public and private use TLS channel 30 and verify trusted execution environment client 10. 具体地,信任请求32被发布到受信执行环境。 In particular, the trust requested 32 to be released to a trusted execution environment. 受信执行环境用其公钥做出响应,如箭头34所示。 Trusted execution environment responds with its public key, as shown by arrow 34. 然后,客户端基于预定的受信执行环境列表确定受信执行环境是否是客户端能够信任的环境。 Then, the client execution environment based on a predetermined list of trusted trusted execution environment to determine whether the client can trust the environment. 可确信受信执行环境的身份,因为这个身份由TLS通道确认。 Can be assured that the identity of the letter of the execution environment, because the identification by the TLS channel.

[0025] 然后,如果客户端10选择由受信执行环境24处理隐私数据,其发送包括用服务器的公钥和客户端的公钥加密的会话密钥以及用会话密钥加密的隐私数据和随机值,如箭头36所示。 [0025] Then, if the client 10 selected by the trusted execution environment 24 handling private data, including the use of public key and sends the client's public key encryption and server session key encrypted with the session key data privacy and random values, as shown by arrow 36. 然后,受信执行环境24具有客户端的公钥并且可处理隐私数据。 Then, the trusted execution environment 24 has a client public key and can handle private data. 其将如38处所示的结果发送到客户端10。 It will send the results as shown in 38 to 10 clients. 使用第二会话密钥对这些结果和随机值进行加密。 Using the second session key to these results and random values are encrypted. 也使用客户端的公钥对会话密钥进行加密。 Also use the client's public key to encrypt the session key.

[0026] 服务从客户端接收隐私数据并且在受信执行环境执行处理。 [0026] privacy service receives data from the client execution environment and execution process by letter. 仅受信执行环境具有解密数据的密钥,该数据曾以其他方式在存储器中并且在盘上加密。 Only trusted execution environment has a key to decrypt the data, the data encryption and other means once in a memory on the disc. 一旦处理完成,使用第二会话密钥对这些结果进行加密。 Once processing is completed, the second session key used to encrypt these results. 由客户端公钥加密的第二会话密钥、这些结果以及由第二会话密钥加密的随机值被返回客户端。 By the client public key encrypted second session key, as well as the results from the second session key encrypted random value is returned to the client.

[0027] 图3示出了一种可能的分组格式。 [0027] Figure 3 shows a possible format of a packet. 公钥40与有效载荷加密密钥44 一起用于加密签名48。 40 public and 44 payload encryption key used to encrypt the signature 48 together. 因此,有效载荷46被加密并且然后头42可被提供。 Accordingly, the payload 46 is encrypted and then the head 42 may be provided. 也就是,使用如50处所示的有效载荷加密密钥44对有效载荷进行加密。 That is, the use of such payload encryption key 50 shown 44 pairs of payload encryption. 然后,如52处所示,可用头、加密密钥44和有效载荷46对签名进行散列。 Then, as shown in 52, available headers, encryption keys 44 and payload 46 pairs of hash signatures.

[0028]图4中示出的受信执行环境是服务器进行安全处理的关键。 [0028] FIG. 4 shows the trusted execution environment is the key to the security server process. 从客户端接收的所有数据以加密形式存储在存储器66中和存储70上。 All data received from the client is stored in encrypted form on storage in memory 66 and 70. 受信执行环境包含用于解密数据的秘密密钥和用于处理的存储器66。 Trusted execution environment contains a secret key for decrypting data and a processing memory 66. 经解密的数据仅在处理期间可用,并且在其被处理之后永不在存储器中或盘上可用。 Decrypted data is only available during the process, and never available in memory or on disk after it is processed.

[0029] 因此,中央处理单元(CPU)或其他处理器54包括作为公私钥对或对称密钥的秘密56。 [0029] Thus, the central processing unit (CPU) or other processor 54 includes a secret as 56 public and private key pairs or symmetric key. 可用于在数据62中提供指令60的解密单元58中进行解密。 May be used to provide a directive in a data decrypting unit 62 decrypts the 5860's. 读写链路64将存储器66和CPU 54链接起来。 Write memory 66 and the link 64 will link the CPU 54. 存储器66可存储也可从如72中所指示的存储70加载的经加密的信息68 ο Memory 66 can store 72 is also available as indicated in the memory 70 is loaded encrypted information 68 ο

[0030] 至此为止,数据已经用算法或不用算法(例如,个人上下文作为经加密的文本文件)从客户端传输以便在驻留在服务器上的数据上操作。 [0030] Thus far, no data have been used algorithm or algorithms (for example, personal context as encrypted text files) transmitted from the client in order to operate on the data resides on the server. 在另一个实施例中,客户端传送数据和指令两者以便在服务器上执行。 In another embodiment, the client transmit both data and instructions for execution on the server. 在这种情况下,客户端能够控制对数据的访问以及在数据上发生的处理。 In this case, the client can control access to data and processing occurs on the data. 处理指令与图2中被标记为“隐私数据”和在图3中被标记为“经加密的有效载荷”的块中的数据一起被传输。 Processing instructions in Figure 2 is marked as "private data" and data in Figure 3 is marked as "Encrypted payload by" blocks are transmitted together. 可或者通过要求对指令进行签名或者要求在沙盒(例如,Java虚拟机)中对指令进行解释来保护服务器,该沙盒在受信执行环境或两者中运行。 Or may be signed by the requirements of the Directive or the requirements of the sandbox (for example, Java Virtual Machine) in the interpretation of the directive to protect the server, the sandbox run in a trusted execution environment, or both.

[0031] 在至此所描述的示例中,存在其服务器具有受信执行环境的最终用户和单个服务提供商。 [0031] In the example described so far, the presence of which the server has a trusted execution environment for end users and a single service provider. 以下描述两个扩展。 The following description of two extensions.

[0032] 在某些情况下,用户可与用户不信任的服务提供商交互,即使该服务提供商具有含受信执行环境的硬件。 [0032] In some cases, the user can interact with the service provider does not trust the user, even if the service provider has a trusted execution environment containing hardware. 在这种情况下,如图5所示,可使用受信第三方。 In this case, as shown in FIG. 5, the trusted third party can be used. 用户与受信第三方的硬件建立关系而不是与不受信服务提供商。 Users and trusted third party hardware rather than build relationships with non-trusted service provider. 第三方受信硬件中发生计算并且仅经加密的请求和结果数据通过不受信服务提供商传输。 Third-party hardware that letter should be calculated and only upon request, and the results of data transmission is not encrypted by the service provider channel.

[0033] 因此,在图5中,客户端设备74包括公钥和私钥78和80、客户端应用82和隐私上下文76。 [0033] Thus, in Figure 5, the client device 74 includes a public key and a private key 78 and 80, the client application 82 and 76 privacy context. 设备74通过路径84通信,该路径可以是有线或无线并且可通常是TLS连接。 Device 74 through a communication path 84, the path may be wired or wireless and may typically TLS connection. 其与具有不受信服务90的不受信服务提供商88通信。 With having untrusted service 90 untrusting communication service provider 88. 不受信服务提供商和受信服务提供商92两者都在云86中。 Untrusted and trusted service provider ISP 92 86 both in the cloud. 受信服务提供商92包括不受信服务94、公钥和私钥98和100以及受信执行环境96。 Trusted ISP 92 includes a letter from the service 94, 98 and 100 public and private keys and trusted execution environment 96.

[0034] 在另一个示例中,如图6所示,客户端可以是企业环境中的设备。 [0034] In another example, as shown in Figure 6, the client may be a device in an enterprise environment. 在本示例中,企业102可能希望访问未经加密的数据。 In this example, 102 companies may wish to access the unencrypted data. 此外,企业可能希望设置有关可处理什么数据以及该数据可由什么外部服务提供商访问的策略。 In addition, companies may want to set about what data can be processed and what data can be accessed by an external service provider strategy. 在这种情况下,企业客户端设备106通过企业服务或服务器112或可能企业所提供的代理与受信服务提供商124通信。 In this case, the enterprise client devices 106 communicate through an enterprise service or the server 112 or may be provided by enterprises with a trusted agent service provider 124. 企业服务112包含适当的安全策略114并且与信任执行环境128协商受信关系和密钥。 Corporate Services 112 includes appropriate security policies 114 and 128, in consultation with trusted execution environment fiduciary relationship and keys. 因此,企业客户端设备106包括企业数据108和经由路径116在企业102内与企业服务器112通信的客户端应用110。 Therefore, the enterprise client device 106 includes data 108 and 116 companies in the business enterprise server 102 and client application 112 to communicate via path 110. 企业服务器112具有用于用公钥和私钥120和122对数据和企业服务118进行云处理的安全策略。 Enterprise server 112 has a public key and a private key 120 and 122 of the data and enterprise services 118 cloud processing security policy. 受信执行环境128还包括云104中的公钥和私钥130和132。 Trusted execution environment 128 also includes a cloud 104 public and private keys 130 and 132.

[0035] 因此,企业客户端设备106通过路径116与企业102内的企业服务器112通信。 [0035] Therefore, the enterprise client device 106 via path 116 and 102 within the business enterprise server communication 112. 其还通过路径116经由不受信服务124与云104和受信执行环境128通信。 It also adopted a communication path 116 through 128 and 124 cloud service untrusted and trusted execution environment 104.

[0036] 在某些实施例中,会话密钥可以是随机数并且随机值可以是另一个随机数。 [0036] In certain embodiments, the session key may be a random number and a random value can be another random number. 会话密钥可以例如是对称密钥。 Session key may for example be a symmetric key.

[0037] 在某些实施例中,可以用保留其隐私性的方式在云中处理数据。 [0037] In some embodiments, it can be used to retain the privacy of processing data in the cloud. 服务提供商可能永远都不知道客户端设备的所有者的身份或者甚至正在提供的数据。 ISP may never know the identity of the owner of the client device or even data being provided. 数据执行可与不受信服务提供商分离。 Data Execution can be separated from the non-trusted service provider.

[0038] 可在本文的实施例中使用具有公/私钥对的任何客户端应用。 [0038] can be used in any client application has a public / private key pair in the embodiments herein. 通常,客户端必须具有公/私钥对以及验证其能够并且应当信任的身份的某种方式。 Typically, the client must have a public / private key pairs and validation can and should trust their identity in some way. 因此,在某些实施例中,任何人可与任何受信实体使用这个序列。 Thus, in some embodiments, any person with any trusted entity uses this sequence.

[0039] 参照图7,可在客户端中实现、可在软件、固件和/或硬件中实现序列134。 [0039] Referring to FIG. 7, may be implemented in the client can be realized sequence 134 in software, firmware and / or hardware. 在软件和固件实施例中,它可由一个或多个非瞬态计算机可读介质(如磁、光学、或半导体存储)执行。 In the software and firmware embodiments, it may be made of one or more non-transitory computer-readable media (e.g., magnetic, optical, or semiconductor memory) performed.

[0040] 程序代码或指令可被存储在例如易失性和/或非易失性存储器中,诸如存储设备和/或相关联的机器可读或机器可访问介质,包括但不限于固态存储器、硬盘驱动器、软盘、光存储、磁带、闪存、存储器棒、数字视频盘、数字通用盘(DVD)等等,以及更独特的介质,诸如机器可访问生物状态保存存储。 [0040] program code or instructions may be stored, for example, volatile and / or nonvolatile memory, such as storage devices and / or machine-readable or machine accessible medium including but not limited to an associated solid state memory, hard disk drives, floppy disks, optical storage, tapes, flash memory, memory sticks, digital video disks, digital versatile disc (DVD), etc., as well as more unique medium, such as machine-accessible biological state preserving storage. 机器可读介质可包括用于以机器可读的形式存储、传输或接收信息的任何机制,并且该介质可包括程序代码可通过其传递的介质,诸如天线、光纤、通信接口等等。 The machine-readable medium may include a machine-readable form storage, transmission or any mechanism for receiving information, and the medium may include program code may pass through a medium, such as antennas, optical fibers, communications interfaces, etc. 程序代码可被以分组、串行数据、并行数据等形式传输,并且可以用压缩或加密格式使用。 Program code can be packets, serial data, parallel data transmission and other forms, and may be compressed or encrypted format.

[0041] 如框136中所示的,序列134可通过与受信执行环境或其他受信实体建立TLS通道开始。 [0041] As shown in block 136, the sequence 134 may begin by establishing a TLS channel and trusted execution environment or other trusted entities. 然后,发送信任请求,如框138中所示。 Then, the transmission request trust, as shown in block 138. 信任请求可包括客户端设备的公钥。 Trust request may include a public key of the client device. 服务器从客户端设备接收公钥,如框140中所示。 The server receives the public key from the client device, as shown in block 140. 如框142中所示的,服务器通过经由不受信服务向受信实体发送经加密的服务器公钥、会话密钥、客户端公钥、隐私数据和随机值来做出响应。 As shown in block 142, the server by sending a letter via the service from a trusted entity to the server's public key encrypted session key, client public key, data privacy and random values to respond. 然后,客户端接收经加密的客户端公钥、会话密钥、结果和随机值,如框144中所示。 Then, the client receives the encrypted client public key, session key, and the results of random values, as shown in block 144.

[0042] 序列146在图8中指示服务器中的相应的活动。 [0042] sequence 146 in FIG. 8 corresponding activities indicated server. 序列146可在软件、固件和/或硬件中实现。 Sequence 146 may be implemented in software, firmware and / or hardware. 在软件和固件实施例中,它可由存储在一个或多个非瞬态计算机可读介质(如磁、光学、或半导体存储)中计算机执行指令实现。 In the software and firmware embodiments, it may be stored in one or more non-transitory computer-readable media (e.g., magnetic, optical, or semiconductor memory) of a computer to execute instructions.

[0043] 序列146可通过接收对客户端设备的TLS请求开始,如框148中所示。 [0043] sequence 146 may begin by receiving a request for a client device TLS, as shown in block 148. 然后,服务器可发送其公钥,如框150中所示。 Then, the server can send its public key, as shown in block 150. 接下来,服务器接收经加密的数据、服务器和客户端公钥以及随机值,如框152中所示。 Next, the server receives the encrypted data, the server and the client public key and a random value, as shown in block 152. 服务器处理隐私数据,如框154中所示。 Server handling private data, as shown in block 154. 然后,服务器返回经加密的客户端公钥、会话密钥、结果和随机值,如框156中所示。 The server then returns the client public key encrypted session key, and the results of random values, as shown in block 156.

[0044] 实施例可在许多不同的系统类型中实现。 [0044] Embodiments may be implemented in many different system types. 现在参照图9,示出了根据可在桌上计算机、膝上计算机、移动互联网设备、移动计算节点、智能电话、蜂窝电话、无线电、固定计算节点等等中发现的实施例的系统的框图。 Referring now to Figure 9, a block diagram illustrating in desktop, laptops computers, mobile internet devices, mobile computing nodes, a smart phone, a cellular telephone, a radio, a stationary computing nodes, etc., found in the system according to the embodiment. 多处理器系统200是点到点互连系统,并包括经由点到点互连250耦合的第一处理器270和第二处理器280。 Multiprocessor system 200 is a point to point interconnect system, and includes a coupling 250 via a point to point interconnect a first processor 270 and second processor 280. 处理器270和280中的每一个都可以是多核处理器。 Processors 270 and 280 may each be multi-core processors. 术语“处理器”可指代任何设备或处理来自寄存器和/或存储器的电子数据以便将该电子数据转换成可存储在寄存器和/或存储器中的其他电子数据的设备的一部分。 The term "processor" may refer to any device or process on behalf of a part of the electronic data from registers and / or memory, so that this is converted into electronic data may be stored in registers and / or other electronic data storage devices. 第一处理器270可包括存储器控制器中枢(MCH)和点到点(PP)接口。 The first processor 270 may include a memory controller hub (MCH) and point (PP) interfaces. 类似地,第二处理器280可包括MCH和PP接口。 Similarly, the second processor 280 may include MCH and PP interfaces. MCH可将处理器耦合到对应的存储器,即,存储器232和存储器234,这些存储器可以是本地地附接到对应的处理器的主存储器(例如,动态随机存取存储器(DRAM))的多个部分。 MCH processor may be coupled to a corresponding memory, i.e., memory 232 and a memory 234, the memory may be attached to the corresponding local processor, a main memory (e.g., dynamic random access memory (a DRAM)) of the plurality of section. 第一处理器270和第二处理器280可分别经由PP互连耦合到芯片组290。 The first processor 270 and second processor 280 may be coupled to the chipset via PP interconnects 290. 芯片组290可包括PP接口。 Chipset 290 may include a PP interface. 此外,芯片组290可经由接口耦合至第一总线216。 In addition, the chipset 290 may be coupled to a first bus 216 via the interface. 各种输入/输出(I/O)设备214可以连同总线桥218耦合到第一总线216,总线桥218将第一总线216親合至第二总线220。 Various input / output (I / O) devices 214 along with a bus bridge 218 may be coupled to first bus 216, bus bridge 218 of the first bus 216 to a second bus 220. affinity. 在一个实施例中,各种设备可親合到第二总线220,包括例如键盘/鼠标222、通信设备226和数据存储单元228,诸如可包括代码230的磁盘驱动器或其他大容量存储设备。 In one embodiment, various devices amiable bonded to the second bus 220 including, for example a keyboard / mouse 222, communication devices 226 and a data storage unit 228, such as the code 230 may include a disk drive or other mass storage device. 代码可存储在一个或多个存储器中,包括存储器228、232、234、经由网络耦合到系统200的存储器等等。 Codes may be stored in one or more of memory, including a memory 228,232,234, coupled to the memory system via the network 200 and the like. 而且,音频I/O 224可耦合到第二总线220。 Also, the audio I / O 224 may be coupled to second bus 220.

[0045] 实施例可在代码中实现并且可存储在其上存储有可用于对系统进行编程的指令以便执行这些指令的至少一个存储介质上。 [0045] Embodiments may be implemented in code and may be stored on having stored thereon can be used to program the system of instruction in order to perform these instructions at least one storage medium. 存储介质可包括但不限于任何类型的盘,包括软盘、光盘、固态驱动器(SSD)、致密盘只读存储(CD-ROM)、致密盘可重写(CD-RW)、以及磁光盘、半导体器件,诸如只读存储器(ROM)、随机存取存储器(RAM),诸如DRAM、动态和静态RAM、可擦可编程只读存储器(EPR0M)、电可擦可编程只读存储器(EEPR0M)、闪存、磁或光卡、或任何其他类型的适合用于存储电子指令的介质。 Storage medium may include, but are not limited to, any type of disk including floppy disks, optical disks, solid-state drive (SSD), a compact disk read only memory (CD-ROM), a compact disc rewritable (CD-RW), and magneto-optical disks, semiconductor devices, such as read only memory (ROM), a random access memory (RAM), such as a DRAM, dynamic and static the RAM, erasable programmable read-only memory (EPR0M), electrically erasable programmable read-only memory (EEPR0M), flash memory , magnetic or optical cards, or any other suitable media for storing electronic instructions to other types.

[0046] 在此参照数据(诸如指令、功能、过程、数据结构、应用程序、配置设置、代码等等)描述了各实施例。 [0046] In the various embodiments described herein with reference to the data (such as instructions, functions, procedures, data structures, application programs, configuration settings, code, etc.). 这种指令包括在例如图7和图8中并且可存储在(或分布在)各种位置,诸如位置232、231、235、236、230和/或228等等。 Such instructions include, for example, FIG. 7 and FIG. 8, and may be stored in (or distributed) at various locations, such as location 232,231,235,236,230, and / or 228, and so on. 当该数据由机器访问时,该机器可通过执行任务、定义抽象数据类型、建立低级硬件上下文和/或执行其他操作来做出响应,如在此更详细描述的。 When the data is accessed by a machine, the machine by performing tasks, defining abstract data types, to establish low-level hardware contexts, and / or take other actions to respond, as described in greater detail below. 该数据可存储在易失性和/或非易失性数据存储中。 This data may be stored in volatile and / or non-volatile data storage. 术语“代码”或“程序”覆盖广泛范围的组件和构造,包括应用、驱动程序、进程、例程、方法、模块和子程序,并且可指代当由处理系统执行时执行所期望的操作的任何指令集合。 The term "Code" or "program" covering a wide range of components and configurations, including applications, drivers, processes, routines, methods, modules and subroutines, and may refer to when any of the desired operation when executed by a processing system instruction set. 此外,替代实施例可包括使用比所有所公开的操作更少的进程、使用附加操作的进程、使用不同序列中的相同操作的进程以及在此公开的单独操作在其中组合、细分或以其他方式更改的进程。 Further, the case may include the use of all of the disclosed operations fewer processes, the use of additional operations individual operating processes disclosed herein an alternative embodiment, the process using a different sequence of actions, and in which the same combined, subdivided, or otherwise change the process.

[0047] 在一个实施例中,使用术语控制逻辑包括硬件(诸如晶体管、寄存器或其他硬件(诸如可编程逻辑器件(235)))。 [0047] In one embodiment, the use of the term logic includes hardware control (such as transistors, registers, or other hardware (such as a programmable logic device (235))). 然而,在另一个实施例中,逻辑还包括软件或代码(231)。 However, in another embodiment, logic also includes software or code (231). 这种逻辑可与硬件(诸如固件或微代码(236))集成。 This logic can be integrated with hardware (such as firmware or micro-code (236)). 处理器或控制器可包括旨在表示本领域已知的各种各种的控制逻辑中的任一种,并且这样可很好地被实现为微处理器、微控制器、现场可编程门阵列(FPGA)、专用集成电路(FPGA)、可编程逻辑器件(FPGA)等等。 The controller may include a processor or known in the art is intended to represent a variety of high control logic either, and thus may well be implemented as a microprocessor, a microcontroller, a field programmable gate array (FPGA), application specific integrated circuits (FPGA), programmable logic device (FPGA), and so on.

[0048] 本领域技术人员将理解的是总体上在此并且尤其在所附权利要求书(例如,所附权利要求书的主体)中使用的术语通常旨在是“开放式”术语(例如,术语“包括(including) ”应当被解释为“包括但不限于(including but not limited to)”,术语“具有(having) ”应当被解释为“至少具有(having at least) ”,术语“包括(includes) ”应当被解释为“包括但不限于(includes but is not limited to)”)。 [0048] Those skilled in the art will appreciate that in general in this and in particular in the appended claims (for example, the appended claims subject book requirements) used terminology are generally intended as "open" terms (for example, the term "comprising (including)" should be interpreted as "including but not limited to, (including but not limited to)", the term "having (hAVING)" should be interpreted as "having at least (having at least)", the term "comprising ( the includes) "should be interpreted as" including but not limited to (includes but is not limited to) "). 本领域技术人员将进一步理解的是如果预期所引入的权利要求引用的特定编号,这种意图将明确地在该权利要求中引用并且在不存在这种引用时不存在这种意图。 Those skilled in the art will further be appreciated that if the reference preceding the expected number introduced specific requirements, such intent will be explicitly referred to in the claims and in the absence of such a reference when there is no such intention. 例如,作为对理解的辅助,以下所附权利要求书可包含引入性短语“至少一个”和“一个或多个”的使用以便引入权利要求引用。 For example, as an aid to understanding, the following appended claims may contain a claim of the introduction of the phrase "at least one" and "one or more" to introduce claim the use of references. 然而,这种短语的使用不应当被解释为暗指通过不定冠词“a (—种)”或“an (—种)”对权利要求引用的引入将包含这种引入权利要求引用的任何特定的权利要求限制为仅包含一个这种引用的发明,即使当相同的权利要求包括引入性短语“一个或多个”或“至少一个”以及不定冠词诸如“a (—种)”或“an (—种)”(例如,应当通常被解释为“至少一个”或“一个或多个”);用于引入权利要求引用的定冠词的使用也如此。 However, the use of such phrases should not be construed to imply by the indefinite articles "a (- species)" or "an (- species)" into the claims contain any specific reference in the introduction of this claim by reference limit claims to contain only a reference to this invention, even when the same claim includes the introduction of the phrase "one or more" or "at least one" and indefinite articles such as "a (- species)" or "an (- species) "(for example, should generally be interpreted as" at least one "or" one or more "); to introduce claim referred to the use of the definite article is also true. 此外,即使明确引用了引入权利要求引用的特定编号,本领域技术人员将认识到这种引用应当通常被解释为意指至少该引用编号(例如,仅引用“两个引用”而没有其他修饰符通常意指至少两个引用或两个或更多个引用)。 In addition, even if a clear reference to the specific number of an introduced claim referred to, one skilled in the art will recognize that this reference should typically be interpreted to mean at least the reference number (for example, refer only to "two references" and no other modifiers typically means at least two references or two or more references). 在使用类似于“A、B或C等等中的至少一项”的惯例的情形中,通常,这种构造的含义为本领域技术人员将理解的该惯例(例如,“系统具有A、B或C中的至少一项”将包括但不限于仅具有A、仅具有B、仅具有C、具有A和B、具有A和C、具有B和C和/或具有A、B和C等等的系统)。 In using a similar "A, B or C, and so at least one of" the situation in practice, generally, the meaning of this construction will be appreciated by those skilled in the practice (for example, "the system has A, B or at least one C "would include but are not limited to having only a, only B has, with only C, it a and B, with a and C, B and C together, and / or with a, B and C, etc. system). 本领域技术人员将进一步理解的是实际上无论在说明书、权利要求书还是附图中呈现两个或更多个替代术语的任何分隔词和/或短语应当被理解为考虑包括这些术语之一、这些术语中的任一项或这两个术语的可能性。 Those skilled in the art will further be appreciated that fact in terms of specification, or drawings showing two or more words separated by any alternative terms and / or phrases should be understood to include one of these terms to consider claims any one of these terms or the possibility of two terms. 例如,短语“A或B”将被理解为包括“A”或“B”或“A和B”的可能性。 For example, the phrase "A or B" will be understood to include the possibility of "A" or "B" or "A and B" is.

[0049] 也可相对于在此所描述的方法或过程实现以上所描述的装置的全部可选特征。 [0049] Also with respect to the method or process described herein to achieve the above described optional feature of all the apparatus. 尽管已经针对有限数量的实施例描述了本发明,本领域技术人员将认识到从其延伸的多种修改和变形。 Although the present invention has been described with respect to a limited number of embodiments, those skilled in the art will recognize that numerous modifications and variations extending therefrom. 旨在所附权利要求书涵盖所有这种修改和变形,落入本发明的真实精神和范围中。 It intended that the appended claims cover all such modifications and variations of the present invention fall within the true spirit and scope.

[0050] 以下子句和/或示例涉及进一步的实施例: [0050] The following clauses and / or further exemplary embodiment relates to:

[0051] 至少一个机器可读介质,包括指令,当由处理器执行时,该指令执行序列,该序列包括:经由不受信云服务提供商在云中与受信方建立安全通道;与该受信方交换公钥而不将该密钥暴露给该提供商;经由该安全通道通过该提供商发送经加密的数据以便由该受信方与该提供商分离地处理;以及经由该安全通道通过该提供商从该受信方接收该处理的经加密的结果。 [0051] at least one machine-readable medium comprising instructions that, when executed by a processor, the instruction execution sequence, which comprises: in the cloud and trusted entering into a secure channel via untrusted cloud service providers; and the trusted party the public key exchange without exposure to the provider; via the secure channel through which the data provider to send encrypted to the trusted party and the provider separately handled by; and via the safe passage of the provider receiving the result of the processing of encrypted from the trusted party. 该介质可进一步存储用于从该受信方接收公钥的指令。 The medium may further store instructions for receiving the public key from a trusted party. 该介质可进一步存储用于在将所述数据发送到所述受信方之前使用所述公钥加密所述数据的指令。 The medium may further store the data for sending to the channel before using the public key to encrypt the data by the instruction. 该介质可包括将经加密的客户端公钥发送到所述方。 The medium may comprise sending the encrypted public key to the client side. 该介质可包括接收用所述客户端公钥加密的结果。 The medium may include receiving the client public key encryption results. 该介质可包括该受信方是第三方。 The medium may include the trusted party is a third party. 该介质可包括至少一个介质,其中,该受信方是受信环境。 The medium may include at least one medium, wherein the trusted party is a trusted environment. 该介质可包括将带有该方的公钥的隐私数据用该客户端的公钥和会话密钥加密并用会话密钥加密的随机值一起提供给该受信方。 The medium may include a public key and the session key encrypted with the public key of the private data of the party with the client and with the session key encrypted random value to the trusted party together.

[0052] 在另一个示例实施例中,至少一个机器可读介质包括指令,当由处理器执行时,该指令执行序列,该序列包括:经由不受信云服务提供商与客户端建立安全通道;与该客户端交换密钥;经由该安全通道接收经加密的数据;处理该经加密的数据;以及经由所述安全通道通过该不受信云服务提供商发送所述处理的经加密的结果。 [0052] In another exemplary embodiment, at least one machine-readable medium comprising instructions that, when executed by a processor, the instruction sequence which includes: establishing a secure channel via untrusted cloud service provider and the client; the key exchange with the client; receiving encrypted data via a secure channel through which; processing the encrypted data; and the results via the secure channel through which the channel is not encrypted cloud service provider to send the processed. 该至少一个介质可进一步存储用于从该客户端接收公钥的指令。 The medium may further store at least one instruction for receiving a public key from the client. 该至少一个介质可进一步存储用于在将所述数据发送到所述客户端之前使用所述公钥加密所述数据的指令。 The medium may further store at least one means for transmitting data to the instruction using the public key to encrypt the data prior to the client. 该至少一个介质包括将经加密的服务器公钥发送到所述客户端。 The medium comprises at least one sends the encrypted server's public key to the client. 该至少一个介质包括发送用所述客户端公钥加密的结果Ο The at least one transmission medium comprises a client public key encryption result of the Ο

[0053] 另一个示例实施例可以是一种装置,该装置包括处理器和耦合到所述处理器的存储,该处理器用于:经由不受信云服务提供商在云中给予受信方建立安全通道;与该受信方交换密钥;经由该安全通道发送经加密的数据以便由该受信方处理;以及经由所述安全通道从该受信方接收所述处理的经加密的结果。 [0053] Another exemplary embodiment may be an apparatus comprising a processor and a memory coupled to the processor, the processor configured to: via untrusted trusted cloud service providers to give safe passage to enter into the cloud ; exchange key to the trusted party; transmitted via the secure channel encrypted data for processing by the trusted party; and the results received from the trusted party via the safe passage of the processing encrypted. 该装置可包括所述处理器从该受信方接收公钥。 The apparatus may include a processor receiving the public key from the trusted party. 该装置可包括所述处理器在将所述数据发送到所述受信方之前使用所述公钥加密所述数据。 The apparatus may comprise the processor sending the data to the public key used to encrypt the signal prior to the data subject. 该装置可包括所述处理器将经加密的客户端公钥发送到所述方。 The apparatus may include the processor sends the encrypted public key to the client side. 该装置可包括所述处理器接收用所述客户端公钥加密的结果。 The apparatus may comprise the processor receiving the result of the encryption public key of the client.

[0054] 在又一个示例实施例中,可以是一种装置,该装置包括处理器和耦合到所述装置存储,该处理器用于:经由不受信云服务提供商与客户端建立安全通道;与该客户端交换密钥;经由该安全通道接收经加密的数据;处理该经加密的数据;以及经由所述安全通道通过该不受信云服务提供商发送所述处理的经加密的结果。 [0054] In yet another exemplary embodiment, may be a device, the apparatus comprising a processor coupled to said storage means, the processor is configured to: establish a secure channel via untrusted cloud provider client; and the client key exchange; receiving encrypted data via a secure channel through which; processing the encrypted data; and via the secure channel through which the results of the letter from the cloud service provider to send encrypted processing. 该装置可包括所述处理器从该客户端接收公钥。 The apparatus may include a processor receives the public key from the client. 该装置可包括所述处理器在将所述数据发送到所述客户端之前使用所述公钥加密所述数据。 The device may include a processor before sending the data to the client using the data of the public key cryptography. 该装置可包括所述处理器将经加密的服务器公钥发送到所述客户端。 The apparatus may comprise the processor sends the encrypted public key to the server the client. 该装置可包括所述处理器发送用所述客户端公钥加密的结果。 The apparatus may include a processor for transmission of the client public key encryption results. 该装置可包括云服务器。 The apparatus may include cloud server. 该装置可包括受信执行环境。 The device may include a trusted execution environment. 该装置可包括所述服务器相对于所述客户端是第三方并且在云中相对于所述客户端是服务提供商。 The apparatus may include the server with respect to the client and a third party in the cloud with respect to the client is the service provider.

[0055] 贯穿本说明书对“一个实施例”或“ 一种实施例”的引用是指在此结合实施例所述的特定特征、结构或特性包括在本公开中所包含的至少一种实现方式中。 [0055] Reference throughout this specification to "one embodiment" or "an embodiment" means herein with reference to the embodiment according to a particular feature, structure, or characteristic comprising at least one implementation in this disclosure contained in. 因此,短语“一个实施例”或“在实施例中”的出现无需指代相同的实施例。 Thus, the phrase "one embodiment" or a "in an embodiment" does not need to refer to the same embodiment. 此外,特定的特征、结构或特性可被设置为其他合适的形式而不是所展示的特定实施例,并且所有这种形式可包含在本申请的权利要求书中。 Furthermore, the particular features, structures or characteristics may be set as other suitable forms rather than the particular embodiment shown, and all such forms may comprise as claimed in the claims of the present application.

[0056] 尽管已经描述了有限数量的实施例,本领域技术人员将意识到许多修改和变化。 [0056] Although it has been described a limited number of embodiments, those skilled in the art will recognize that many modifications and variations. 旨在所附权利要求书涵盖落入本公开的真实精神和范围中的所有这种修改和变化。 It intended that the appended claims cover fall within the true spirit and scope of the disclosure of all such modifications and variations.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
CN101529797A *Oct 24, 2007Sep 9, 2009国际商业机器公司System, device, method and program for authenticating communication partner by means of electronic certificate including personal information
US20090161876 *Dec 21, 2007Jun 25, 2009Research In Motion LimitedMethods and systems for secure channel initialization transaction security based on a low entropy shared secret
US20120265976 *Mar 16, 2012Oct 18, 2012Bank Of America CorporationSecure Network Cloud Architecture
International ClassificationG06F21/62, G06F15/16, G06F21/30
Cooperative ClassificationH04L63/0435, H04L63/0428, H04L63/061, H04L63/045, H04L63/0442
Legal Events
Mar 16, 2016C06Publication
Apr 13, 2016C10Entry into substantive examination