CPC H04L 63/0428 (2013.01) [H04L 9/0643 (2013.01); H04L 9/0819 (2013.01); H04L 9/3247 (2013.01)] | 7 Claims |
1. A privacy computing-enabled migration method for large-scale persistent data across platforms, comprising following steps:
S1, establishing a trusted connection between a Host0 security zone and a sealing key management service (SKMS) security zone; wherein a Host0 is a platform for sharing privacy data with other platforms;
S2, sending, by the Host0 security zone, a mapping table having entry contents which each contain a download link, a download link hash value and authorized platform information to the SKMS security zone based on the trusted connection;
wherein the Host0 sends the download link hash value to one or more Hosti; the Hosti is a platform for receiving shared privacy data, i=1, 2, . . . , N;
S3, sending, by the Hosti, a data signature package containing its own identity information to the SKMS;
S4, verifying, by the SKMS security zone, authorized identity of the Hosti based on the data signature package and the mapping table, and establishing the trusted connection with the Hosti after passing verification;
S5, sending, by the SKMS security zone, the download link mapped by the Hosti to a Hosti security zone based on the trusted connection, and downloading, by the Hosti, privacy data based on the download link; wherein the privacy data is the data locally sealed by the Host0 in a trusted manner through a privacy computing-based trusted sealing technology;
S6, decrypting, by the Hosti, the privacy data in a secure environment based on an encryption key acquired in advance, and locally sealing the privacy data in a trusted manner through the privacy computing-based trusted sealing technology;
wherein when the Host0 seals privacy data in a trusted manner, trusted sealing manner is based on one of i) decryption being performed only when application enclaves are same and ii) decryption being performed only when applications are developed by a same application developer;
wherein the data signature package of the Hosti is generated in following manner:
acquiring a i-th application measured value, a i-th application developer information through measuring by a hardware and a i-th hardware central processing unit (CPU) identifier;
signing a report comprising the i-th application measured value, the i-th application developer information and the i-th hardware CPU identifier by a CPU hardware to generate the data signature package; and
sending the generated digital signature package for verification.
|