professional knowledgeresearch report

White paper on privacy computing based on trusted execution environment From China Unicom Research Institute

0 4 7 minutes read

The following is the White paper on privacy computing based on trusted execution environment From China Unicom Research Institute recommended by recordtrend.com. And this article belongs to the classification: professional knowledge, research report.

Privacy computing is mainly to solve the problem that multiple participants’ data is not local, and realize cross domain cooperation of multi-source data while protecting data security. Using privacy computing technology to ensure the security of sensitive data and information in the process of multi-party cooperation and realize the “available but invisible” of data has become the consensus of the industry. From the perspective of technology implementation principle, the main technology selection of privacy computing is divided into two categories. The first category is the privacy computing technology based on cryptography represented by multi-party security computing; The second is hardware based privacy computing technology represented by trusted execution environment.

1. Privacy computing technology based on cryptography provides more secure multi-party joint computing capabilities

There are many cryptographic technologies, including multi-party secure computing, homomorphic encryption, differential privacy and federated learning. At present, multi-party secure computing is mainly represented.

Secure multi party computing (MPC) is mainly to solve the problem that multiple untrusted participants hold private data and jointly calculate a given function through a distributed encryption network. While ensuring that the participants obtain the correct calculation results, they cannot obtain any information other than the calculation results. In the whole calculation process, the participants always have absolute control over the data they own. While ensuring the security and privacy of the original data, they calculate and analyze the data to realize the data availability and invisibility. As shown in the following figure:

As another mainstream path of privacy computing, federated learning (FL) mainly solves the problem of multi-party data joint machine learning without aggregating the original data of participants, and realizes the joint modeling of protecting the privacy of terminal data. In the process of machine learning, all participants can use the data of other parties for joint modeling. All parties do not need to share data resources, that is, when the data is not out of the local, carry out data joint training and establish a shared machine learning model.

2. Hardware based privacy computing technology helps computing services run safely and efficiently.

Hardware based privacy computing technology mainly refers to trusted execution environment (TEE). Its core idea is to build a hardware isolated security area, in which private data are calculated. Data participants can verify the reliability of tee environment by means of remote certification, so as to ensure the security of computing environment. The security of data is ensured by encrypting transmission during data transmission, and the security is ensured by performing encryption and decryption in tee environment during data operation. After the calculation, destroy the original data in the tee environment to ensure that the original data is not leaked.

2 tee privacy computing technology scheme

(1) Privacy computing business framework based on trusted execution environment

Combined with the current requirements for the safe circulation of data elements and efficient data governance, a privacy computing business framework based on tee is constructed, including trusted hardware, tee capability adaptation, business platform and trusted application.

Tee privacy computing technology solutions support rich trusted applications, including data protection during computing, key protection, privacy query, data encryption storage, computing model protection, etc.

(2) Trusted application of tee privacy computing

1. Data protection during calculation

With the wide application of big data, cloud computing, AI and other technologies, especially in finance, government, social governance, media and many other fields, there are data islands among enterprises. Using TEE privacy computing technology can provide security protection for multi-party data joint computing.

This application scenario uses the tee computing environment as a security sandbox to make multi-party data available but invisible. Different computing participants transmit their encrypted data to the tee computing environment through a secure link, decrypt the data in tee and conduct joint computing, such as joint user portrait, financial risk control prediction, social risk identification, etc. After the calculation, the calculation results will be returned to all participants through the secure link, and the original data will be destroyed in the tee environment.

Tee privacy computing technology can effectively protect the security of data during computing, prevent the disclosure of original data, and meet the needs of efficient collaboration and joint computing between enterprises.

2. Key protection

Key lifecycle management includes key generation, distribution, storage, use, update, archiving, revocation, backup, recovery and destruction. Key security is the key element of data security and system security. In order to enhance the security of the key, the key is usually encrypted and stored or introduced into a dedicated key device. Using TEE privacy computing technology to manage keys in a hard isolated tee environment can simplify the complexity of traditional key management and ensure the security and reliability of the key lifecycle operation environment.

The key protection application scenario realizes key generation, management and other functions in the tee computing environment, and supports the general encryption algorithm. On the one hand, when receiving the user’s key request, the key generation function is used to generate random keys, certificates and other security credentials, which are transmitted to the user through the security link; On the other hand, it also supports the encryption calculation of the original data and prediction results using the generated key combined with the general encryption algorithm in tee. When the key expires or fails, the key is destroyed in the tee environment to enhance the overall security of the key life cycle.

3. Calculation model protection

Multiple enterprises use the data accumulated in the production process to conduct joint modeling and analysis. In order to obtain more accurate results, these enterprises can introduce partners with mature algorithm models. In this scenario, tee privacy computing is used to ensure the security of the algorithm model.

Figure 3-4 shows a typical scenario of computing model protection. User a and user B master their own data sets, and build their model algorithms in the tee privacy computing environment through user C. The data provided by the data provider is transmitted to the tee computing environment through an encrypted secure link. The AI model of the algorithm provider is used for modeling and analysis, and the analysis results are transmitted to the data provider after analysis. At the same time, the AI model of the algorithm provider can be further optimized after training. After the calculation task, the model can be destroyed or the optimized model can be returned to the algorithm provider.

The security protection of the algorithm model through tee privacy calculation can prevent the leakage of the algorithm. At the same time, it can also further optimize its own algorithm by using its data without obtaining the original data of partners.

4. Data encryption storage

As a part of enterprise asset management, key data such as business analysis data, financial data, production data, etc. are of great value. Government and enterprise customers usually attach great importance to the privacy protection of such key data, and require encrypted storage of data to prevent leakage. Using TEE privacy computing technology can provide customers with data encryption and storage capabilities.

In this scenario, the tee computing environment is used as the data encryption module, and the user verifies the tee environment through remote certification, and generates a key in the tee environment. Key customer data is encrypted in the tee environment, and the encrypted data can be stored in the tee environment or in external media.

The data encryption key and encryption process take place in tee environment. Using TEE privacy computing technology to encrypt and store data can prevent data security risks caused by memory leakage.

5. Privacy inquiry

In the fields of finance, e-commerce, community governance and so on, it is necessary to have the ability to query the identity of users, such as comparing and authenticating the identity of personnel through fingerprint, face and other information. In the medical field, there are also private queries on patient disease records, gene sequencing and other data. These private data often come from multiple government departments or enterprises. Tee based privacy computing technology is one of the effective methods to realize the invisibility of data in this kind of scenario with privacy query requirements.

In this kind of privacy query scenario, build data collection, statistics and query capabilities in the tee privacy computing environment. The data providers transmit their original data to tee privacy computing environment through encrypted secure link for data collection and statistical analysis. The data query party calls the query interface to send a privacy query request for the content it needs, and the query module in the tee environment returns the query results to the data query party according to the identity and authority of the data query party. At the same time, it can also be combined with blockchain and other technologies to deposit certificates for the query operations of the data query party.

Using TEE privacy computing for privacy query, the original data of the data provider and the whole process of query are placed in the hardware isolated tee privacy computing environment, which can realize the joint exchange of multi-party data, enrich the database and effectively reduce the risk of sensitive information disclosure.

If you want to get the full report, you can contact us by leaving us the comment. If you think the information here might be helpful to others, please actively share it. If you want others to see your attitude towards this report, please actively comment and discuss it. Please stay tuned to us, we will keep updating as much as possible to record future development trends.

RecordTrend.com is a website that focuses on future technologies, markets and user trends. We are responsible for collecting the latest research data, authority data, industry research and analysis reports. We are committed to becoming a data and report sharing platform for professionals and decision makers. We look forward to working with you to record the development trends of today’s economy, technology, industrial chain and business model.Welcome to follow, comment and bookmark us, and hope to share the future with you, and look forward to your success with our help.

Tags
0 4 7 minutes read

Related Articles

Photo of The booming fitness industry in China From C2 Global

The booming fitness industry in China From C2 Global

Photo of Research Report on CMO live broadcast market of Chinese enterprises in the first half of 2020 From A little roar

Research Report on CMO live broadcast market of Chinese enterprises in the first half of 2020 From A little roar

Photo of 2021 strategic insight and data disconnection Report From NetBase Quid

2021 strategic insight and data disconnection Report From NetBase Quid

Photo of Digital global business service center in China From Deloitte Consulting

Digital global business service center in China From Deloitte Consulting

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button