CN-122027168-A - On-chip forced audit execution netting and recheckable credential generation method, device and storage medium

Abstract

The invention discloses a method, a device and a storage medium for on-chip forced audit execution networking for a post-loading vehicle-mounted terminal. The terminal sets forced passing controlled execution points on key paths such as normalized coding, gate control checking, signature triggering, encryption, sealing and submitting, so that a service side can only enter key operation through a protected calling interface or a hardware state machine, audit anchor points fields related to a policy_ver/spec_ver (and an optional rule_ver/spec_ver) are automatically written in each controlled execution point, and when the gate control fails or a key step is abnormal, the terminal writes failure reason code failure_request and key step state code step_code in an abnormal path, and executes integrity protection operation on an audit record abstract to generate audit certificates capable of checking labels. The server side is based on the version identification rechecking field set and the coding caliber, and performs verification, duplicate removal and receipt on the audit certificate, so that rechecking evidence closed loop under the condition of the consistent caliber of the terminal cloud is realized. Preferably, the validity of the policy_ver/spec_ver is checked by the security component based on the anti-rollback counter and trusted storage, and key and version reference information may be written or derived by eFuses/OTP or equivalent non-rewritable media to promote cross-device consistency and anti-clonality.

Inventors

• HAO JUNLING

Assignees

• 郝彦博

Dates

Publication Date

20260512

Application Date

20260224

Claims (10)

1. 1. A method for generating on-chip forced audit execution network and recheckable credential is characterized by being executed by a vehicle-mounted terminal comprising a processor, a memory, a communication module and a safety component for providing a protected secret key, wherein the safety component comprises a safety unit, SE or a trusted execution environment, the method comprises the steps of acquiring business input to be processed and executing standardized coding on the business input according to field sets and coding rules, wherein the field sets and the coding rules are determined by spec_ver reference, executing gating check on the standardized coding result in a controlled execution path, gating check parameters are determined by policy_ver reference, triggering the safety component to execute integrity protection operation on at least one piece of material to be protected through a protected call interface or a hardware state machine to generate a business credential when gating is passed, generating an abnormal record and triggering a security audit credential for the service credential when a gating failure or a key step is abnormal, and triggering a security protocol and a service credential to be output by the aid of the device when a gating failure or a key step is abnormal, and triggering the service credential to be a service credential to be completely audited by the device, and the service credential is generated by the device when the gating is abnormal, and the service credential is detected by the device, and the service credential is triggered by the device.
2. 2. An on-chip forced audit enforcement web and recheckable credential generation device comprising a processor, a memory, a communication module, and a security component, wherein the processor is configured to perform the method of claim 1.
3. 3. A computer readable storage medium having stored thereon a computer program which when executed by a processor implements the method of claim 1.
4. 4. The method of claim 1, wherein the controlled execution path includes at least two forced passing controlled execution points including at least any two of "normalized encoding complete", "gating decision complete", "trigger signature/encryption", "seal commit marker write", and an audit anchor field associated with policy_ver/spec_ver is written at each controlled execution point.
5. 5. The method of claim 1, wherein the exception audit record includes at least construction input reference information for the EVIDENCEID, the poll_ver/spec_ver reference information, the failure_reflection, the step_code, and optional anti-rollback counter reference information.
6. 6. The method of claim 1 wherein the security component performs a check on the validity of the policy_ver/spec_ver, the check including at least that the version identification is within the local allow list, that the version valid expires, that the policy is sufficient, and that the version is consistent with anti-rollback counter reference information.
7. 7. The method of claim 1, wherein the controlled execution path restricts access to key storage, pending signature buffers, and audit record buffers by a service side through an access control logic or isolation bus, and allows access only to pre-allocated buffers or reserved partitions to form a fixed resource upper bound.
8. 8. The method of claim 1, wherein to ensure trusted source, anti-rollback consistency, and server-side rechecability of the policy_ver/spec_ver reference information, key or version reference information of the security component is written or derived by an eFuse/OTP or equivalent non-rewritable medium and generation of service credentials is prohibited in a revocation or risk disposition state while audit credentials are allowed to be generated.
9. 9. The method of claim 1, wherein the server side performs a consistency review of the material to be protected by field set and encoding caliber referenced by policy_ver/spec_ver, and returns REJECT and optionally carries REJECT reason code when the review does not pass.
10. 10. The method of claim 1, wherein the idempotent key EVIDENCEID is computed from deterministic encoding results including at least a window identification or request identification, a policy_ver/spec_ver reference information, and the service credential or audit credential digest to support weak network reissuing and idempotent deduplication.

Description

On-chip forced audit execution netting and recheckable credential generation method, device and storage medium Technical Field The invention belongs to the field of safe execution and auditable evidence obtaining of vehicle-mounted terminals, and particularly relates to a method and a device for generating on-chip forced audit execution netting and recheckable certificates for a post-mounted vehicle-mounted terminal and a storage medium. Background On the key paths of acquisition, standardization, gate control, signature/encryption, sealing and storage and the like, the post-loading vehicle-mounted terminal always faces the problems of bypass, tampering and difficult check of a service side, namely, whether key operation is executed according to a fixed caliber is difficult to prove only by depending on a software calling sequence and a software log, and the abnormal path often lacks structural verifiable materials, so that the cloud can only make probabilistic judgment. In the prior art, although the digest can be signed through a security unit, if a service side can directly construct a material to be signed, bypass a gate control or tamper audit record, the signature can still be verified and the verification can still not be equivalent, and in addition, if a version caliber (policy/spec/rule/codec) lacks a trusted source and anti-rollback constraint, the consistency verification of cross-time and cross-equipment is difficult to guarantee. Therefore, an on-chip forced execution mechanism for engineering floor is needed, wherein a critical path is forced to pass through a controlled execution point, an audit anchor point field bound with a version caliber is automatically written in the controlled execution point, and a failure reason code and a critical step state code are output on an abnormal path, so that the end cloud can recheck the pass/fail under the same caliber. Disclosure of Invention Object of the invention The on-chip forced audit execution network scheme is provided, so that a service side can only enter key operation through a controlled interface, and a recheckable and verifiable evidence material is generated in both a pass/fail path. (II) technical scheme The invention provides a method for generating on-chip forced audit execution network and recheckable credentials, which is executed by a vehicle-mounted terminal comprising a processor, a memory, a communication module and a safety component, wherein the safety component comprises a safety unit, SE (secure element) or a trusted execution environment, as shown (schematic) in figure 2, and comprises the following steps: 1) Normalized coding, namely performing normalized coding on service input according to a field set and coding rules cited by spec_ver, and generating a material abstract to be protected; 2) Gating checking, namely performing checking according to gating parameters referenced by a policy_ver in a controlled execution path, and outputting permission/prohibition and reason information; 3) When the gate passes, only the security component is triggered by the protected calling interface or the hardware state machine to execute the integrity protection operation on the abstract of the material to be protected, so as to generate the service credential; 4) When the gate control fails or the key step is abnormal, writing failure_backup and step_code in an abnormal path to generate an abnormal audit record, and triggering a security component to execute integrity protection operation on the audit abstract to generate an audit certificate; 5) Idempotent closed loop, namely constructing EVIDENCEID based on a business certificate or an audit certificate, reporting to a server, and checking EVIDENCEID for duplicate and signature and rechecking according to caliber referenced by policy_ver/spec_ver by the server to output OK, OK_DUP or REJECT receipt. In some embodiments, the policy_ver/spec_ver (and optionally rule_ver/codec_ver) is written as a "caliber anchor" into an audit record or credential, enabling the rechecker to recalculate and check key fields without relying on terminal implementation details. (III) beneficial effects Compared with the prior art, the invention has at least the following technical effects: 1) The key path is difficult to bypass by the service side through the controlled execution point and the protected interface on the chip; 2) The two paths of pass and fail can be rechecked through version caliber binding and the auditable certificate; 3) Through the structured writing of failure_reflection and step_code, the exception has engineering observability and provability; 4) And by means of rollback prevention and trusted version source constraint, the cross-equipment and cross-time consistent re-verification capability is improved. Drawings For the purpose of illustrating the technical solutions of the invention, the drawings are for illustrative purposes and equivalent substitutions can be made by those skill