Search

CN-122027276-A - Method and system for preventing privacy disclosure and traceable code scanning based on trusted execution environment

CN122027276ACN 122027276 ACN122027276 ACN 122027276ACN-122027276-A

Abstract

The invention discloses a traceable code scanning method and a traceable code scanning system for preventing privacy leakage based on a trusted execution environment, and belongs to the technical field of mobile internet security. The method comprises the steps of generating and issuing a special two-dimensional code, wherein a security gateway address and a scene identifier are encoded in the two-dimensional code, after user equipment scans the code, extracting encryption characteristic information in a local trusted execution environment through a client security module, establishing an encryption channel, sending the encryption characteristic information and the scene identifier to the security gateway through the encryption channel, receiving information by a cloud trusted execution environment service module, performing decryption and business processing in a secure enclave of the cloud trusted execution environment service module, generating a tracing storage certificate, automatically triggering an intelligent contract, writing tracing storage certificate and a data use event into a blockchain, returning a business processing result to a merchant system, and performing tracing inquiry by the user equipment. The invention realizes privacy zero leakage in the code scanning process and full-link credible tracing of data use based on the TEE and blockchain technology, thereby improving safety compliance.

Inventors

  • HAN DENGHAI
  • HAN ZHENGLIN

Assignees

  • 江苏润海科星物联网科技有限公司

Dates

Publication Date
20260512
Application Date
20260209

Claims (10)

  1. 1. A traceable code scanning method for preventing privacy disclosure based on a trusted execution environment is characterized by comprising the following steps: The method comprises the steps that 1, a merchant system generates and transmits a special two-dimensional code, wherein a security gateway address and a scene identifier are encoded in the two-dimensional code; step 2, after the user equipment scans the codes, extracting encryption characteristic information from a local trusted execution environment through a client security module; Step 3, establishing an encryption channel, and transmitting the encryption characteristic information and the scene identification to a security gateway through the encryption channel; Step 4, the cloud trusted execution environment service module receives the information and performs decryption and business processing in the safe enclave; Step 5, generating a tracing stock certificate, automatically triggering an intelligent contract, and writing the tracing stock certificate and the data using event into a block chain; Step 6, when the code scanning data are quoted by a third party and generate benefits, the cloud trusted execution environment service module generates encrypted short messages and pushes the encrypted short messages to user equipment; Step 7, the user equipment decrypts the short message in the local trusted execution environment, and the user selects to get the red packet or cancel the data use authorization through the user equipment; step 8, returning the business processing result to the merchant system; and 9, the user performs tracing inquiry through the user equipment.
  2. 2. The method for preventing privacy disclosure and tracing code scanning based on trusted execution environment as claimed in claim 1, wherein in step 1, the special two-dimensional code further comprises a timestamp, a random number and a digital signature generated based on a merchant private key.
  3. 3. The method for traceable code scanning of privacy disclosure prevention based on trusted execution environment according to claim 1, wherein in step 2, the encryption characteristic information is an irreversible anonymous token generated in the local trusted execution environment of the user equipment based on the user mobile phone number, the device hardware key or the biological feature.
  4. 4. The method for tracing the code based on the trusted execution environment and preventing privacy disclosure of claim 1, wherein in step 5, the tracing stock comprises a data hash value, a user identifier, a use timestamp, a use destination scene identifier, and a cloud trusted execution environment remote proof report.
  5. 5. The method for traceable code scanning of privacy disclosure prevention based on trusted execution environment according to claim 1, wherein in step 6, the encrypted short message contains data usage benefit credentials, and encryption is performed by using a public key of the user equipment, so that decryption is only supported in the local trusted execution environment of the user equipment.
  6. 6. The method for preventing privacy disclosure and tracing code scanning based on trusted execution environment as claimed in claim 1, wherein in step 8, the service processing result is desensitized status information, and no data capable of tracing to the personal identity of the user is included.
  7. 7. The utility model provides a prevent traceability and sweep a yard system about revealing based on trusted execution environment, is applied to the traceability and sweep a yard method about revealing based on trusted execution environment of any one of claims 1-6, characterized by including: The special two-dimensional code generation module is used for generating and distributing special two-dimensional codes; the client security module is used for calling a local trusted execution environment of the user equipment, and comprises: a TEE call unit for generating encryption feature information within the secure enclave; the authorization management unit is used for decrypting the short message in the TEE environment and executing a user instruction; the trusted execution environment service module of high in the clouds, it includes: A service processing unit for executing decryption and service logic within the secure enclave; The data asset feedback unit is used for monitoring third party data reference and generating an encrypted short message; and the blockchain tracing evidence storage module is used for generating tracing evidence storage, automatically triggering the intelligent contract and writing the tracing evidence storage and the data use event into the blockchain.
  8. 8. The traceable privacy disclosure-preventing code scanning system based on a trusted execution environment according to claim 7, wherein the client security module is connected with the cloud trusted execution environment service module through a security gateway and is configured to send encrypted feature information to the cloud trusted execution environment service module.
  9. 9. The privacy disclosure-preventing traceable code scanning system based on a trusted execution environment according to claim 7, wherein the special two-dimensional code generation module is deployed inside a merchant system, and the client security module is arranged inside the user equipment.
  10. 10. The privacy disclosure-resistant traceable code scanning system based on a trusted execution environment of claim 7, wherein the data asset feedback unit comprises: the profit event monitoring subunit is used for detecting the profit generated by the third party data reference in real time; the short message generation subunit is used for constructing structured data containing the income amount, the third party identifier and the authorization time limit; and the encryption engine is used for encrypting and generating the short message ciphertext by using the public key of the user equipment.

Description

Method and system for preventing privacy disclosure and traceable code scanning based on trusted execution environment Technical Field The invention relates to the technical field of mobile internet security, in particular to a method and a system for preventing privacy disclosure and tracing code based on a trusted execution environment. Background With the popularization of mobile payment, consumer scanning merchant two-dimensional codes has become a daily activity. However, the existing code scanning technology has serious security and privacy defects: 1. The privacy disclosure risk is that after the consumer scans the two-dimensional code, the equipment information (such as the mobile phone number, the equipment ID, the position and the like) of the two-dimensional code can be directly exposed to a merchant background system. Bad merchants can easily collect, resell, or misuse this information. 2. Data abuse is not traceable-once the data is acquired by the merchant, the consumer is completely unaware and control of how it is subsequently used, shared or compromised. The data is used as an asset, the circulation process is opaque, and the traceability of the data security responsibility cannot be realized. 3. And the profit distribution lack position is that a third party generates profit by referring to code scanning data, an automatic mechanism for feeding back the profit to a data main body (user) is lacking, and the user cannot exercise the profit right of the data asset. 4. The technical means is behind, in the prior art, simple encryption or desensitization is carried out at an application layer, but data is still processed at a merchant server in a plaintext form after decryption, and once the server is broken or internal personnel are disliked, the data is leaked. In view of the above, there is a need for a method and a system for preventing privacy disclosure and tracing code based on trusted execution environment, which solve the above problems of the conventional method. Disclosure of Invention The invention aims to provide a method and a system for tracing code scanning for preventing privacy leakage based on a trusted execution environment, which realize zero privacy leakage in the code scanning process and full link trusted tracing of data use based on a TEE and blockchain technology, thereby improving safety compliance. In order to achieve the above purpose, the technical scheme adopted by the invention is as follows: a traceable code scanning method for preventing privacy disclosure based on a trusted execution environment comprises the following steps: The method comprises the steps that 1, a merchant system generates and transmits a special two-dimensional code, wherein a security gateway address and a scene identifier are encoded in the two-dimensional code; step 2, after the user equipment scans the codes, extracting encryption characteristic information from a local trusted execution environment through a client security module; Step 3, establishing an encryption channel, and transmitting the encryption characteristic information and the scene identification to a security gateway through the encryption channel; Step 4, the cloud trusted execution environment service module receives the information and performs decryption and business processing in the safe enclave; Step 5, generating a tracing stock certificate, automatically triggering an intelligent contract, and writing the tracing stock certificate and the data using event into a block chain; Step 6, when the code scanning data are quoted by a third party and generate benefits, the cloud trusted execution environment service module generates encrypted short messages and pushes the encrypted short messages to user equipment; Step 7, the user equipment decrypts the short message in the local trusted execution environment, and the user selects to get the red packet or cancel the data use authorization through the user equipment; step 8, returning the business processing result to the merchant system; and 9, the user performs tracing inquiry through the user equipment. Further, in step 1, the special two-dimensional code further includes a time stamp, a random number, and a digital signature generated based on a merchant private key Further, in step 2, the encryption feature information is an irreversible anonymous token generated in a local trusted execution environment of the user equipment based on a user mobile phone number, a device hardware key or a biometric feature. Further, in step 5, the traceability certificate includes a data hash value, a user identifier, a use timestamp, a use destination scene identifier, and a cloud trusted execution environment remote certificate report. Further, in step 6, the encrypted short message includes a data usage benefit credential encrypted by a public key of the user equipment, and only decryption in a trusted execution environment local to the user equipment is supported. Further, in st