HyperEnclave 1.0, the first domestic financial-grade trust-creating TEE system developed by Ant Group, has recently passed the certification of the Beijing National Fintech Certification Center. TEE functions (CA and TA interaction, data storage, encryption and decryption algorithms, etc.), TEE security (Hardware security, system software layer security, etc.) All 47 projects passed the test and reached the functional and security standards of financial-grade products.
Picture: HyperEnclave1.0 passed the certification of Beijing National Financial Technology Certification Center
Trusted Execution Environment (TEE) is a hardware-based Secure computing technology that implements memory isolation safely can achieve privacy protection while ensuring data computing efficiency, and is one of the mainstream technology routes for privacy computing.
The mainstream TEE products currently on the market, such as ARM's TrustZone and Intel's SGX (Software Guard Extensions), have problems such as binding to specific hardware platforms, poor versatility, and difficulty in developing TEE applications.
In order to promote domestic TEE technology and accelerate the implementation of privacy computing technology, Ant Group has developed the Xinchuang TEE solution HyperEnclave based on the domestic Haiguang CPU and the root of trust built in the China Financial Certification Center (CFCA) to provide TEE applications With complete security protection capabilities such as isolated execution, remote attestation, memory encryption, and data sealing, it is the industry's first TEE implementation solution that is compatible with various architectures and tool chains. Combined with independent hardware, it can meet the requirements of the Xinchuang TEE platform.
In terms of technological advancement, product functions and performance, HyperEnclave provides leading domestic TEE solutions for various privacy computing scenarios. During the 2021 World Internet Conference, Ant Group released the industry's first commercial product, the Moss All-in-one privacy computing product. As an integrated form of the HyperEnclave function, it combines self-developed chips, hardware, and software to realize the integration of privacy computing software and hardware. solutions. Previously, Ant Group's privacy computing all-in-one machine passed the evaluation of the Shenzhen National Financial Technology Evaluation Center and the China Academy of Information and Communications Technology's Taier Laboratory, and obtained "dual certification" for application scenarios in the information communications and financial industries. HyperEnclave also has mature applications in Ant Chain smart contracts, assisting online merchant banks in data fusion with external partner institutions, and other scenarios to help secure data circulation.
Picture: Privacy computing all-in-one product commercial product Moss all-in-one machine
Ant Group began to lay out privacy computing technology in 2016, in terms of key TEE technologies There are also successful experiences.
For example, Ant Group’s open source Occlum TEE OS is an official project of the Confidential Computing Consortium (CCC) founded by leading technology companies such as Google, IBM, Alibaba, and Baidu. It is also the latest version of the Intel SGX platform. Popular TEE OS. Occlum was also selected into the 2021 "Science and Technology China" open source innovation list, and is the only product in the list that focuses on the field of privacy computing.
In terms of industry co-construction, Ant Group has led a number of TEE international standards, such as the IEEE "TEE-based secure computing" international standard, and participated in the TEE industry standards and group standards led by China Academy of Information and Communications Technology. Many academic papers of HyperEnclave TEE have been included in top international academic conferences, such as USENIX ATC'22, the top conference in the field of computer systems, and have been recognized by the academic community.
At present, Ant Group will further expand TEE capabilities from CPU to accelerators GPU, FPGA, etc., support big data applications (such as Spark, etc.), and launch a turnkey solution combined with Ant Privacy Computing All-in-One to further improve security. , lowering the development threshold.
The above is the detailed content of Domestic self-developed privacy computing TEE technology has passed financial technology product certification, and Ant Group leads the research and development. For more information, please follow other related articles on the PHP Chinese website!