{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數字化轉型是整個金融行業的命題。2020年12月25日,中國銀聯技術部總監祖立軍在openEuler Summit 2020 會議上發表了《金融數字化轉型:機密計算的理解與探索》的主題演講,分享了他作爲金融工作者和社區工作者的所見所聞。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"演講實錄如下"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國銀聯是交易額全球最大的銀行卡組織,目前銀聯的業務已經拓展到了179個國家,涵蓋了5600個商戶,總共發行了86億張卡。現在整個金融行業都在探索數字化轉型,中國銀聯也不例外,其目標是面向行業成爲金融數字化服務提供底座的技術平臺。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"金融科技的數字化轉型"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"針對金融數字化轉型,我認爲有兩點很重要:一是在強隱私保護的情況下,如何更好地實現挖掘數據的潛能,實現多場景的融合服務;二是融通業務的場景,通過物聯網技術能夠推動多模態,尤其是場景化、沉浸式的服務企業。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而實現這兩點最重要的就是金融科技的應用。金融科技的應用有兩大平臺,一個是金融雲平臺,第二是金融物聯網,這兩大平臺恰恰是操作系統openEuler一體兩翼的生態。金融雲提供多租戶、數據共享等服務,這就存在數據泄漏的問題。而在物聯網方面,由於物聯網金融服務終端是在開放環境下部署的,所以也存在開放環境中被惡意攻擊的情況。由此看來,無論是雲端還是物聯網端,金融科技的發展都需要一項新的技術去實現金融應用的安全與引擎計算的服務能力。我個人認爲機密計算可能是比較好的解決方案。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於此,我對未來技術趨勢發展有以下幾個判斷:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/77\/f4\/77a5ea68d3824a5da520630ff187f2f4.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"第一個判斷:機密計算應是操作系統的基礎安全能力"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"機密計算是通過基於硬件的可信執行環境(TEE)對使用中的數據進行保護。TEE被定義爲提供一定級別的數據完整性、數據機密性和代碼完整性保證的環境。目前蘋果或者華爲手機裏使用的指紋或者是人臉都是在TEE環境運行的。在這種情況下,我認爲未來TEE計算能力會像操作系統操作管理CPU、內存、網絡乃至存儲資源一樣,成爲操作系統的原生能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"第二個判斷:不同的機密計算軟硬件環境需要統一的接口"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於機密計算硬件架構的不同,所以我們需要一個統一的接口。而openEuler擁有統一機密計算框架,統一的API,統一的開發體驗,這使得我們一次開發就能夠兼容不同的軟硬件環境,使得我們擁有相應的統一服務企業。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"機密計算的能力規劃與應用"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"機密計算的能力規劃可以分爲三層:底層安全能力、中層可信服務、上層可信應用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"底層安全能力:包括應用安全系統、設備的安全系統、安全環境本身自檢的能力、安全存儲,相關的密鑰體系能力、基礎的密鑰的服務能力等等。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中層可信服務:包括可信設備的認證服務、可信TUI服務、可信時鐘\/位置服務、可信加解密服務等等。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"上層可信應用:包括手機POS、憑證服務、基於隱私計算的數據交互、可信數據處理與交互等等。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國銀聯電子支付研究院團隊加入了openEuler機密計算sig組,參與了secGear框架開發,聚焦國密套件計算服務能力的研發。今年,該項目組開源了第一個模塊,未來項目組希望所有的安全計算服務能力都能夠得到安全的保護,能夠得到安全的機密計算環境。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了規劃,我再和大家分享一個具體場景中的應用——充電樁支付。如果使用二維碼支付,現在很多充電樁都是露天的,太陽光很熱,二維碼顯示不清晰或者反光,使用體驗並不好;如果使用刷卡支付,充電站卡片不通用;如果使用ETC&車牌支付,會發現一個充電樁往往有幾個牆,至少兩個牆,發現停在A車位的車用B車位的樁充電,也存在逃費的情況或者不準確的情況。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於此,我們提出了一個解決方案,通過充電口去識別車架號信息,我們在充電樁側、雲端、服務器側全部採用機密能力,讓金融安全數據、物聯網數據都在機密的環境裏實現相應的數據保護和相應的計算,完成自動扣款。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"(以上內容由InfoQ編輯根據現場速記進行整理,未經本人確認)"}]}]}
金融數字化轉型:機密計算的理解與探索
{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"數字化轉型是整個金融行業的命題。2020年12月25日,中國銀聯技術部總監祖立軍在openEuler Summit 2020 會議上發表了《金融數字化轉型:機密計算的理解與探索》的主題演講,分享了他作爲金融工作者和社區工作者的所見所聞。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"演講實錄如下"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國銀聯是交易額全球最大的銀行卡組織,目前銀聯的業務已經拓展到了179個國家,涵蓋了5600個商戶,總共發行了86億張卡。現在整個金融行業都在探索數字化轉型,中國銀聯也不例外,其目標是面向行業成爲金融數字化服務提供底座的技術平臺。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"金融科技的數字化轉型"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"針對金融數字化轉型,我認爲有兩點很重要:一是在強隱私保護的情況下,如何更好地實現挖掘數據的潛能,實現多場景的融合服務;二是融通業務的場景,通過物聯網技術能夠推動多模態,尤其是場景化、沉浸式的服務企業。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"而實現這兩點最重要的就是金融科技的應用。金融科技的應用有兩大平臺,一個是金融雲平臺,第二是金融物聯網,這兩大平臺恰恰是操作系統openEuler一體兩翼的生態。金融雲提供多租戶、數據共享等服務,這就存在數據泄漏的問題。而在物聯網方面,由於物聯網金融服務終端是在開放環境下部署的,所以也存在開放環境中被惡意攻擊的情況。由此看來,無論是雲端還是物聯網端,金融科技的發展都需要一項新的技術去實現金融應用的安全與引擎計算的服務能力。我個人認爲機密計算可能是比較好的解決方案。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於此,我對未來技術趨勢發展有以下幾個判斷:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/77\/f4\/77a5ea68d3824a5da520630ff187f2f4.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"第一個判斷:機密計算應是操作系統的基礎安全能力"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"機密計算是通過基於硬件的可信執行環境(TEE)對使用中的數據進行保護。TEE被定義爲提供一定級別的數據完整性、數據機密性和代碼完整性保證的環境。目前蘋果或者華爲手機裏使用的指紋或者是人臉都是在TEE環境運行的。在這種情況下,我認爲未來TEE計算能力會像操作系統操作管理CPU、內存、網絡乃至存儲資源一樣,成爲操作系統的原生能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"第二個判斷:不同的機密計算軟硬件環境需要統一的接口"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由於機密計算硬件架構的不同,所以我們需要一個統一的接口。而openEuler擁有統一機密計算框架,統一的API,統一的開發體驗,這使得我們一次開發就能夠兼容不同的軟硬件環境,使得我們擁有相應的統一服務企業。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"機密計算的能力規劃與應用"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"機密計算的能力規劃可以分爲三層:底層安全能力、中層可信服務、上層可信應用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"底層安全能力:包括應用安全系統、設備的安全系統、安全環境本身自檢的能力、安全存儲,相關的密鑰體系能力、基礎的密鑰的服務能力等等。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中層可信服務:包括可信設備的認證服務、可信TUI服務、可信時鐘\/位置服務、可信加解密服務等等。"}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"上層可信應用:包括手機POS、憑證服務、基於隱私計算的數據交互、可信數據處理與交互等等。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"中國銀聯電子支付研究院團隊加入了openEuler機密計算sig組,參與了secGear框架開發,聚焦國密套件計算服務能力的研發。今年,該項目組開源了第一個模塊,未來項目組希望所有的安全計算服務能力都能夠得到安全的保護,能夠得到安全的機密計算環境。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"除了規劃,我再和大家分享一個具體場景中的應用——充電樁支付。如果使用二維碼支付,現在很多充電樁都是露天的,太陽光很熱,二維碼顯示不清晰或者反光,使用體驗並不好;如果使用刷卡支付,充電站卡片不通用;如果使用ETC&車牌支付,會發現一個充電樁往往有幾個牆,至少兩個牆,發現停在A車位的車用B車位的樁充電,也存在逃費的情況或者不準確的情況。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於此,我們提出了一個解決方案,通過充電口去識別車架號信息,我們在充電樁側、雲端、服務器側全部採用機密能力,讓金融安全數據、物聯網數據都在機密的環境裏實現相應的數據保護和相應的計算,完成自動扣款。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"(以上內容由InfoQ編輯根據現場速記進行整理,未經本人確認)"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
4場和Zabbix春日約會,“承包”四月天
在全國各地和Zabbix相遇互動,4月活動集錦,來約會吧! 時間 活動名稱 城市 4/20(週六) KCD雲原生社區日 上海 4/20(週六) OceanBase開發者大會