Abstract

A new method for trusted data decryption is disclosed. A data user provides a public key Pk of an encryption key generation algorithm G. A data provider calculates an encryption key K based on an application A, a device C, and a token T by using G, encrypts a data set D by using K, encrypts G by using Pk to obtain Ge, and transmits ED and Ge to the data user. The data user can obtain a private key generation algorithm G′ by using a locally stored private key Ps, and measures, in a trusted execution environment, the application A and the device C that request data to obtain MA′ and CID′, calculates an encryption key K′ based on MA′, CID′ and a user-input token T by using G′, and decrypts ED by using K′. If K′=K, the decryption succeeds, and data D is obtained; otherwise, the decryption fails.