Unlock instant, AI-driven research and patent intelligence for your innovation.

Node and method for secure server communication

A node, trusted technology, applied in the field of communication, can solve problems such as inability to change logic, data confidentiality, inability to access application data, code immutability, etc.

Active Publication Date: 2021-08-13
HUAWEI CLOUD COMPUTING TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] 1. Code immutability - the logic of the protected application cannot be changed
[0004] 2. Data confidentiality - no access to application data
The main disadvantage of this approach is that not only does the client's TLS stack need to be changed to support this extension, but said extension also needs to be updated when the authentication protocol is changed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Node and method for secure server communication
  • Node and method for secure server communication
  • Node and method for secure server communication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] figure 1The node 100 provided by the embodiment of the present invention is shown. Said node 100 is adapted to enable a client node to access a trusted service provided by another node in the network, said node 100 comprising two units. The first unit 101 is used to sign a certificate to prove the ownership of the public key, wherein the public key is owned by the enclave of the trusted execution environment (trusted execution environment, TEE) in the other node, and the to-be-executed user Code for providing the trusted service to the client node is protected in the enclave. The second unit 102 is configured to make the signing certificate available to said client node. The certificate may be a certificate provided by an enclave running in the other node to the first unit 101 of the node to prove that the enclave is certified for a web domain (eg, example.com) part, wherein the web domain is a web domain that the client node wishes to access securely without exposin...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention provides a node (100) which is suitable for allowing a client node to access a trusted service provided by another node in a network and comprises two units. The first unit (101) is configured to sign a certificate to certify the ownership of a public key, wherein the public key is owned by an enclave of a TEE (trusted execution environment), in the another node and a code to be executed for providing the trusted service to the client node is protected in the enclave. The second unit (102) is configured to make the signed certificate available to the client node. The certificate may be a certificate, which an enclave running in the another node provides to the node's first unit (101) to demonstrate that it is an authentic part of a web domain (e.g. example.com) which a client node wants to securely access without risking to expose sensitive data to a man-in-the-middle purporting to be the trusted service.

Description

technical field [0001] The invention relates to the communication field, and relates to a node and a method for safely communicating with a server in the network. Background technique [0002] A Trusted Execution Environment (TEE), such as Intel's Software Guard Extensions (SGX) technology or AMD's Secure Memory Encryption (SME), is a secure area inside the main processor that ensures Applications running in this security zone have the following properties: [0003] 1. Code immutability - the logic of the protected application cannot be changed [0004] 2. Data confidentiality - no access to application data [0005] 3. Authenticity - The protected application is able to prove to a third party that the application is communicating its identity, ie that the application is indeed a specific program running in the TEE. [0006] SGX performs authentication according to a dedicated protocol, according to which protected code (enclave) generates signed reports. The reports typ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/60
CPCH04L63/0823H04L63/126G06F21/602
Inventor 丹·图伊图纳尔·什洛莫阿维盖尔·奥兰
Owner HUAWEI CLOUD COMPUTING TECH CO LTD