A fast authentication method and system for a trusted execution environment

Abstract

The present invention provides a fast authentication method and system for a trusted execution environment, with reasonable design, fast authentication speed for enclave, low calculation overhead, and rapid establishment of a trusted communication channel. The method includes, when the trusted execution environment is initialized, the proxy enclave receives the authentication request from the service provider, and pre-generates and obtains its own authentication report; and the subordinate enclaves managed by the proxy enclave initiate the authentication request in sequence, according to the preset authentication request. If all subordinate enclaves pass the authentication, establish a secure communication channel between the agent enclave and the subordinate enclaves it manages, otherwise stop the initialization; after the initialization is completed, receive the user service request and send it to the The user sends the pre-generated authentication report of the proxy enclave corresponding to the service request; and after interactive authentication with the user, encrypts the communication content, establishes a trusted communication channel between the user and the proxy enclave and the subordinate enclaves it manages, and completes the trusted execution Fast certification of the environment.

Description

technical field [0001] The invention relates to an authentication method in an Internet environment, in particular to a fast authentication method and system in a trusted execution environment. Background technique [0002] With the rapid development of the Internet industry and computers, our lives are inseparable from computers. Computer security and data privacy have always been hot topics in academia and industry. Especially in the Internet environment, network services have major security problems. On the one hand, data providers are worried that service providers will collect their own private data, and on the other hand, they are worried that the platforms of service providers are controlled by attackers. [0003] The SGX technology proposed by Intel in 2013 is a technology that aims to solve the above-mentioned secure remote computing problem through remote trusted hardware. Based on processor hardware, SGX provides authentication, isolated execution and sealing f...

AI Technical Summary

Problems solved by technology

[0010] However, the existing remote authentication mainly has two bottlenecks: one is that the enclave cannot be reused well, and frequent authentication is required to establish trust, which is not conducive to the application to process multiple user requests at the same time, and does not meet the high requirements of cloud services. Throughput requirements

2. The one-time authentication process itself is a very time-consuming work, the process is complicated, and the overhead is relatively large, which may even exceed the actual calculation overhead.

Brutally authenticating every enclave an application contains would impose a huge overhead on the user

Images