Scalable authentication for trusted execution environments

An execution environment and authentication technology, applied in user identity/authority verification, secure communication devices, instruments, etc., can solve problems such as no operating system protection, inability to access memory, etc.

Pending Publication Date: 2022-06-24
INTEL CORP
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Applications running at a lower privilege level are restricted to access memory within the scope defined by the operating system, and cannot access the memory of other applications or the operating system
However, applications are not protected against malicious or compromised operating systems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Scalable authentication for trusted execution environments
  • Scalable authentication for trusted execution environments
  • Scalable authentication for trusted execution environments

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0089]Example 1 is a system for providing remote attestation of a trusted execution environment (TEE), the system comprising: at least one processor; a network interface operatively coupled to the processor; and coupled to the at least one processor to a memory storing instructions that, when executed by the processor, cause the at least one processor to perform operations comprising: creating a first TEE for a first function; creating a second TEE for a second function; providing a gateway for remote access to the first function; receiving a request from a client device via the network interface to verify the integrity of the second TEE; and in response to the request: executing the first function for all generating authentication data by the second TEE; and providing the authentication data to the client device via the network interface.

[0090] In example 2, the subject matter of example 1 includes, wherein generating the attestation data for the second TEE includes genera...

example 11

[0099] Example 11 is a method of providing remote attestation of a trusted execution environment (TEE), the method comprising: creating, by a processor, a first TEE for a first function; creating, by the processor, a second TEE for a second function; the processor provides a gateway for remote access to the first function; receives a request from a client device via a network interface to verify the integrity of the second TEE; in response to the request: performing the processing by the processor; generating authentication data for the second TEE by the first function; and providing the authentication data to the client device via the network interface.

[0100] In Example 12, the subject matter of Example 11 includes, wherein generating the attestation data for the second TEE includes generating a signature structure from within the second TEE, the signature structure including an identity of the second TEE , attributes of the second TEE, and a message authentication code (M...

example 21

[0109] Example 21 is a non-transitory computer-readable medium having instructions for causing at least one processor to provide remote attestation of a Trusted Execution Environment (TEE) by performing operations comprising: creating a first function for a first function. a TEE; creating a second TEE for a second function; providing a gateway for remote access to the first function; receiving a request from a client device via a network interface to verify the integrity of the second TEE; responding to the request : executing the first function to generate authentication data for the second TEE; and providing the authentication data to the client device via the network interface.

[0110] In Example 22, the subject matter of Example 21 includes, wherein generating the attestation data for the second TEE includes generating a signature structure from within the second TEE, the signature structure including an identity of the second TEE , attributes of the second TEE, and a mes...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to scalable authentication for trusted execution environments. In a function as a service (FaaS) environment, a client utilizes a function executing within a trusted execution environment (TEE) on a FaaS server. A plurality of tenants of the FaaS platform may provide a function to be executed by the FaaS platform via a gateway. Each tenant may provide code and data for any number of functions for execution within any number of TEEs on the FaaS platform and access via the gateway. In addition, each tenant may provide code and data for a single proxy authenticator TEE. A client device of a tenant uses a proxy authenticator TEE to authenticate each other TEE of the tenant and establish trust with functions in the TEEs. Once these functions have been authenticated, the client device believes that other TEEs of the tenant are running on the same platform as the gateway.

Description

technical field [0001] The subject matter disclosed herein relates generally to hardware trusted execution environments (TEEs). In particular, the present disclosure is directed to systems and methods for scalable authentication and orchestration of functions in TEEs. Background technique [0002] Hardware permission levels may be used by the processor to restrict memory access by applications running on the device. The operating system runs at a higher privilege level and has access to all of the device's memory and defines memory ranges for other applications. Applications running at lower privilege levels are restricted from accessing memory within the scope defined by the operating system, and cannot access the memory of other applications or operating systems. However, applications are not protected against malicious or compromised operating systems. [0003] Enclaves are enabled by processor protections that ensure that code and data loaded inside the enclave are pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L67/60H04L9/32G06F21/72G06F21/60G06F21/53
CPCH04L63/08H04L9/3247G06F21/53G06F21/72G06F21/602H04L9/0897H04L9/3242G06F21/57H04L9/321
Inventor 安乔·卢卡斯·瓦尔迪克-奥伯瓦格纳拉维·L·萨希塔蒙纳·维吉迪尔·李夏海东拉梅什库马尔·拉利卡尔塞缪尔·奥尔蒂斯克什蒂·阿伦·多西穆拉德·谢尔法维安杰伊·库里亚塔吴竹如
Owner INTEL CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap