SG11201905458WA - Addressing a trusted execution environment using signing key - Google Patents

Addressing a trusted execution environment using signing key

Info

Publication number
SG11201905458WA
SG11201905458WA SG11201905458WA SG11201905458WA SG11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA
Authority
SG
Singapore
Prior art keywords
international
protected data
requestor
microsoft
key
Prior art date
Application number
SG11201905458WA
Inventor
Mark Novak
Original Assignee
Microsoft Technology Licensing Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing Llc filed Critical Microsoft Technology Licensing Llc
Publication of SG11201905458WA publication Critical patent/SG11201905458WA/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect

Abstract

ServerSide Client Side 110 Authentication and secure channel establishment 125 Key Management System 115 Request 130 Secret(s) 135 Requestor 120 FIG. 1A (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 02 August 2018 (02.08.2018) WIPO I PCT onion °nolo olomollm olomoilowo oimIE (10) International Publication Number WO 2018/140170 Al (51) International Patent Classification: GOOF 21/74 (2013.01) H04L 9/08 (2006.01) GOOF 21/60 (2013.01) (21) International Application Number: PCT/US2017/067461 (22) International Filing Date: 20 December 2017 (20.12.2017) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 15/417,042 26 January 2017 (26.01.2017) US (71) Applicant: MICROSOFT TECHNOLOGY LI- CENSING, LLC [US/US]; One Microsoft Way, Redmond, Washington 98052-6399 (US). (72) Inventor: NOVAK, Mark, F.; Microsoft Technology Li- censing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). (74) Agent: MINHAS, Sandip, S. et al.; Microsoft Technolo- gy Licensing, LLC, One Microsoft Way, Redmond, WA 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (54) Title: ADDRESSING A TRUSTED EXECUTION ENVIRONMENT USING SIGNING KEY ,c --100a (57) : Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environ- ment (TrEE) associated with an untrusted requestor. The nested TrEE may include a trustlet running on top of secure kernel. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, an attestation statement of the secure kernel, and a key certification statement. The key certification statement may bind a trustlet public encryption key and a trustlet ID. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the trustlet public encryption key. The targeting protocol head may then send the encrypted protected data to the requestor. [Continued on next page] WO 2018/140170 Al MIDEDIMOMMIDIREEMOMOIOMOIRMEMOVOIMIE (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(ii)) as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.17(iii)) Published: — with international search report (Art. 21(3))
SG11201905458WA 2017-01-26 2017-12-20 Addressing a trusted execution environment using signing key SG11201905458WA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/417,042 US10419402B2 (en) 2017-01-26 2017-01-26 Addressing a trusted execution environment using signing key
PCT/US2017/067461 WO2018140170A1 (en) 2017-01-26 2017-12-20 Addressing a trusted execution environment using signing key

Publications (1)

Publication Number Publication Date
SG11201905458WA true SG11201905458WA (en) 2019-08-27

Family

ID=60991591

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201905458WA SG11201905458WA (en) 2017-01-26 2017-12-20 Addressing a trusted execution environment using signing key

Country Status (17)

Country Link
US (1) US10419402B2 (en)
EP (1) EP3574443A1 (en)
JP (1) JP2020506611A (en)
KR (1) KR102489790B1 (en)
CN (1) CN110249336B (en)
AU (1) AU2017396531B2 (en)
BR (1) BR112019013584A2 (en)
CA (1) CA3048895A1 (en)
CL (1) CL2019002026A1 (en)
CO (1) CO2019007875A2 (en)
IL (1) IL268005B (en)
MX (1) MX2019008693A (en)
PH (1) PH12019550119A1 (en)
RU (1) RU2756040C2 (en)
SG (1) SG11201905458WA (en)
WO (1) WO2018140170A1 (en)
ZA (1) ZA201903702B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BR112015026372B8 (en) * 2013-04-18 2024-02-15 Facecon Co Ltd Communication device that enforces security for a file stored on a virtual drive
US10897459B2 (en) 2017-01-26 2021-01-19 Microsoft Technology Licensing, Llc Addressing a trusted execution environment using encryption key
US10972265B2 (en) * 2017-01-26 2021-04-06 Microsoft Technology Licensing, Llc Addressing a trusted execution environment
US10897360B2 (en) 2017-01-26 2021-01-19 Microsoft Technology Licensing, Llc Addressing a trusted execution environment using clean room provisioning
US10515077B2 (en) * 2017-06-14 2019-12-24 Microsoft Technology Licensing, Llc Execution optimization of database statements involving encrypted data
US10771439B2 (en) * 2017-06-28 2020-09-08 Microsoft Technology Licensing, Llc Shielded networks for virtual machines
WO2020140257A1 (en) * 2019-01-04 2020-07-09 Baidu.Com Times Technology (Beijing) Co., Ltd. Method and system for validating kernel objects to be executed by a data processing accelerator of a host system
CN110998581A (en) 2019-03-26 2020-04-10 阿里巴巴集团控股有限公司 Program execution and data attestation scheme using multiple key pairs for signatures
US11610012B1 (en) * 2019-11-26 2023-03-21 Gobeep, Inc. Systems and processes for providing secure client controlled and managed exchange of data between parties
CN113254940B (en) * 2021-05-20 2023-01-17 浙江网商银行股份有限公司 Data processing method and device based on remote sensing data
CN114036527B (en) * 2021-11-04 2023-01-31 云海链控股股份有限公司 Code injection method, code running end, code injection end and related equipment
CN115065487B (en) * 2022-08-17 2022-12-09 北京锘崴信息科技有限公司 Privacy protection cloud computing method and cloud computing method for protecting financial privacy data

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7437771B2 (en) * 2004-04-19 2008-10-14 Woodcock Washburn Llp Rendering protected digital content within a network of computing devices or the like
US8059820B2 (en) * 2007-10-11 2011-11-15 Microsoft Corporation Multi-factor content protection
CN101159556B (en) * 2007-11-09 2011-01-26 清华大学 Group key server based key management method in sharing encryption file system
WO2012122994A1 (en) * 2011-03-11 2012-09-20 Kreft Heinz Off-line transfer of electronic tokens between peer-devices
WO2012160760A1 (en) * 2011-05-25 2012-11-29 パナソニック株式会社 Information processing device and information processing method
US9413538B2 (en) * 2011-12-12 2016-08-09 Microsoft Technology Licensing, Llc Cryptographic certification of secure hosted execution environments
EP2820587B1 (en) * 2012-02-28 2020-04-08 Giesecke+Devrient Mobile Security GmbH Method for controlling access to a computer using a mobile terminal
EP2680487B1 (en) * 2012-06-29 2019-04-10 Orange Secured cloud data storage, distribution and restoration among multiple devices of a user
US9064109B2 (en) * 2012-12-20 2015-06-23 Intel Corporation Privacy enhanced key management for a web service provider using a converged security engine
EP2759955A1 (en) * 2013-01-28 2014-07-30 ST-Ericsson SA Secure backup and restore of protected storage
KR101687275B1 (en) * 2013-03-14 2016-12-16 인텔 코포레이션 Trusted data processing in the public cloud
EP3036680B1 (en) 2013-08-21 2018-07-18 Intel Corporation Processing data privately in the cloud
US9633210B2 (en) * 2013-09-13 2017-04-25 Microsoft Technology Licensing, Llc Keying infrastructure
US9852299B2 (en) * 2013-09-27 2017-12-26 Intel Corporation Protection scheme for remotely-stored data
EP2887607A1 (en) * 2013-12-23 2015-06-24 Orange Migration of assets of a trusted execution environment
US9652631B2 (en) * 2014-05-05 2017-05-16 Microsoft Technology Licensing, Llc Secure transport of encrypted virtual machines with continuous owner access
GB201408539D0 (en) * 2014-05-14 2014-06-25 Mastercard International Inc Improvements in mobile payment systems
US9775029B2 (en) * 2014-08-22 2017-09-26 Visa International Service Association Embedding cloud-based functionalities in a communication device
US9621547B2 (en) * 2014-12-22 2017-04-11 Mcafee, Inc. Trust establishment between a trusted execution environment and peripheral devices
CN105812332A (en) * 2014-12-31 2016-07-27 北京握奇智能科技有限公司 Data protection method
US9722775B2 (en) * 2015-02-27 2017-08-01 Verizon Patent And Licensing Inc. Network services via trusted execution environment
US10073985B2 (en) * 2015-02-27 2018-09-11 Samsung Electronics Co., Ltd. Apparatus and method for trusted execution environment file protection
CN104899506B (en) * 2015-05-08 2018-01-12 深圳市雪球科技有限公司 Security system implementation method based on virtual secure element in credible performing environment
WO2017004447A1 (en) * 2015-06-30 2017-01-05 Activevideo Networks, Inc. Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients
CN105260663B (en) * 2015-09-15 2017-12-01 中国科学院信息工程研究所 A kind of safe storage service system and method based on TrustZone technologies
CN109150548B (en) * 2015-12-01 2021-10-08 神州融安科技(北京)有限公司 Digital certificate signing and signature checking method and system and digital certificate system
CN105978917B (en) * 2016-07-19 2019-05-10 恒宝股份有限公司 A kind of system and method for trusted application safety certification
CN106230584B (en) * 2016-07-21 2019-09-03 北京可信华泰信息技术有限公司 A kind of key migration method of credible platform control module

Also Published As

Publication number Publication date
AU2017396531B2 (en) 2021-11-25
CL2019002026A1 (en) 2019-12-13
NZ754540A (en) 2023-08-25
CN110249336B (en) 2023-05-30
RU2756040C2 (en) 2021-09-24
RU2019126631A3 (en) 2021-04-08
CN110249336A (en) 2019-09-17
IL268005A (en) 2019-09-26
IL268005B (en) 2022-03-01
US20180212932A1 (en) 2018-07-26
PH12019550119A1 (en) 2020-03-09
KR20190108580A (en) 2019-09-24
US10419402B2 (en) 2019-09-17
CA3048895A1 (en) 2018-08-02
KR102489790B1 (en) 2023-01-17
MX2019008693A (en) 2019-09-11
JP2020506611A (en) 2020-02-27
BR112019013584A2 (en) 2020-01-07
CO2019007875A2 (en) 2019-07-31
ZA201903702B (en) 2020-10-28
AU2017396531A1 (en) 2019-07-04
WO2018140170A1 (en) 2018-08-02
RU2019126631A (en) 2021-02-26
EP3574443A1 (en) 2019-12-04

Similar Documents

Publication Publication Date Title
SG11201905456UA (en) Addressing a trusted execution environment using encryption key
SG11201905458WA (en) Addressing a trusted execution environment using signing key
SG11201903459UA (en) Sharing protection for a screen sharing experience
SG11201806702XA (en) Personal device security using elliptic curve cryptography for secret sharing
SG11201804361YA (en) Method for managing a trusted identity
SG11201907320YA (en) Trusted login method, server, and system
SG11201905460SA (en) Data unsealing with a sealing enclave
SG11201910054WA (en) Securely executing smart contract operations in a trusted execution environment
SG11201804697PA (en) Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography
SG11201804190YA (en) Method and system for blockchain variant using digital signatures
SG11201809963XA (en) Application framework using blockchain-based asset ownership
SG11201808929PA (en) Systems and methods for secure storage of user information in a user profile
SG11201803388YA (en) Key exchange through partially trusted third party
SG11201806709PA (en) Universal tokenisation system for blockchain-based cryptocurrencies
SG11201905461VA (en) Data sealing with a sealing enclave
SG11201903566XA (en) Regulating blockchain confidential transactions
SG11201811007TA (en) Blockchain-implemented method and system
SG11201809117QA (en) Operating system for blockchain iot devices
SG11201905463TA (en) Abstract enclave identity
SG11201901550WA (en) Method and apparatus for data processing
SG11201907394UA (en) Two-dimensional code generation method and device, and two-dimensional code recognition method and device
SG11201903276VA (en) Virtual reality identity verification
SG11201905462WA (en) Cross-platform enclave identity
SG11201809872TA (en) Using hardware based secure isolated region to prevent piracy and cheating on electronic devices
SG11201807726QA (en) Multi-level communication encryption