SG11201905458WA - Addressing a trusted execution environment using signing key - Google Patents
Addressing a trusted execution environment using signing keyInfo
- Publication number
- SG11201905458WA SG11201905458WA SG11201905458WA SG11201905458WA SG11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA SG 11201905458W A SG11201905458W A SG 11201905458WA
- Authority
- SG
- Singapore
- Prior art keywords
- international
- protected data
- requestor
- microsoft
- key
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2105—Dual mode as a secondary aspect
Abstract
ServerSide Client Side 110 Authentication and secure channel establishment 125 Key Management System 115 Request 130 Secret(s) 135 Requestor 120 FIG. 1A (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 02 August 2018 (02.08.2018) WIPO I PCT onion °nolo olomollm olomoilowo oimIE (10) International Publication Number WO 2018/140170 Al (51) International Patent Classification: GOOF 21/74 (2013.01) H04L 9/08 (2006.01) GOOF 21/60 (2013.01) (21) International Application Number: PCT/US2017/067461 (22) International Filing Date: 20 December 2017 (20.12.2017) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 15/417,042 26 January 2017 (26.01.2017) US (71) Applicant: MICROSOFT TECHNOLOGY LI- CENSING, LLC [US/US]; One Microsoft Way, Redmond, Washington 98052-6399 (US). (72) Inventor: NOVAK, Mark, F.; Microsoft Technology Li- censing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). (74) Agent: MINHAS, Sandip, S. et al.; Microsoft Technolo- gy Licensing, LLC, One Microsoft Way, Redmond, WA 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (54) Title: ADDRESSING A TRUSTED EXECUTION ENVIRONMENT USING SIGNING KEY ,c --100a (57) : Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environ- ment (TrEE) associated with an untrusted requestor. The nested TrEE may include a trustlet running on top of secure kernel. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, an attestation statement of the secure kernel, and a key certification statement. The key certification statement may bind a trustlet public encryption key and a trustlet ID. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the trustlet public encryption key. The targeting protocol head may then send the encrypted protected data to the requestor. [Continued on next page] WO 2018/140170 Al MIDEDIMOMMIDIREEMOMOIOMOIRMEMOVOIMIE (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(ii)) as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.17(iii)) Published: — with international search report (Art. 21(3))
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/417,042 US10419402B2 (en) | 2017-01-26 | 2017-01-26 | Addressing a trusted execution environment using signing key |
PCT/US2017/067461 WO2018140170A1 (en) | 2017-01-26 | 2017-12-20 | Addressing a trusted execution environment using signing key |
Publications (1)
Publication Number | Publication Date |
---|---|
SG11201905458WA true SG11201905458WA (en) | 2019-08-27 |
Family
ID=60991591
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
SG11201905458WA SG11201905458WA (en) | 2017-01-26 | 2017-12-20 | Addressing a trusted execution environment using signing key |
Country Status (17)
Country | Link |
---|---|
US (1) | US10419402B2 (en) |
EP (1) | EP3574443A1 (en) |
JP (1) | JP2020506611A (en) |
KR (1) | KR102489790B1 (en) |
CN (1) | CN110249336B (en) |
AU (1) | AU2017396531B2 (en) |
BR (1) | BR112019013584A2 (en) |
CA (1) | CA3048895A1 (en) |
CL (1) | CL2019002026A1 (en) |
CO (1) | CO2019007875A2 (en) |
IL (1) | IL268005B (en) |
MX (1) | MX2019008693A (en) |
PH (1) | PH12019550119A1 (en) |
RU (1) | RU2756040C2 (en) |
SG (1) | SG11201905458WA (en) |
WO (1) | WO2018140170A1 (en) |
ZA (1) | ZA201903702B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
BR112015026372B8 (en) * | 2013-04-18 | 2024-02-15 | Facecon Co Ltd | Communication device that enforces security for a file stored on a virtual drive |
US10897459B2 (en) | 2017-01-26 | 2021-01-19 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment using encryption key |
US10972265B2 (en) * | 2017-01-26 | 2021-04-06 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment |
US10897360B2 (en) | 2017-01-26 | 2021-01-19 | Microsoft Technology Licensing, Llc | Addressing a trusted execution environment using clean room provisioning |
US10515077B2 (en) * | 2017-06-14 | 2019-12-24 | Microsoft Technology Licensing, Llc | Execution optimization of database statements involving encrypted data |
US10771439B2 (en) * | 2017-06-28 | 2020-09-08 | Microsoft Technology Licensing, Llc | Shielded networks for virtual machines |
WO2020140257A1 (en) * | 2019-01-04 | 2020-07-09 | Baidu.Com Times Technology (Beijing) Co., Ltd. | Method and system for validating kernel objects to be executed by a data processing accelerator of a host system |
CN110998581A (en) | 2019-03-26 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Program execution and data attestation scheme using multiple key pairs for signatures |
US11610012B1 (en) * | 2019-11-26 | 2023-03-21 | Gobeep, Inc. | Systems and processes for providing secure client controlled and managed exchange of data between parties |
CN113254940B (en) * | 2021-05-20 | 2023-01-17 | 浙江网商银行股份有限公司 | Data processing method and device based on remote sensing data |
CN114036527B (en) * | 2021-11-04 | 2023-01-31 | 云海链控股股份有限公司 | Code injection method, code running end, code injection end and related equipment |
CN115065487B (en) * | 2022-08-17 | 2022-12-09 | 北京锘崴信息科技有限公司 | Privacy protection cloud computing method and cloud computing method for protecting financial privacy data |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7437771B2 (en) * | 2004-04-19 | 2008-10-14 | Woodcock Washburn Llp | Rendering protected digital content within a network of computing devices or the like |
US8059820B2 (en) * | 2007-10-11 | 2011-11-15 | Microsoft Corporation | Multi-factor content protection |
CN101159556B (en) * | 2007-11-09 | 2011-01-26 | 清华大学 | Group key server based key management method in sharing encryption file system |
WO2012122994A1 (en) * | 2011-03-11 | 2012-09-20 | Kreft Heinz | Off-line transfer of electronic tokens between peer-devices |
WO2012160760A1 (en) * | 2011-05-25 | 2012-11-29 | パナソニック株式会社 | Information processing device and information processing method |
US9413538B2 (en) * | 2011-12-12 | 2016-08-09 | Microsoft Technology Licensing, Llc | Cryptographic certification of secure hosted execution environments |
EP2820587B1 (en) * | 2012-02-28 | 2020-04-08 | Giesecke+Devrient Mobile Security GmbH | Method for controlling access to a computer using a mobile terminal |
EP2680487B1 (en) * | 2012-06-29 | 2019-04-10 | Orange | Secured cloud data storage, distribution and restoration among multiple devices of a user |
US9064109B2 (en) * | 2012-12-20 | 2015-06-23 | Intel Corporation | Privacy enhanced key management for a web service provider using a converged security engine |
EP2759955A1 (en) * | 2013-01-28 | 2014-07-30 | ST-Ericsson SA | Secure backup and restore of protected storage |
KR101687275B1 (en) * | 2013-03-14 | 2016-12-16 | 인텔 코포레이션 | Trusted data processing in the public cloud |
EP3036680B1 (en) | 2013-08-21 | 2018-07-18 | Intel Corporation | Processing data privately in the cloud |
US9633210B2 (en) * | 2013-09-13 | 2017-04-25 | Microsoft Technology Licensing, Llc | Keying infrastructure |
US9852299B2 (en) * | 2013-09-27 | 2017-12-26 | Intel Corporation | Protection scheme for remotely-stored data |
EP2887607A1 (en) * | 2013-12-23 | 2015-06-24 | Orange | Migration of assets of a trusted execution environment |
US9652631B2 (en) * | 2014-05-05 | 2017-05-16 | Microsoft Technology Licensing, Llc | Secure transport of encrypted virtual machines with continuous owner access |
GB201408539D0 (en) * | 2014-05-14 | 2014-06-25 | Mastercard International Inc | Improvements in mobile payment systems |
US9775029B2 (en) * | 2014-08-22 | 2017-09-26 | Visa International Service Association | Embedding cloud-based functionalities in a communication device |
US9621547B2 (en) * | 2014-12-22 | 2017-04-11 | Mcafee, Inc. | Trust establishment between a trusted execution environment and peripheral devices |
CN105812332A (en) * | 2014-12-31 | 2016-07-27 | 北京握奇智能科技有限公司 | Data protection method |
US9722775B2 (en) * | 2015-02-27 | 2017-08-01 | Verizon Patent And Licensing Inc. | Network services via trusted execution environment |
US10073985B2 (en) * | 2015-02-27 | 2018-09-11 | Samsung Electronics Co., Ltd. | Apparatus and method for trusted execution environment file protection |
CN104899506B (en) * | 2015-05-08 | 2018-01-12 | 深圳市雪球科技有限公司 | Security system implementation method based on virtual secure element in credible performing environment |
WO2017004447A1 (en) * | 2015-06-30 | 2017-01-05 | Activevideo Networks, Inc. | Remotely managed trusted execution environment for digital-rights management in a distributed network with thin clients |
CN105260663B (en) * | 2015-09-15 | 2017-12-01 | 中国科学院信息工程研究所 | A kind of safe storage service system and method based on TrustZone technologies |
CN109150548B (en) * | 2015-12-01 | 2021-10-08 | 神州融安科技(北京)有限公司 | Digital certificate signing and signature checking method and system and digital certificate system |
CN105978917B (en) * | 2016-07-19 | 2019-05-10 | 恒宝股份有限公司 | A kind of system and method for trusted application safety certification |
CN106230584B (en) * | 2016-07-21 | 2019-09-03 | 北京可信华泰信息技术有限公司 | A kind of key migration method of credible platform control module |
-
2017
- 2017-01-26 US US15/417,042 patent/US10419402B2/en active Active
- 2017-12-20 AU AU2017396531A patent/AU2017396531B2/en active Active
- 2017-12-20 MX MX2019008693A patent/MX2019008693A/en unknown
- 2017-12-20 RU RU2019126631A patent/RU2756040C2/en active
- 2017-12-20 EP EP17829839.4A patent/EP3574443A1/en active Pending
- 2017-12-20 CN CN201780084731.0A patent/CN110249336B/en active Active
- 2017-12-20 SG SG11201905458WA patent/SG11201905458WA/en unknown
- 2017-12-20 BR BR112019013584-7A patent/BR112019013584A2/en unknown
- 2017-12-20 WO PCT/US2017/067461 patent/WO2018140170A1/en unknown
- 2017-12-20 KR KR1020197022013A patent/KR102489790B1/en active IP Right Grant
- 2017-12-20 JP JP2019540540A patent/JP2020506611A/en active Pending
- 2017-12-20 CA CA3048895A patent/CA3048895A1/en active Pending
-
2019
- 2019-06-10 ZA ZA2019/03702A patent/ZA201903702B/en unknown
- 2019-06-28 PH PH12019550119A patent/PH12019550119A1/en unknown
- 2019-07-11 IL IL268005A patent/IL268005B/en unknown
- 2019-07-19 CL CL2019002026A patent/CL2019002026A1/en unknown
- 2019-07-22 CO CONC2019/0007875A patent/CO2019007875A2/en unknown
Also Published As
Publication number | Publication date |
---|---|
AU2017396531B2 (en) | 2021-11-25 |
CL2019002026A1 (en) | 2019-12-13 |
NZ754540A (en) | 2023-08-25 |
CN110249336B (en) | 2023-05-30 |
RU2756040C2 (en) | 2021-09-24 |
RU2019126631A3 (en) | 2021-04-08 |
CN110249336A (en) | 2019-09-17 |
IL268005A (en) | 2019-09-26 |
IL268005B (en) | 2022-03-01 |
US20180212932A1 (en) | 2018-07-26 |
PH12019550119A1 (en) | 2020-03-09 |
KR20190108580A (en) | 2019-09-24 |
US10419402B2 (en) | 2019-09-17 |
CA3048895A1 (en) | 2018-08-02 |
KR102489790B1 (en) | 2023-01-17 |
MX2019008693A (en) | 2019-09-11 |
JP2020506611A (en) | 2020-02-27 |
BR112019013584A2 (en) | 2020-01-07 |
CO2019007875A2 (en) | 2019-07-31 |
ZA201903702B (en) | 2020-10-28 |
AU2017396531A1 (en) | 2019-07-04 |
WO2018140170A1 (en) | 2018-08-02 |
RU2019126631A (en) | 2021-02-26 |
EP3574443A1 (en) | 2019-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
SG11201905456UA (en) | Addressing a trusted execution environment using encryption key | |
SG11201905458WA (en) | Addressing a trusted execution environment using signing key | |
SG11201903459UA (en) | Sharing protection for a screen sharing experience | |
SG11201806702XA (en) | Personal device security using elliptic curve cryptography for secret sharing | |
SG11201804361YA (en) | Method for managing a trusted identity | |
SG11201907320YA (en) | Trusted login method, server, and system | |
SG11201905460SA (en) | Data unsealing with a sealing enclave | |
SG11201910054WA (en) | Securely executing smart contract operations in a trusted execution environment | |
SG11201804697PA (en) | Method and system for distributed cryptographic key provisioning and storage via elliptic curve cryptography | |
SG11201804190YA (en) | Method and system for blockchain variant using digital signatures | |
SG11201809963XA (en) | Application framework using blockchain-based asset ownership | |
SG11201808929PA (en) | Systems and methods for secure storage of user information in a user profile | |
SG11201803388YA (en) | Key exchange through partially trusted third party | |
SG11201806709PA (en) | Universal tokenisation system for blockchain-based cryptocurrencies | |
SG11201905461VA (en) | Data sealing with a sealing enclave | |
SG11201903566XA (en) | Regulating blockchain confidential transactions | |
SG11201811007TA (en) | Blockchain-implemented method and system | |
SG11201809117QA (en) | Operating system for blockchain iot devices | |
SG11201905463TA (en) | Abstract enclave identity | |
SG11201901550WA (en) | Method and apparatus for data processing | |
SG11201907394UA (en) | Two-dimensional code generation method and device, and two-dimensional code recognition method and device | |
SG11201903276VA (en) | Virtual reality identity verification | |
SG11201905462WA (en) | Cross-platform enclave identity | |
SG11201809872TA (en) | Using hardware based secure isolated region to prevent piracy and cheating on electronic devices | |
SG11201807726QA (en) | Multi-level communication encryption |