Processing

Please wait...

Settings

Settings

Goto Application

1. CN112292678 - METHOD AND SYSTEM FOR VALIDATING KERNEL OBJECTS TO BE EXECUTED BY A DATA PROCESSING ACCELERATOR OF A HOST SYSTEM

Office
China
Application Number 201980038821.5
Application Date 04.01.2019
Publication Number 112292678
Publication Date 29.01.2021
Publication Kind A
IPC
G06F 21/51
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
CPC
G06F 21/51
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 2221/034
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
034Test or assess a computer or a system
H04L 9/083
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
083involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
H04L 9/30
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
H04L 9/3242
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3236using cryptographic hash functions
3242involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Applicants BAIDU.COM TIMES TECHNOLOGY (BEIJING) CO., LTD.
百度时代网络技术(北京)有限公司
BAIDU USA LLC
百度(美国)有限责任公司
Inventors CHENG YUEQIANG
程越强
LIU YONG
刘勇
WEI TAO
韦韬
OUYANG JIAN
欧阳剑
Agents 北京英赛嘉华知识产权代理有限责任公司 11204
北京英赛嘉华知识产权代理有限责任公司 11204
Title
(EN) METHOD AND SYSTEM FOR VALIDATING KERNEL OBJECTS TO BE EXECUTED BY A DATA PROCESSING ACCELERATOR OF A HOST SYSTEM
(ZH) 用于验证将要由主机系统的数据处理加速器执行的内核对象的方法与系统
Abstract
(EN)
A system receives, at a runtime library executed within a trusted execution environment (TEE) of a host system, a request from an application to invoke a predetermined function to perform a predefinedoperation. In response to the request, the system identifies a kernel object associated with the predetermined function. The system verifies an executable image of the kernel object using a public key corresponding to a private key that was used to sign the executable image of the kernel object. In response to successfully the system verifies the executable image of the kernel object, transmitting the verified executable image of the kernel object to a data processing (DP) accelerator over a bus to be executed by the DP accelerator to perform the predefined operation.

(ZH)
根据一个实施方式,系统在主机系统的可信执行环境(TEE)内执行的运行时间库处,接收来自应用的调用预定函数的请求,以执行预定操作。响应于该请求,系统标识与该预定函数相关联的内核对象。系统使用与私钥对应的公钥来确认内核对象的可执行映像,其中,私钥用于对内核对象的可执行映像进行签名。响应于成功确认内核对象的可执行映像,系统将内核对象所确认的可执行映像通过总线传输到数据处理(DP)加速器,以由DP加速器执行,以执行预定操作。

Related patent documents