Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2018140169) ADDRESSING A TRUSTED EXECUTION ENVIRONMENT USING ENCRYPTION KEY
Latest bibliographic data on file with the International Bureau    Submit observation

Pub. No.: WO/2018/140169 International Application No.: PCT/US2017/067460
Publication Date: 02.08.2018 International Filing Date: 20.12.2017
IPC:
G06F 21/57 (2013.01) ,G06F 21/74 (2013.01) ,H04L 9/08 (2006.01) ,H04L 9/32 (2006.01) ,H04L 29/06 (2006.01)
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50
Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G PHYSICS
06
COMPUTING; CALCULATING; COUNTING
F
ELECTRIC DIGITAL DATA PROCESSING
21
Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70
Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71
to assure secure computing or processing of information
74
operating in dual or compartmented mode, i.e. at least one secure mode
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9
Arrangements for secret or secure communication
06
the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
08
Key distribution
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9
Arrangements for secret or secure communication
32
including means for verifying the identity or authority of a user of the system
H ELECTRICITY
04
ELECTRIC COMMUNICATION TECHNIQUE
L
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29
Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02
Communication control; Communication processing
06
characterised by a protocol
Applicants:
MICROSOFT TECHNOLOGY LICENSING, LLC [US/US]; One Microsoft Way Redmond, Washington 98052-6399, US
Inventors:
NOVAK, Mark, F.; US
Agent:
MINHAS, Sandip, S.; US
CHEN, Wei-Chen, Nicholas; US
DRAKOS, Katherine, J.; US
HINOJOSA, Brianna, L.; US
HOLMES, Danielle, J.; US
SWAIN, Cassandra, T.; US
WONG, Thomas, S.; US
CHOI, Daniel; US
HWANG, William, C.; US
WIGHT, Stephen, A.; US
CHATTERJEE, Aaron, C.; US
Priority Data:
15/417,06026.01.2017US
Title (EN) ADDRESSING A TRUSTED EXECUTION ENVIRONMENT USING ENCRYPTION KEY
(FR) ADRESSAGE D'UN ENVIRONNEMENT D'EXÉCUTION DE CONFIANCE À L'AIDE D'UNE CLÉ DE CHIFFREMENT
Abstract:
(EN) Methods, systems, and devices are described herein for delivering protected data to a nested trusted execution environment (TrEE), including a trustlet running on top of secure kernel, associated with a potentially untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data, may receive a request for protected data from a potentially untrusted requestor, and an attestation statement of the secure kernel. The targeting protocol head may encrypt a transfer encryption key with a second encryption key derived from the attestation statement. The targeting protocol head may retrieve the protected data, and encrypt the protected data with the transfer encryption key and an authentication tag, which binds the requestor with the trustlet ID. The targeting protocol head may provide the encrypted transfer encryption key, the encrypted protected data, and encrypted authentication tag to the requestor.
(FR) L'invention concerne des procédés, des systèmes et des dispositifs pour distribuer des données protégées à un environnement d'exécution de confiance (TrEE) imbriqué, comprenant un Trustlet s'exécutant au-dessus d'un noyau sécurisé, associé à un demandeur potentiellement non digne de confiance. Selon un aspect, une tête de protocole de ciblage, ou un autre intermédiaire entre un demandeur et un système de gestion de clés ou un autre stockage de données protégées, peut recevoir une demande de données protégées en provenance d'un demandeur potentiellement non digne de confiance, et une déclaration d'attestation du noyau sécurisé. La tête de protocole de ciblage peut chiffrer une clé de chiffrement de transfert avec une seconde clé de chiffrement calculée à partir de la déclaration d'attestation. La tête de protocole de ciblage peut récupérer les données protégées, et chiffrer les données protégées avec la clé de chiffrement de transfert et une étiquette d'authentification, qui lie le demandeur à l'ID du Trustlet. La tête de protocole de ciblage peut fournir la clé de chiffrement de transfert chiffrée, les données protégées chiffrées, et l'étiquette d'authentification chiffrée au demandeur.
front page image
Designated States: AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW
African Regional Intellectual Property Organization (ARIPO) (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW)
Eurasian Patent Office (AM, AZ, BY, KG, KZ, RU, TJ, TM)
European Patent Office (EPO) (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR)
African Intellectual Property Organization (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG)
Publication Language: English (EN)
Filing Language: English (EN)