Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020140257 - METHOD AND SYSTEM FOR VALIDATING KERNEL OBJECTS TO BE EXECUTED BY A DATA PROCESSING ACCELERATOR OF A HOST SYSTEM

Publication Number WO/2020/140257
Publication Date 09.07.2020
International Application No. PCT/CN2019/070394
International Filing Date 04.01.2019
IPC
G06F 21/51 2013.1
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
CPC
G06F 21/51
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
51at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 2221/034
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
2221Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
034Test or assess a computer or a system
H04L 9/083
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
083involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
H04L 9/30
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
H04L 9/3242
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3236using cryptographic hash functions
3242involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Applicants
  • BAIDU.COM TIMES TECHNOLOGY (BEIJING) CO., LTD. [CN]/[CN]
  • BAIDU USA LLC [US]/[US]
Inventors
  • CHENG, Yueqiang
  • LIU, Yong
  • WEI, Tao
  • OUYANG, Jian
Agents
  • INSIGHT INTELLECTUAL PROPERTY LIMITED
Priority Data
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHOD AND SYSTEM FOR VALIDATING KERNEL OBJECTS TO BE EXECUTED BY A DATA PROCESSING ACCELERATOR OF A HOST SYSTEM
(FR) PROCÉDÉ ET SYSTÈME DE VALIDATION D'OBJETS NOYAUX DESTINÉS À ÊTRE EXÉCUTÉS PAR UN ACCÉLÉRATEUR DE TRAITEMENT DE DONNÉES D'UN SYSTÈME HÔTE
Abstract
(EN)
A system receives, at a runtime library executed within a trusted execution environment (TEE) of a host system, a request from an application to invoke a predetermined function to perform a predefined operation. In response to the request, the system identifies a kernel object associated with the predetermined function. The system verifies an executable image of the kernel object using a public key corresponding to a private key that was used to sign the executable image of the kernel object. In response to successfully the system verifies the executable image of the kernel object, transmitting the verified executable image of the kernel object to a data processing (DP) accelerator over a bus to be executed by the DP accelerator to perform the predefined operation.
(FR)
La présente invention concerne un système qui reçoit, sur une bibliothèque d'exécution exécutée dans un environnement d'exécution de confiance (TEE) d'un système hôte, une demande d'une application pour demander à une fonction prédéterminée d'effectuer une opération prédéfinie. En réponse à la demande, le système identifie un objet noyau associé à la fonction prédéterminée. Le système vérifie une image exécutable de l'objet noyau à l'aide d'une clé publique correspondant à une clé privée qui avait été utilisée pour signer l'image exécutable de l'objet noyau. En réponse à la vérification réussie, le système vérifie l'image exécutable de l'objet noyau, en transmettant l'image exécutable vérifiée de l'objet noyau à un accélérateur de traitement de données (DP) sur un bus que l'accélérateur DP doit exécuter pour effectuer l'opération prédéfinie.
Related patent documents
Latest bibliographic data on file with the International Bureau