System and method for providing global platform compliant trusted execution environment

摘要

Method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) starts with main processor executing an application stored in memory device. Application includes client application (CA) and trusted application (TA). Executing the application includes running CA in client process and TA in TEE host process. Client process and TEE host process are separate. Using TEE host process, a request including identifier of the TA is received from client process to open session. Using GP Trusted Services enclave included in TEE host process, TA enclave associated with the identifier is determined and loaded in the TEE host process using the GP Trusted Services enclave to establish the session. Using TEE host process, commands to be invoked in TA enclave and set of parameters needed for commands are received from client process. Using GP Internal APIs, commands in TA enclave associated with identifier are executed. Other embodiments are also described.

主权项

1. A non-transitory computer-readable storage medium having stored therein instructions that, when executed by a processor, causes the processor to perform a method of providing a Global Platform (GP) compliant Trusted Execution Environment (TEE) comprising:
executing an application stored in a memory device, the application including a client application (CA) and a trusted application (TA), wherein executing the application includes running the CA in a client process and the TA in a TEE host process, the client process and the TEE host process being separate; receiving using the TEE host process a request from the client process to open a session, wherein the request includes an identifier of the TA; determining a TA enclave associated with the identifier using a GP Trusted Services enclave that is included in the TEE host process; loading in the TEE host process the TA enclave associated with the identifier to establish the session using the GP Trusted Services enclave; receiving using the TEE host process commands to be invoked in the TA enclave and a set of parameters needed for the commands, wherein the commands and the set of parameters are from the client process; and executing the commands in the TA enclave associated with the identifier using GP Internal APIs.