| 发明名称 |
SYSTEM, APPARATUS AND METHOD FOR CONTROLLING MULTIPLE TRUSTED EXECUTION ENVIRONMENTS IN A SYSTEM |
| 摘要 |
In an embodiment, a system is adapted to: record at least one measurement of a virtual trusted execution environment in a storage of the system and generate a secret sealed to a state of this measurement; create, using the virtual trusted execution environment, an isolated environment including a secure enclave and an application, the virtual trusted execution environment to protect the isolated environment; receive, in the application, a first measurement quote associated with the virtual trusted execution environment and a second measurement quote associated with the secure enclave; and communicate quote information regarding the first and second measurement quotes to a remote attestation service to enable the remote attestation service to verify the virtual trusted execution environment and the secure enclave, and responsive to the verification the secret is to be provided to the virtual trusted execution environment and the isolated environment. Other embodiments are described and claimed. |
| 申请公布号 |
US2016350534(A1) |
申请公布日期 |
2016.12.01 |
| 申请号 |
US201514725310 |
申请日期 |
2015.05.29 |
| 申请人 |
Intel Corporation |
发明人 |
Poornachandran Rajesh;Smith Ned M.;Sarangdhar Nitin V.;Grewal Karanvir S.;Sahita Ravi L.;Robinson Scott H. |
| 分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. At least one computer readable storage medium comprising instructions that when executed enable a system to:
record at least one measurement of a virtual trusted execution environment in a storage of a trusted platform module of the system and generate a secret sealed to a state of the trusted platform module; create, using the virtual trusted execution environment, an isolated environment, the isolated environment including a secure enclave, an application, and a driver, the driver to interface with the virtual trusted execution environment, the virtual trusted execution environment to protect the isolated environment; receive, in the application, a first measurement quote associated with the virtual trusted execution environment and a second measurement quote associated with the secure enclave; and communicate quote information regarding the first and second measurement quotes to a remote attestation service to enable the remote attestation service to verify the virtual trusted execution environment and the secure enclave, wherein responsive to the verification the secret is to be provided to the virtual trusted execution environment and the isolated environment. |
| 地址 |
Santa Clara CA US |
