公开(公告)号：US20160350561A1

公开(公告)日：2016-12-01

申请号：US14832446

申请日：2015-08-21

Applicant: Google Inc.

Inventor： Benjamin David Poiesz ,  Andrew Abramson ,  Neel Rao ,  Shawn Edward Willden ,  Andres Guillermo Morales ,  James Brooks Miller

IPC: G06F21/72 ,  H04L9/32 ,  H04L9/08 ,  G06F21/53

CPC classification number: G06F21/72 ,  G06F21/53 ,  G06F21/629 ,  G06F21/74 ,  G06F2221/034 ,  G06F2221/2141 ,  H04L9/088 ,  H04L9/3247

Abstract: A computing device executes one or more trusted execution environment (TEE) processes in a TEE of a processor. The one or more TEE processes cryptographically protect a secret and a policy. The policy specifies a plurality of conditions on usage of the secret. A particular non-TEE process generates a request whose fulfillment involves an action requiring use of the secret. Responsive to the request, one or more non-TEE processes determine whether a first subset of the plurality of conditions is satisfied. Responsive to the first subset of the plurality of conditions being satisfied, the one or more TEE processes determine that a second, different subset of the plurality of conditions is satisfied. Responsive to determining the second subset of the plurality of conditions is satisfied, the one or more TEE processes use the secret to perform the action.

Abstract translation: 计算设备执行处理器的TEE中的一个或多个可信执行环境（TEE）进程。 一个或多个TEE进程加密地保护秘密和策略。 该策略规定了使用秘密的多个条件。 特定的非TEE进程产生一个请求，其履行涉及需要使用秘密的动作。 响应于该请求，一个或多个非TEE过程确定多个条件的第一子集是否被满足。 响应于满足多个条件的第一子集，一个或多个TEE进程确定满足多个条件的第二不同子集。 满足确定多个条件的第二子集的响应，一个或多个TEE进程使用秘密来执行该动作。

公开(公告)号：US09830480B2

公开(公告)日：2017-11-28

申请号：US14832446

申请日：2015-08-21

Applicant: Google Inc.

Inventor： Benjamin David Poiesz ,  Andrew Abramson ,  Neel Rao ,  Shawn Edward Willden ,  Andres Guillermo Morales ,  James Brooks Miller

IPC: G06F11/30 ,  G06F12/14 ,  G06F21/72 ,  G06F21/53 ,  H04L9/32 ,  H04L9/08 ,  G06F21/62 ,  G06F21/74

CPC classification number: G06F21/72 ,  G06F21/53 ,  G06F21/629 ,  G06F21/74 ,  G06F2221/034 ,  G06F2221/2141 ,  H04L9/088 ,  H04L9/3247

Abstract: A computing device executes one or more trusted execution environment (TEE) processes in a TEE of a processor. The one or more TEE processes cryptographically protect a secret and a policy. The policy specifies a plurality of conditions on usage of the secret. A particular non-TEE process generates a request whose fulfillment involves an action requiring use of the secret. Responsive to the request, one or more non-TEE processes determine whether a first subset of the plurality of conditions is satisfied. Responsive to the first subset of the plurality of conditions being satisfied, the one or more TEE processes determine that a second, different subset of the plurality of conditions is satisfied. Responsive to determining the second subset of the plurality of conditions is satisfied, the one or more TEE processes use the secret to perform the action.