公开(公告)号：US20240137210A1

公开(公告)日：2024-04-25

申请号：US18066383

申请日：2022-12-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： Kapil VASWANI ,  Siddharth JAYASHANKAR ,  Antoine DELIGNAT-LAVAUD ,  Cedric Alain Marie Christophe FOURNET

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0825 ,  H04L9/0861 ,  H04L9/3247

Abstract: A computer device instantiates a first Transport Layer Security (TLS) endpoint having access to a trusted execution environment (TEE) of the processor; generates in the TEE in an endpoint-specific public-private key pair bound to the first TLS endpoint; generates of attestation data verifying that the endpoint-specific public-private key pair was generated in the TEE and is bound to the first TLS endpoint; and signs the attestation data in the TEE using a TEE private key securely embedded in the processor. The device generates a TEE signature using an endpoint-specific private key of an endpoint-specific public-private key pair; and indicates of the attestation data, an endpoint-specific public key of the endpoint-specific public public-private key pair and the TEE signature to a second TLS endpoint within a TLS handshake message exchange between the first TLS endpoint and the second TLS endpoint.

公开(公告)号：US20250159021A1

公开(公告)日：2025-05-15

申请号：US19019442

申请日：2025-01-13

Applicant: Microsoft Technology Licensing, LLC

Inventor： Kapil VASWANI ,  Siddharth JAYASHANKAR ,  Antoine DELIGNAT-LAVAUD ,  Cedric Alain Marie Christophe FOURNET

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32

Abstract: A computer device instantiates a first Transport Layer Security (TLS) endpoint having access to a trusted execution environment (TEE) of the processor; generates in the TEE in an endpoint-specific public-private key pair bound to the first TLS endpoint; generates of attestation data verifying that the endpoint-specific public-private key pair was generated in the TEE and is bound to the first TLS endpoint; and signs the attestation data in the TEE using a TEE private key securely embedded in the processor. The device generates a TEE signature using an endpoint-specific private key of an endpoint-specific public-private key pair; and indicates of the attestation data, an endpoint-specific public key of the endpoint-specific public public-private key pair and the TEE signature to a second TLS endpoint within a TLS handshake message exchange between the first TLS endpoint and the second TLS endpoint.

公开(公告)号：US20240235819A9

公开(公告)日：2024-07-11

申请号：US18066383

申请日：2022-12-15

Applicant: Microsoft Technology Licensing, LLC

Inventor： Kapil VASWANI ,  Siddharth JAYASHANKAR ,  Antoine DELIGNAT-LAVAUD ,  Cedric Alain Marie Christophe FOURNET

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0825 ,  H04L9/0861 ,  H04L9/3247

Abstract: A computer device instantiates a first Transport Layer Security (TLS) endpoint having access to a trusted execution environment (TEE) of the processor; generates in the TEE in an endpoint-specific public-private key pair bound to the first TLS endpoint; generates of attestation data verifying that the endpoint-specific public-private key pair was generated in the TEE and is bound to the first TLS endpoint; and signs the attestation data in the TEE using a TEE private key securely embedded in the processor. The device generates a TEE signature using an endpoint-specific private key of an endpoint-specific public-private key pair; and indicates of the attestation data, an endpoint-specific public key of the endpoint-specific public public-private key pair and the TEE signature to a second TLS endpoint within a TLS handshake message exchange between the first TLS endpoint and the second TLS endpoint.