Trusted execution environment extensible computing device interface
First Claim
1. A method comprising:
- providing an interface platform including a non-extensible interface and a plurality of extensible interfaces, each of the plurality of extensible interfaces specifically configured to communicate with an associated application or service within a third party environment in a format specific to the associated application or service, and the non-extensible interface providing a single extension point for a plurality of applications or services in a client environment to communicate with third party applications or services in the third party environment;
identifying a priority of the plurality of applications or services to be executed within the client environment, wherein the plurality of applications or services includes a first application or a first service having a higher priority than a background application or background service;
receiving from the first application or first service among the plurality of applications or services within the client environment, via the non-extensible interface, a first request to establish a first communication with a second application or second service within the third party environment, the first request includes a first message in a first format, and wherein the first application or first service has a first security policy and the second application or second service has a second security policy that is different from the first security policy;
receiving from the background application or background service among the plurality of applications or services within the client environment, via the non-extensible interface, a second request to establish a second communication with a third application or third service within the third party environment, wherein the second request includes a second message;
selecting, from the plurality of extensible interfaces, a first extensible interface being associated with the second application or second service within the third party environment;
selecting, from the plurality of extensible interfaces, a second extensible interface being associated with the third application or third service within the third party environment;
modifying, by the first extensible interface, the first format of the first message to a second format of the first message, based at least in part on the first security policy and the second security policy;
establishing, via the first extensible interface, the first communication between the first application or first service and the second application or second service;
establishing, via the second extensible interface, the second communication between the background application or background service and the third application or third service;
transmitting, via the first communication, the second format of the first message to the second application or second service prior to transmitting, via the second communication, the second message to the third application or third service in response to the first application or the first service having the higher priority than the background application or background service; and
transmitting and receiving data between the first application or first service and the second application or second service.
2 Assignments
0 Petitions
Accused Products
Abstract
Constructs to define a Trusted Execution Environment Driver that can implement a standard communication interface in a first environment for discovering and/or exchanging messages with secure applications/services executed in a Trusted Execution Environment (TrEE). The first environment can represent an environment with a different security policy from the TrEE. The TrEE driver can include a standard interface and/or mechanism by which applications/services and drivers within a first environment can access secure applications/services in the TrEE, a standard interface and/or mechanism by which third-party vendors can expose their TrEE applications/services to a first environment, a standard interface and/or mechanism by which a TrEE can request applications/services, on its own behalf, from the first environment, and a standard interface and/or mechanism to facilitate the management of secure application/services and/or provide I/O prioritization and security protection for individual secure applications/services.
66 Citations
18 Claims
-
1. A method comprising:
-
providing an interface platform including a non-extensible interface and a plurality of extensible interfaces, each of the plurality of extensible interfaces specifically configured to communicate with an associated application or service within a third party environment in a format specific to the associated application or service, and the non-extensible interface providing a single extension point for a plurality of applications or services in a client environment to communicate with third party applications or services in the third party environment; identifying a priority of the plurality of applications or services to be executed within the client environment, wherein the plurality of applications or services includes a first application or a first service having a higher priority than a background application or background service; receiving from the first application or first service among the plurality of applications or services within the client environment, via the non-extensible interface, a first request to establish a first communication with a second application or second service within the third party environment, the first request includes a first message in a first format, and wherein the first application or first service has a first security policy and the second application or second service has a second security policy that is different from the first security policy; receiving from the background application or background service among the plurality of applications or services within the client environment, via the non-extensible interface, a second request to establish a second communication with a third application or third service within the third party environment, wherein the second request includes a second message; selecting, from the plurality of extensible interfaces, a first extensible interface being associated with the second application or second service within the third party environment; selecting, from the plurality of extensible interfaces, a second extensible interface being associated with the third application or third service within the third party environment; modifying, by the first extensible interface, the first format of the first message to a second format of the first message, based at least in part on the first security policy and the second security policy; establishing, via the first extensible interface, the first communication between the first application or first service and the second application or second service; establishing, via the second extensible interface, the second communication between the background application or background service and the third application or third service; transmitting, via the first communication, the second format of the first message to the second application or second service prior to transmitting, via the second communication, the second message to the third application or third service in response to the first application or the first service having the higher priority than the background application or background service; and transmitting and receiving data between the first application or first service and the second application or second service. - View Dependent Claims (2, 3, 4, 8, 9, 10)
-
-
5. A computer-readable storage device having computer-executable instructions thereon that, upon execution, configure a computer to perform operations comprising:
-
providing an interface platform including a non-extensible interface and a plurality of extensible interfaces, each of the plurality of extensible interfaces operable to communicate with an associated application or service in a first environment in a specific message format, and the non-extensible interface providing a single extension point for a plurality of applications or services in a second environment to communicate with third party applications or services in the first environment; identifying a priority of the plurality of applications or services to be executed within the second environment, wherein the plurality of applications or services includes a first application or a first service having a higher priority than a background application or background service; receiving, via the non-extensible interface, a first request from the first application or first service among the plurality of applications or services within the second environment to establish a first communication with a second application or second service within the first environment, the first request includes a first message in a first format, and wherein the first environment has a first security policy and the second environment has a second security policy that is different from the first security policy; receiving from the background application or background service among the plurality of applications or services within the second environment, via the non-extensible interface, a second request to establish a second communication with a third application or third service within the first environment, wherein the second request includes a second message; selecting, from the plurality of extensible interfaces, a first extensible interface being associated with the second application or second service within the first environment; selecting, from the plurality of extensible interfaces, a second extensible interface being associated with the third application or third service within the first environment; modifying, by the first extensible interface, the first format of the first message to a second format of the first message, based at least in part on the first security policy and the second security policy; establishing, via the first extensible, the first communication between the first application or the first service and the second application or the second service; establishing, via the second extensible interface, the second communication between the background application or background service and the third application or third service; transmitting, via the first communication, the second format of the first message to the second application or the second service prior to transmitting, via the second communication, the second message to the third application or third service in response to the first application or the first service having the higher priority than the background application or background service; and transmitting and receiving data between the first application or first service and the second application or second service, in response to establishing the first communication. - View Dependent Claims (6, 7)
-
-
11. A system comprising:
-
one or more processors, and a computer-readable storage device coupled to the one or more processors, the computer-readable storage device including one or more modules that are executable by the one or more processors to; provide an interface platform including a non-extensible interface and a plurality of extensible interfaces, each of the plurality of extensible interfaces specifically configured to communicate with an associated application or service within a third party environment in a format specific to the associated application or service, and the non-extensible interface providing a single extension point for a plurality of applications or services in a client environment to communicate with third party applications or services in the third party environment; identify a priority of the plurality of applications or services to be executed within the client environment, wherein the plurality of applications or services includes a first application or a first service having a higher priority than a background application or background service; receiving from the first application or first service among the plurality of applications or services within the client environment, via the non-extensible interface, a first request to establish a first communication with a second application or second service within the third party environment, the first request includes a first message in a first format, and wherein the first application or first service has a first security policy and the second application or second service has a second security policy that is different from the first security policy; receiving from the background application or background service among the plurality of applications or services within the client environment, via the non-extensible interface, a second request to establish a second communication with a third application or third service within the third party environment, wherein the second request includes a second message; selecting, from the plurality of extensible interfaces, a first extensible interface being associated with the second application or second service within the third party environment; selecting, from the plurality of extensible interfaces, a second extensible interface being associated with the third application or third service within the third party environment; modifying, by the first extensible interface, the first format of the first message to a second format of the first message, based at least in part on the first security policy and the second security policy; establishing, via the first extensible interface, the first communication between the first application or first service and the second application or second service; establishing, via the second extensible interface, the second communication between the background application or background service and the third application or third service; transmitting, via the first communication, the second format of the first message to the second application or second service prior to transmitting, via the second communication, the second message to the third application or third service in response to the first application or the first service having the higher priority than the background application or background service; and transmitting and receiving data between the first application or first service and the second application or second service. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
12. A method comprising:
-
providing an interface platform including a non-extensible interface and a plurality of extensible interfaces, each of the plurality of extensible interfaces specifically configured to communicate with an associated application or service within a third party environment in a format specific to the associated application or service, and the non-extensible interface providing a single extension point for multiple different applications or services in a client environment to communicate with the plurality of different applications or services in the third party environment; receiving from a first application or first service within the client environment, via the non-extensible interface, a first request to establish a communication with a second application or second service within the third party environment, the first request including a message being in a first format, and wherein the first application or first service has a first security policy and the second application or second service has a second security policy that is different from the first security policy; receiving a list of service dependencies including dependent resources associated with the second application or second service within the third party environment; determining whether any service dependencies remain inactive; initiating any inactive service dependencies within the third party environment; selecting, from the plurality of extensible interfaces, an extensible interface being associated with the second application or second service within the third party environment; modifying, by the extensible interface, the first format of the message to a second format of the message, based at least in part on the first security policy and the second security policy; establishing, via the extensible interface, the communication between the first application or first service and the second application or second service; and transmitting, via the communication, the second format of the message to the second application or second service; and transmitting and receiving data between the first application or first service and the second application or second service.
-
Specification