Secure communication between a virtual smartcard enclave and a trusted I/O enclave
First Claim
Patent Images
1. A hardware machine readable medium comprising instructions that when executed cause a machine to:
- transmit, from a first trusted execution environment operatively connected to a biometric capture device, a request for a biometric match claim;
receive, in response to the request for the biometric match claim, biometric data from the biometric capture device;
perform, by the first trusted execution environment, a match of the biometric data against biometric templates stored in the first trusted execution environment;
verify, with a report including a signed piece of data transmitted by a second trusted execution environment via a credential manager application operating in a third execution environment, an authorization of the first trusted execution environment, wherein the second trusted execution environment is sealed; and
in response to the verification of the first trusted execution environment, unseal the second trusted execution environment based on the match of the biometric data performed by the first trusted execution environment, wherein the second trusted execution environment includes a virtual smartcard including cryptographic data specific to a user corresponding to the biometric data, and wherein the first trusted execution environment is independent from the second trusted execution environment.
10 Assignments
0 Petitions
Accused Products
Abstract
A system for accessing a trusted execution environment includes instructions to transmit, from a first trusted execution environment, a request for a biometric match claim, receive, in response to the request for a biometric match claim, biometric data from a biometric capture device, perform a match of the biometric data against biometric templates stored in the first trusted execution environment, and unseal a second trusted execution environment based on the match data.
9 Citations
18 Claims
-
1. A hardware machine readable medium comprising instructions that when executed cause a machine to:
-
transmit, from a first trusted execution environment operatively connected to a biometric capture device, a request for a biometric match claim; receive, in response to the request for the biometric match claim, biometric data from the biometric capture device; perform, by the first trusted execution environment, a match of the biometric data against biometric templates stored in the first trusted execution environment; verify, with a report including a signed piece of data transmitted by a second trusted execution environment via a credential manager application operating in a third execution environment, an authorization of the first trusted execution environment, wherein the second trusted execution environment is sealed; and in response to the verification of the first trusted execution environment, unseal the second trusted execution environment based on the match of the biometric data performed by the first trusted execution environment, wherein the second trusted execution environment includes a virtual smartcard including cryptographic data specific to a user corresponding to the biometric data, and wherein the first trusted execution environment is independent from the second trusted execution environment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for secure communications, comprising:
-
one or more processors; and a memory, coupled to the one or more processors, on which instructions are stored which, when executed by the one or more processors, cause at least some of the one or more processors to; transmit, from a first trusted execution environment operatively connected to a biometric capture device, a request for a biometric match claim; receive, in response to the request for the biometric match claim, biometric data from the biometric capture device; perform, by the first trusted execution environment, a match of the biometric data against biometric templates stored in the first trusted execution environment; verify, with a report including a signed piece of data transmitted by a second trusted execution environment via a credential manager application operating in a third execution environment, an authorization of the first trusted execution environment, wherein the second trusted execution environment is sealed; and in response to the verification of the first trusted execution environment, unseal the second trusted execution environment based on the match of the biometric data performed by the first trusted execution environment, wherein the second trusted execution environment includes a virtual smartcard including cryptographic data specific to a user corresponding to the biometric data, and wherein the first trusted execution environment is independent from the second trusted execution environment. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for secure communications, comprising:
-
transmitting, from a first trusted execution environment operatively connected to a biometric capture device, a request for a biometric match claim; receiving, in response to the request for the biometric match claim, biometric data from the biometric capture device; performing, by the first trusted execution environment, a match of the biometric data against biometric templates stored in the first trusted execution environment; and verifying, with a report including a signed piece of data transmitted by a second trusted execution environment via a credential manager application operating in a third execution environment, an authorization of the first trusted execution environment, wherein the second trusted execution environment is sealed; and in response to the verification of the first trusted execution environment, unsealing the second trusted execution environment based on the match of the biometric data performed by the first trusted execution environment, wherein the second trusted execution environment includes a virtual smartcard including cryptographic data specific to a user corresponding to the biometric data, and wherein the first trusted execution environment is independent from the second trusted execution environment. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification