Secure communication between a virtual smartcard enclave and a trusted I/O enclave
First Claim
Patent Images
1. A storage disk or storage device comprising instructions that, when executed, cause a computing device to at least:
- generate, in a first trusted execution environment (TEE), an indicator when biometric data from a biometric capture device matches a stored biometric template;
transmit the indicator and signed data generated in the first TEE to a second TEE, the signed data to identify the first TEE, the first TEE being independent from the second TEE, the second TEE being sealed; and
in response to determining that the indicator is from the first TEE based on the signed data, unseal the second TEE based on the indicator to facilitate access to the second TEE.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for accessing a trusted execution environment includes instructions to transmit, from a first trusted execution environment, a request for a biometric match claim, receive, in response to the request for a biometric match claim, biometric data from a biometric capture device, perform a match of the biometric data against biometric templates stored in the first trusted execution environment, and unseal a second trusted execution environment based on the match data.
-
Citations
21 Claims
-
1. A storage disk or storage device comprising instructions that, when executed, cause a computing device to at least:
-
generate, in a first trusted execution environment (TEE), an indicator when biometric data from a biometric capture device matches a stored biometric template; transmit the indicator and signed data generated in the first TEE to a second TEE, the signed data to identify the first TEE, the first TEE being independent from the second TEE, the second TEE being sealed; and in response to determining that the indicator is from the first TEE based on the signed data, unseal the second TEE based on the indicator to facilitate access to the second TEE. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for secure communication, the apparatus comprising:
-
memory including instructions; and one or more processors including a first trusted execution environment (TEE) and a second TEE, the first TEE being independent from the second TEE, the second TEE being sealed, the one or more processors to execute the instructions to; generate, in the first TEE, an indicator when biometric data from a biometric capture device matches a biometric template stored in the first TEE; pass the indicator and signed data generated in the first TEE that identifies the first TEE to the second TEE; and in response to determining that the indicator is from the first TEE, unseal the second TEE. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method for secure communications, the method comprising:
-
generating, in a first trusted execution environment (TEE), an indicator when biometric data from a biometric capture device matches a stored biometric template; transmitting the indicator and signed data generated in the first TEE to a second TEE, the signed data to identify the first TEE, the first TEE being independent from the second TEE, the second TEE being sealed; and in response to determining that the indicator is from the first TEE based on the signed data, unsealing the second TEE based on the indicator to facilitate access to the second TEE. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification