Trusted execution of an executable object on a local device
First Claim
1. An electronic client device, comprising:
- an enclave;
at least one processor;
at least one memory;
at least one driver, wherein the electronic client device is configured to;
obtain an authentication signing key from an attestation server;
store the authentication signing key in the enclave, wherein the authentication signing key verifies the identity of the enclave;
acquire, after storing the authentication signing key, authentication data for an authorized user;
store the authentication data in the enclave;
acquire identification data for a potential user;
compare, by locally executing, with the processor, a biometric algorithm in the enclave, the identification data to the authentication data to determine if the potential user is the authorized user; and
send results of the comparison and the authentication signing key to an authentication server.
9 Assignments
0 Petitions
Accused Products
Abstract
In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.
22 Citations
17 Claims
-
1. An electronic client device, comprising:
-
an enclave; at least one processor; at least one memory; at least one driver, wherein the electronic client device is configured to; obtain an authentication signing key from an attestation server; store the authentication signing key in the enclave, wherein the authentication signing key verifies the identity of the enclave; acquire, after storing the authentication signing key, authentication data for an authorized user; store the authentication data in the enclave; acquire identification data for a potential user; compare, by locally executing, with the processor, a biometric algorithm in the enclave, the identification data to the authentication data to determine if the potential user is the authorized user; and send results of the comparison and the authentication signing key to an authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. One or more non-transitory computer readable medium having instructions stored thereon, the instructions, when executed by a processor, cause the processor to:
-
obtain an authentication signing key from an attestation server; store the authentication signing key in the enclave, wherein the authentication signing key verifies the identity of the enclave; acquire, after storing the authentication signing key, authentication data for an authorized user; store the authentication data in an enclave on an electronic client device; acquire identification data for a potential user; and compare, by locally executing a biometric algorithm in the enclave, the identification data to the authentication data to determine if the potential user is the authorized user; and send results of the comparison and the authentication signing key to an authentication server. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification