PROTECTION OF PRIVACY AND DATA ON SMART EDGE DEVICES
First Claim
1. An apparatus comprising:
- a sensor to produce a stream of sensor data;
an analytics mechanism; and
a trusted execution environment (TEE) including a plurality of keys for data security, wherein the apparatus is to;
exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE of a host server,process the stream of sensor data utilizing the analytics mechanism to generate metadata,perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, and sign the metadata utilizing a private key for the analytics mechanism to generate a signature, andtransfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed to protection of privacy and data on smart edge devices. An embodiment of an apparatus includes a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including multiple keys for data security, the apparatus to exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE on a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, sign the metadata utilizing a private key for the analytics mechanism, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels in a manner that prevents privileged users on the host from accessing the data.
-
Citations
19 Claims
-
1. An apparatus comprising:
-
a sensor to produce a stream of sensor data; an analytics mechanism; and a trusted execution environment (TEE) including a plurality of keys for data security, wherein the apparatus is to; exchange keys with a host server to establish one or more secure communication channels between the apparatus and a TEE of a host server, process the stream of sensor data utilizing the analytics mechanism to generate metadata, perform encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, and sign the metadata utilizing a private key for the analytics mechanism to generate a signature, and transfer the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory computer-readable storage mediums having stored thereon executable computer program instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
receiving a stream of sensor data at an edge device from a sensor; processing the stream of sensor data at the edge device utilizing an analytics mechanism to generate metadata; exchanging keys with a host server to establish one or more secure communication channels between the edge device and a trusted execution environment (TEE) on the host server, the edge device including a TEE including the keys for data security; performing encryption and integrity protection of the metadata utilizing a key from the TEE for the sensor, and signing the metadata utilizing a private key for the analytics mechanism to generate a signature; and transferring the encrypted and integrity protected metadata and the signature to the host server via the one or more secure communication channels. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system comprising:
-
one or more processors including a central processing unit (CPU); a memory including host software; and s a trusted execution environment (TEE) including a secure enclave, the TEE including a second plurality of keys for data security; and wherein the system is to; exchange keys between the system and an edge device to establish one or more secure communication channels between the edge device and the TEE of the system, receive encrypted and integrity protected metadata and a signature from the edge device via the one or more secure communication channels, the metadata being generated from a stream of video data, authenticate the edge device as a source of the metadata using the signature, and decrypt and check integrity of the metadata using a key from the TEE. - View Dependent Claims (17, 18, 19)
-
Specification