SESSION MANAGEMENT FRAMEWORK FOR SECURE COMMUNICATIONS BETWEEN HOST DEVICES AND TRUSTED DEVICES
First Claim
1. One or more non-transitory computer-readable storage mediums having stored thereon executable computer program instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- establishing a security agreement between a host system and a trusted device, the host system including a trusted execution environment (TEE);
initiating a key exchange between the host system and the trusted device, including sending a key agreement message from the host system to the trusted device;
sending an initialization message to the trusted device;
validating capabilities of the trusted device for a secure communication session between the host system and the trusted device;
provisioning secrets to the trusted device and initializing cryptographic parameters with the trusted device; and
sending an activate session message to the trusted device to activate the secure communication session over a secure communication channel.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed to a session management framework for secure communications between host systems and trusted devices. An embodiment of computer-readable storage mediums includes instructions for establishing a security agreement between a host system and a trusted device, the host device including a trusted execution environment (TEE); initiating a key exchange between the host system and the trusted device, including sending a key agreement message from the host system to the trusted device; sending an initialization message to the trusted device; validating capabilities of the trusted device for a secure communication session between the host system and the trusted device; provisioning secrets to the trusted device and initializing cryptographic parameters with the trusted device; and sending an activate session message to the trusted device to activate the secure communication session over a secure communication channel.
-
Citations
21 Claims
-
1. One or more non-transitory computer-readable storage mediums having stored thereon executable computer program instructions that, when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
establishing a security agreement between a host system and a trusted device, the host system including a trusted execution environment (TEE); initiating a key exchange between the host system and the trusted device, including sending a key agreement message from the host system to the trusted device; sending an initialization message to the trusted device; validating capabilities of the trusted device for a secure communication session between the host system and the trusted device; provisioning secrets to the trusted device and initializing cryptographic parameters with the trusted device; and sending an activate session message to the trusted device to activate the secure communication session over a secure communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
one or more processors including a trusted execution environment (TEE); a computer memory to store data including program data; and an interface with a trusted device; wherein the apparatus is to; establish a security agreement with the trusted device; initiate a key exchange with the trusted device, including sending a key agreement message from to the trusted device; send an initialization message to the trusted device; validate capabilities of the trusted device for a secure communication session between the apparatus and the trusted device; provision secrets to the trusted device and initialize cryptographic parameters with the trusted device; and send an activate session message to the trusted device to activate the secure communication session over a secure communication channel. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method comprising:
-
establishing a security agreement between a trusted device and a host system, the host system including a trusted execution environment (TEE); performing a key exchange between the trusted device and the host system; providing capability information for the trusted device to the host system for a secure communication session between the host system and the trusted device; receiving secrets from the host system at the trusted device and establishing cryptographic parameters with the host system; and activating the secure communication session over a secure communication channel with the host system. - View Dependent Claims (18, 19, 20, 21)
-
Specification