INPUT VERIFICATION

US 20160182531A1
Filed: 12/23/2014
Published: 06/23/2016
Est. Priority Date: 12/23/2014
Status: Active Grant

First Claim

Patent Images

1. A computing apparatus comprising:

a trusted execution environment (TEE); and

one or more logic elements comprising an input verification engine (IVE) for operating within the TEE, and operable for;

receiving an input;

validating the input; and

exporting the input to an application outside of the TEE.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an example, a computing device may an input verification engine (IVE) that provides input verification services within a trusted execution environment (TEE), including a memory enclave. Taking a Java-based Android application as an example, the IVE securely verifies and validates user inputs for sensitive computing applications, without exposing the inputs to external applications. The IVE may be implemented in native C/C++ or similar, or may provide instructions to dynamically provision an enclave and import a minimal Java Virtual Machine (JVM) into the enclave so that the IVE can run in Java. The IVE may also contain binary analysis tools to analyze an input binary to identify and tag portions that receive user input, so that in a binary translation, those portions can be run within the enclave.

33 Citations

View as Search Results

25 Claims

1. A computing apparatus comprising:
- a trusted execution environment (TEE); and
  
  one or more logic elements comprising an input verification engine (IVE) for operating within the TEE, and operable for;
  
  receiving an input;
  
  validating the input; and
  
  exporting the input to an application outside of the TEE.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computing apparatus of claim 1, wherein exporting the input further comprises encrypting the input.
  - 3. The computing apparatus of claim 1, wherein exporting the input further comprises signing the input with a key of the TEE.
  - 4. The computing apparatus of claim 1, wherein the IVE is further operable for provisioning an enclave within the TEE.
  - 5. The computing apparatus of claim 4, wherein the IVE is further operable for provisioning a binary translator within the enclave.
  - 6. The computing apparatus of claim 5, wherein the binary translator is a Java Virtual Machine, and wherein the IVE is implemented at least partly in Java.
  - 7. The computing apparatus of claim 6, wherein exporting the input comprises exporting the input to a java native interface wrapper.
  - 8. The computing apparatus of claim 1, wherein the IVE is further operable for analyzing a binary input object.
  - 9. The computing apparatus of claim 8, wherein the binary input object is an executable object.
  - 10. The computing apparatus of claim 8, wherein analyzing the binary input object comprises identifying portions of the object configured to perform input/output operations.
  - 11. The computing apparatus of claim 10, wherein analyzing the binary input object further comprises tagging the portions.
  - 12. The computing apparatus of claim 10, wherein analyzing the binary input object further comprises identifying within the portions instructions to perform operations not legal within an enclave.
  - 13. The computing apparatus of claim 1, wherein the IVE comprises a module selected from the group consisting of a secure network stack, a secure graphics engine, a secure human input device interface engine, a secure audio engine, a secure image processing engine, a secure telemetry engine, a secure global positioning system receiver, and a binary input analyzer.

14. One or more computer-readable storage mediums having stored thereon instructions that, when executed, instruct a processor to provide an input verification engine (IVE) within a trusted execution environment (TEE), the IVE operable for:
- receiving an input;
  
  validating the input; and
  
  exporting the input to an application outside of the TEE.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The one or more computer-readable mediums of claim 14, wherein exporting the input further comprises encrypting the input.
  - 16. The one or more computer-readable mediums of claim 14, wherein exporting the input further comprises signing the input with a key of the TEE.
  - 17. The one or more computer-readable mediums of claim 14, wherein the IVE is further operable for provisioning an enclave within the TEE.
  - 18. The one or more computer-readable mediums of claim 17, wherein the IVE is further operable for provisioning a binary translator within the enclave.
  - 19. The one or more computer-readable mediums of claim 14, wherein the IVE is further operable for analyzing a binary input object.
  - 20. The one or more computer-readable mediums of claim 19, wherein the binary input object is an executable object.
  - 21. The one or more computer-readable mediums of claim 19, wherein analyzing the binary input object comprises identifying portions of the object configured to perform input/output operations.
  - 22. The one or more computer-readable mediums of claim 21, wherein analyzing the binary input object further comprises tagging the portions.
  - 23. The one or more computer-readable mediums of claim 21, wherein analyzing the binary input object further comprises identifying within the portions instructions to perform operations not legal within an enclave.

24. A method of providing an input verification engine (IVE) within a trusted execution environment (TEE), comprising:
- receiving an input;
  
  validating the input; and
  
  exporting the input to an application outside of the TEE.
- View Dependent Claims (25)
- - 25. The method of claim 24, further comprising analyzing a binary input object, comprising:
    - identifying portions of the binary input object configured to perform input/output operations; and
      
      tagging the portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Rubakha, Dmitri, Brinkley, Matthew D.

Granted Patent

US 9,832,207 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/84   output devices, e.g. displa...

H04L 63/06   for supporting key manageme...

H04L 63/123   received data contents, e.g...

INPUT VERIFICATION

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

INPUT VERIFICATION

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links