公开(公告)号：US20180375667A1

公开(公告)日：2018-12-27

申请号：US16055732

申请日：2018-08-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sampo SOVIO ,  Janne HIRVIMIES ,  Valentin MANEA

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/00 ,  H04L29/06 ,  G06F21/53

Abstract: An apparatus includes a processor coupled to a memory wherein the processor and the memory are configured to provide a secure execution environment. The memory includes a shared secret value. The processor is configured to receive a certificate, wherein the certificate includes a device identifier and a digital signature. The processor validates the certificate based on the digital signature and the device identifier, recovers a cryptographic key based on the shared secret value and the device identifier, and performs a cryptographic operation based on the recovered cryptographic key.

公开(公告)号：US20190272378A1

公开(公告)日：2019-09-05

申请号：US16415939

申请日：2019-05-17

Applicant: Huawei Technologies Co., Ltd.

Inventor： Janne HIRVIMIES ,  Sampo SOVIO

IPC: G06F21/57 ,  G06F8/65 ,  G06F8/71 ,  H04L9/00 ,  H04L9/14

Abstract: The invention relates to an electronic device and a software provisioning server. The electronic device is configured to obey an Anti-Roll Back, ARB, enforcement policy, obtain an ARB exception associated with a software, wherein the ARB exception comprises a signature of the ARB exception and a revision number of the software, check the validity of the signature of the ARB exception, and execute the software having the revision number so as to overrun the ARB enforcement policy if the signature of the ARB exception is valid. The software provisioning server is configured to determine an ARB exception associated with a software for overrunning a ARB enforcement policy in an electronic device, wherein the ARB exception comprises a signature of the ARB exception and a revision number of the software, provide the ARB exception to the electronic device.

公开(公告)号：US20220166608A1

公开(公告)日：2022-05-26

申请号：US17425896

申请日：2019-01-25

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sampo SOVIO ,  Jan-Erik EKBERG

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/30

Abstract: A method for attestation of Control Flow Integrity (CFI) of an application running on an end entity whereby an asymmetric key pair is generated by a Key Management Module (KMM) comprising a private key and a public key, then the public key is signed with a device key unique to the end entity thereby generating a public key certificate which attests to the private key being in possession of the end entity. The asymmetric key pair is based on the executing code of the application and the device key. The attestation claims regarding CFI of the application are signed by the private key in a dedicated signature module.

公开(公告)号：US20200019695A1

公开(公告)日：2020-01-16

申请号：US16491319

申请日：2017-03-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Sampo SOVIO ,  Martti TAKALA ,  Valentin MANEA ,  Parvez SHAIK ,  Liming WU

IPC: G06F21/44 ,  G06F21/57 ,  G06F21/74 ,  G06F21/60 ,  G06F21/12

Abstract: An apparatus including a processor and a memory configured to provide an SEE and an REE. The processor is configured to provide a client application configured to execute at a user privilege level and a hypervisor configured to execute at a hypervisor privilege level. The user privilege level is more restrictive than the hypervisor privilege level. The processor is further configured to provide a trusted application configured to execute within the SEE. The trusted application provides secure services to the client application. The processor is configured to send a request for secure services from the client application to the trusted application, send a measurement request to the hypervisor, generate within the hypervisor a measured value based on the client application, return the measured value to the trusted application, and determine whether the client application is authorized to access the secure services. The authorization determination is based on the measured value.