公开(公告)号：US11126706B2

公开(公告)日：2021-09-21

申请号：US16491319

申请日：2017-03-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Sampo Sovio ,  Martti Takala ,  Valentin Manea ,  Parvez Shaik ,  Liming Wu

IPC: H04L29/06 ,  G06F21/44 ,  G06F21/12 ,  G06F21/57 ,  G06F21/60 ,  G06F21/74

Abstract: An apparatus including a processor and a memory configured to provide an SEE and an REE. The processor is configured to provide a client application configured to execute at a user privilege level and a hypervisor configured to execute at a hypervisor privilege level. The user privilege level is more restrictive than the hypervisor privilege level. The processor is further configured to provide a trusted application configured to execute within the SEE. The trusted application provides secure services to the client application. The processor is configured to send a request for secure services from the client application to the trusted application, send a measurement request to the hypervisor, generate within the hypervisor a measured value based on the client application, return the measured value to the trusted application, and determine whether the client application is authorized to access the secure services. The authorization determination is based on the measured value.