公开(公告)号：US20230015537A1

公开(公告)日：2023-01-19

申请号：US17950826

申请日：2022-09-22

Applicant: Intel Corporation

Inventor： Anjo Lucas Vahldiek-Oberwagner ,  Ravi L. Sahita ,  Mona Vij ,  Rameshkumar Illikkal ,  Michael Steiner ,  Thomas Knauth ,  Dmitrii Kuvaiskii ,  Sudha Krishnakumar ,  Krystof C. Zmudzinski ,  Vincent Scarlata ,  Francis McKeen

IPC: G06F21/79 ,  G06F3/06 ,  G06F12/14 ,  H04L9/32 ,  H04L9/14

Abstract: Example methods and systems are directed to reducing latency in providing trusted execution environments (TEEs). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed.

公开(公告)号：US20190065406A1

公开(公告)日：2019-02-28

申请号：US16174337

申请日：2018-10-30

Applicant: Intel Corporation

Inventor： Michael Steiner ,  Thomas Knauth ,  Li Lei ,  Bin Xing ,  Mona Vij ,  Somnath Chakrabarti

IPC: G06F12/14 ,  H04L29/06

Abstract: In a method for protecting extra-enclave communications, a data processing system allocates a portion of random access memory (RAM) to a server application that is to execute at a low privilege level, and the data processing system creates an enclave comprising the portion of RAM allocated to the server application. The enclave protects the RAM in the enclave from access by software that executes at a high privilege level. The server application obtains a platform attestation report (PAR) for the enclave from the processor. The PAR includes attestation data from the processor attesting to integrity of the enclave. The server application also generates a public key certificate for the server application. The public key certificate comprises the attestation data. The server application utilizes the public key certificate to establish a transport layer security (TLS) communication channel with a client application outside of the enclave. Other embodiments are described and claimed.