TRANSPORT LAYER SECURITY COMPUTER DEVICES AND METHODS

Organization Name

Microsoft Technology Licensing, LLC

Inventor(s)

Kapil Vaswani of Cambridge (GB)

Siddharth Jayashankar of Pittsburgh PA (US)

Antoine Delignat-lavaud of Cambridge (GB)

Cedric Alain Marie Christophe Fournet of Cambridge (GB)

TRANSPORT LAYER SECURITY COMPUTER DEVICES AND METHODS - A simplified explanation of the abstract

This abstract first appeared for US patent application 18066383 titled 'TRANSPORT LAYER SECURITY COMPUTER DEVICES AND METHODS

Simplified Explanation

The abstract describes a patent application for a computer device that generates public-private key pairs in a trusted execution environment (TEE) and signs attestation data using a TEE private key for secure communication between Transport Layer Security (TLS) endpoints.

• The computer device instantiates a first TLS endpoint with access to a TEE.
• It generates an endpoint-specific public-private key pair in the TEE bound to the first TLS endpoint.
• Attestation data is generated to verify the key pair was created in the TEE and is bound to the TLS endpoint.
• The attestation data is signed in the TEE using a TEE private key embedded in the processor.
• The device generates a TEE signature using an endpoint-specific private key and includes the attestation data, endpoint-specific public key, and TEE signature in a TLS handshake message exchange with a second TLS endpoint.

Potential Applications

This technology can be applied in secure communication protocols, IoT devices, cloud computing, and network security systems.

Problems Solved

1. Ensuring the authenticity and integrity of communication between TLS endpoints. 2. Protecting sensitive data and keys from unauthorized access or tampering.

Benefits

1. Enhanced security for data transmission. 2. Secure key generation and management. 3. Protection against man-in-the-middle attacks.

Potential Commercial Applications

"Secure Communication Technology for IoT Devices and Cloud Networks"

Possible Prior Art

Prior art in secure communication protocols, cryptographic key management, and TEE technology may exist, but specific examples are not provided in the abstract.

Unanswered Questions

How does this technology impact the performance of TLS endpoints?

The abstract does not mention the potential impact on the performance of TLS endpoints when implementing this technology. Further research or testing may be needed to assess any performance implications.

What are the potential limitations or vulnerabilities of this approach?

The abstract does not address any potential limitations or vulnerabilities that may arise from using this technology. A thorough security analysis and risk assessment would be necessary to identify and mitigate any weaknesses in the system.

Original Abstract Submitted

A computer device instantiates a first Transport Layer Security (TLS) endpoint having access to a trusted execution environment (TEE) of the processor; generates in the TEE in an endpoint-specific public-private key pair bound to the first TLS endpoint; generates of attestation data verifying that the endpoint-specific public-private key pair was generated in the TEE and is bound to the first TLS endpoint; and signs the attestation data in the TEE using a TEE private key securely embedded in the processor. The device generates a TEE signature using an endpoint-specific private key of an endpoint-specific public-private key pair; and indicates of the attestation data, an endpoint-specific public key of the endpoint-specific public public-private key pair and the TEE signature to a second TLS endpoint within a TLS handshake message exchange between the first TLS endpoint and the second TLS endpoint.