METHODS AND APPARATUSES FOR STARTING APPLICATION ON TARGET PLATFORM

Organization Name

Alipay (Hangzhou) Information Technology Co., Ltd.

Inventor(s)

Yulong Zhang of Hangzhou (CN)

Tao Wei of Hangzhou (CN)

METHODS AND APPARATUSES FOR STARTING APPLICATION ON TARGET PLATFORM - A simplified explanation of the abstract

This abstract first appeared for US patent application 18276542 titled 'METHODS AND APPARATUSES FOR STARTING APPLICATION ON TARGET PLATFORM

Simplified Explanation

The abstract describes a method and apparatus for starting an application on a target platform with a verifiable startup chip and a trusted execution environment. The method involves sequentially starting system startup items, measuring and recording startup item information, starting an attestation proxy program, and starting a user application based on the trusted execution environment.

• Method for starting an application on a target platform:

   - Sequentially start system startup items based on a predetermined order.
   - Measure and record startup item information into the verifiable startup chip.
   - Start an attestation proxy program in the trusted execution environment.
   - Start a user application in the trusted execution environment.
   - Determine attestation information for the user application based on local attestation.

Potential Applications

This technology could be applied in secure boot processes for devices, ensuring the integrity of the startup sequence and user applications.

Problems Solved

1. Ensures the secure startup of applications on a target platform. 2. Provides a trusted execution environment for running user applications securely.

Benefits

1. Enhanced security for startup processes. 2. Protection against unauthorized access to user applications. 3. Reliable measurement and recording of startup item information.

Potential Commercial Applications

Securing IoT devices, mobile devices, and other systems that require a trusted startup process.

Possible Prior Art

One possible prior art could be the use of secure boot processes in computer systems to verify the integrity of the startup sequence and prevent unauthorized access to the system.

Unanswered Questions

== How does the method ensure the verifiability of the startup items on the target platform? The method ensures verifiability by measuring and recording startup item information into the verifiable startup chip, providing a secure record of the startup process.

== What are the specific security measures implemented in the trusted execution environment to protect user applications? The trusted execution environment likely includes encryption, secure storage, and access control mechanisms to protect user applications from unauthorized access or tampering.

Original Abstract Submitted

Embodiments of this specification provide a method and an apparatus for starting an application on a target platform, where the target platform includes at least a verifiable startup chip and a trusted execution environment, and the method includes: sequentially starting a plurality of system startup items based on a predetermined startup order, where starting a first startup item included in the plurality of system startup items includes: measuring a next startup item of the first startup item, and recording a measurement result into the verifiable startup chip; starting an attestation proxy program based on the trusted execution environment; and starting a first user application based on the trusted execution environment, and determining, by the attestation proxy program, first attestation information corresponding to the first user application based on local attestation in the trusted execution environment.