公开(公告)号：US20180375667A1

公开(公告)日：2018-12-27

申请号：US16055732

申请日：2018-08-06

Applicant: Huawei Technologies Co., Ltd.

Inventor： Sampo SOVIO ,  Janne HIRVIMIES ,  Valentin MANEA

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/00 ,  H04L29/06 ,  G06F21/53

Abstract: An apparatus includes a processor coupled to a memory wherein the processor and the memory are configured to provide a secure execution environment. The memory includes a shared secret value. The processor is configured to receive a certificate, wherein the certificate includes a device identifier and a digital signature. The processor validates the certificate based on the digital signature and the device identifier, recovers a cryptographic key based on the shared secret value and the device identifier, and performs a cryptographic operation based on the recovered cryptographic key.

公开(公告)号：US20240320317A1

公开(公告)日：2024-09-26

申请号：US18677620

申请日：2024-05-29

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Zhenqiang HUANG ,  Valentin MANEA ,  Jianwei ZHU

IPC: G06F21/44

CPC classification number: G06F21/44

Abstract: A kernel protection method and apparatus, and systems are provided, which relate to the field of security technologies. The method is applied to an electronic device. The method includes: working in a first privilege, and detecting a page table modification command, where the first privilege includes the first privilege, the page table modification command is used to modify access permission data in a target page table, and the target page table is a kernel-related page table; switching from the first privilege to a second privilege, and determining, under the second privilege, whether to modify the target page table based on the page table modification command, where a permission of the second privilege is higher than that of the first privilege; and modifying the access permission data in the target page table if determining to modify the target page table.

公开(公告)号：US20200019695A1

公开(公告)日：2020-01-16

申请号：US16491319

申请日：2017-03-07

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Sampo SOVIO ,  Martti TAKALA ,  Valentin MANEA ,  Parvez SHAIK ,  Liming WU

IPC: G06F21/44 ,  G06F21/57 ,  G06F21/74 ,  G06F21/60 ,  G06F21/12

Abstract: An apparatus including a processor and a memory configured to provide an SEE and an REE. The processor is configured to provide a client application configured to execute at a user privilege level and a hypervisor configured to execute at a hypervisor privilege level. The user privilege level is more restrictive than the hypervisor privilege level. The processor is further configured to provide a trusted application configured to execute within the SEE. The trusted application provides secure services to the client application. The processor is configured to send a request for secure services from the client application to the trusted application, send a measurement request to the hypervisor, generate within the hypervisor a measured value based on the client application, return the measured value to the trusted application, and determine whether the client application is authorized to access the secure services. The authorization determination is based on the measured value.