System and method for establishing a shared secret for communication between different security domains
US9367700B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 16, 2011 |
| Grant date | Jun 14, 2016 |
| Priority date | — |
| Expiry date | May 31, 2032 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2149
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Embodiments may include generating an initial verifier for a first process, the initial verifier generated based on a trusted image of the first process. Embodiments may include, subsequent to generating an untransformed secret associated with the first process, using a reversible transform to transform the untransformed secret with the initial verifier to generate a transformed secret associated with the first process. Embodiments may also include, subsequent to the first process being launched outside of a secure domain, and dependent upon a second verifier generated from a current state of the first process being the same as the initial verifier: using the reversible transform to reverse transform the transformed secret with the second verifier to generate a de-transformed secret equal to the untransformed secret. Embodiments may include performing a secure communication protected with a cryptographic key generated based on the de-transformed secret. The communication may be performed across different security domains.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.