| CPC H04L 9/3247 (2013.01) [G06F 21/53 (2013.01); G06F 21/74 (2013.01); H04L 9/14 (2013.01); H04L 9/30 (2013.01); H04L 63/061 (2013.01); H04L 2209/127 (2013.01)] | 28 Claims |
|
1. A client device comprising:
memory; and
a processing system coupled to the memory, the processing system configured to perform operations comprising:
provide a template or an indication that a user associated with the client device selects the template to a distributed computing system that is coupled to the client device, wherein the template includes no secrets of the user;
establish a chain of trust from a trusted execution environment to a platform based at least in part on receipt of measurements of the trusted execution environment, which are signed with a platform signing key of the platform, from the platform,
the measurements indicating attributes of the trusted execution environment, which is hosted by the distributed computing system;
determine whether to provision the trusted execution environment with secret information based at least in part on whether the client device receives confirmation from the trusted execution environment that the trusted execution environment has received a policy from the client device, the confirmation indicating the policy; and
provision the trusted execution environment with the secret information in absence of a secure channel between the client device and the trusted execution environment to customize the trusted execution environment with the secret information based at least in part on receipt of the confirmation, which indicates the policy and which confirms that the trusted execution environment has received the policy from the client device, from the trusted execution environment and further based at least in part on the chain of trust in response to the trusted execution environment being launched from the template, which is associated with an operating system that is associated with the platform.
|