US 12,229,283 B2
Secure processing systems and methods
Gilles Boccon-Gibod, San Francisco, CA (US); and Gary F. Ellison, San Mateo, CA (US)
Assigned to Intertrust Technologies Corporation, Berkeley, CA (US)
Filed by Intertrust Technologies Corporation, Milpitas, CA (US)
Filed on Oct. 26, 2023, as Appl. No. 18/495,161.
Application 18/495,161 is a continuation of application No. 18/148,085, filed on Dec. 29, 2022, granted, now 11,816,230.
Application 18/148,085 is a continuation of application No. 17/193,299, filed on Mar. 5, 2021, granted, now 11,544,391, issued on Jan. 3, 2023.
Application 17/193,299 is a continuation of application No. 16/676,587, filed on Nov. 7, 2019, granted, now 10,949,550, issued on Mar. 16, 2021.
Application 16/676,587 is a continuation of application No. 16/277,372, filed on Feb. 15, 2019, granted, now 10,949,549, issued on Mar. 16, 2021.
Application 16/277,372 is a continuation of application No. 15/166,025, filed on May 26, 2016, granted, now 10,255,440, issued on Apr. 9, 2019.
Application 15/166,025 is a continuation of application No. 14/509,376, filed on Oct. 8, 2014, granted, now 9,369,280, issued on Jun. 14, 2016.
Application 14/509,376 is a continuation of application No. 13/163,244, filed on Jun. 17, 2011, granted, now 8,874,896, issued on Jan. 28, 2014.
Claims priority of provisional application 61/356,524, filed on Jun. 18, 2010.
Prior Publication US 2024/0054238 A1, Feb. 15, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/60 (2013.01); G06F 21/10 (2013.01); G06F 21/62 (2013.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC G06F 21/602 (2013.01) [G06F 21/105 (2013.01); G06F 21/6218 (2013.01); H04L 9/088 (2013.01); H04L 9/0897 (2013.01); H04L 9/3247 (2013.01); G06F 2221/2149 (2013.01); H04L 2209/127 (2013.01); H04L 2209/603 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A non-transitory computer-readable storage medium storing instructions that, when executed by at least one processor of a system, cause the system to perform a method comprising:
receiving, by a secure abstraction layer of the system from an application executing within a first processing domain of the system, one or more first requests to invoke a secure processing domain of the system to perform one or more operations using secret data within the secure processing domain, the secure processing domain being different, at least in part, than the first processing domain;
generating, by the secure abstraction layer, one or more second requests, the one or more second requests being configured to cause the secure processing domain of the system to perform at least one cryptographic operation using the secret data;
issuing, by the secure abstraction layer, the one or more second requests to the secure processing domain;
receiving, by the secure abstraction layer from the secure processing domain in response to the one or more second requests, one or more responses, the one or more responses comprising second data, the second data being generated by the secure processing domain at least in part by performing the at least one cryptographic operation using the secret data; and
sending, to the application executing within the first processing domain from the secure abstraction layer, the second data.