US 11,658,944 B2
Methods and apparatus for encrypted communication
Gustavo Federico Petri, Cambridge (GB); Guilhem Floréal Bryant, Cambridge (GB); Dominic Phillip Mulligan, St Neots (GB); and Brendan James Moran, Histon (GB)
Assigned to ARM IP LIMITED, Cambridge (GB)
Filed by Arm IP Limited, Cambridge (GB)
Filed on Mar. 13, 2020, as Appl. No. 16/817,852.
Prior Publication US 2021/0288944 A1, Sep. 16, 2021
Int. Cl. H04L 9/08 (2006.01); H04L 9/40 (2022.01); H04L 67/14 (2022.01)
CPC H04L 63/0428 (2013.01) [H04L 9/0841 (2013.01); H04L 63/061 (2013.01); H04L 63/166 (2013.01); H04L 67/14 (2013.01)] 17 Claims
OG exemplary drawing
 
1. An apparatus comprising:
first interface circuitry to communicate with a first computing device;
second interface circuitry to communicate with a second computing device, wherein:
the first interface circuitry is configured to receive a handshake message from the first computing device;
the second interface circuitry is configured to transmit the handshake message to the second computing device and to receive a handshake response message from the second computing device; and
the first interface circuitry is configured to transmit the handshake response message to the first computing device, whereby to establish a communication session between the first computing device and the second computing device, and
trusted execution environment circuitry to execute computer instructions to:
determine a cryptographic session key associated with said communication session;
use said session key to decrypt content of encrypted messages transmitted between the first computing device and the second computing device via the apparatus, and to analyse said decrypted content;
perform an attestation process in respect of computer instructions to be executed by the trusted execution environment circuitry, said computer instructions defining said determining the cryptographic session key and said using the session key;
the apparatus being further configured to, for the attestation process:
responsive to receiving the handshake message at the first interface circuitry, transmit the handshake message with a first attestation token, via the second interface circuitry, to a second apparatus, the first attestation token being in respect of the trusted execution environment circuitry whereby for the second apparatus to transmit the handshake message with the first attestation token and a second attestation token to the second computing device, the second attestation token being in respect of the trusted execution environment circuitry of the second apparatus;
receive, at the second interface, second attestation group key agreement information for a group key agreement generated by the second apparatus in response to first attestation group key agreement information generated by the second computing device in response to verifying the first and second attestation tokens;
generate third attestation group key agreement information for the group key agreement and transmitting the handshake response message to the first computing device with the third attestation group key agreement information, for verification by the first computing device to complete the group key agreement.