	US 12,113,902 B2
	Scalable attestation for trusted execution environments
Anjo Lucas Vahldiek-Oberwagner, Portland, OR (US); Ravi L. Sahita, Portland, OR (US); Mona Vij, Hillsboro, OR (US); Dayeol Lee, Irvine, CA (US); Haidong Xia, Folsom, CA (US); Rameshkumar Illikkal, Folsom, CA (US); Samuel Ortiz, Montpellier (FR); Kshitij Arun Doshi, Tempe, AZ (US); Mourad Cherfaoui, Saratoga, CA (US); Andrzej Kuriata, Gdansk (PL); and Teck Joo Goh, Saratoga, CA (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Dec. 22, 2020, as Appl. No. 17/131,684.
Prior Publication US 2021/0111892 A1, Apr. 15, 2021
Int. Cl. G06F 21/53 (2013.01); G06F 21/57 (2013.01); G06F 21/60 (2013.01); G06F 21/72 (2013.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); H04L 9/40 (2022.01)

CPC H04L 9/321 (2013.01) [H04L 9/3242 (2013.01)]

25 Claims

1. A system comprising:

at least one processor;

a network interface operatively coupled to the processor; and

a memory coupled to the processor to store instructions that, when executed by the processor, cause the at least one processor to perform operations comprising:

creating a first trusted execution environment (TEE) for a first function, the first function to produce first processing results for a tenant;

creating a second TEE for a second function, the second function to produce second processing results for the tenant;

configuring a gateway to provide remote access from a client device to the first function;

receiving, from the client device and via the network interface, a request to verify integrity of the second TEE; and

in response to the request:

generating attestation data for the second TEE;

evaluating the attestation data with a surrogate attester to perform validation the second TEE; and

in response to the validation of the second TEE, configuring the gateway to provide remote access from the client device to the second function via the network interface.