|
1. A method for securely transferring data between a first trusted computing entity and a second trusted computing entity by an untrusted intermediary, the method comprising: sending, to the second trusted computing entity, a request to create a trusted execution environment (TEE) at the second trusted computing entity, the request comprising a first authentication tag; receiving an indication from the second trusted computing entity that the TEE has been created; after verifying the indication, encrypting a plurality of blocks of data at the first trusted computing entity using, for each block of the data in the plurality of the encrypted blocks of data, a pair comprising a key and an initialization vector; storing, at the first trusted computing entity, a parameterized function for obtaining initialization vectors, the parameterized function being known to the second trusted computing entity; copying the plurality of the encrypted blocks of data from the first trusted computing entity to a virtual address space of the untrusted intermediary such that the second trusted computing entity is able to retrieve the plurality of the encrypted blocks of data by making direct memory access requests using the parameterized function; and enabling data to be transferred between the first trusted computing entity and the second trusted computing entity based at least on the first authentication tag matching a second authentication tag computed by the second trusted computing entity from data received from the direct memory access requests.
|
