阅读说明：本技术 一种用于可信执行计算机指令的系统和方法 (System and method for trusted execution of computer instructions ) 是由 丹·图伊图 阿维盖尔·奥兰 纳尔·什洛莫 于 2019-06-25 设计创作，主要内容包括：一种用于执行多个计算机指令的系统,包括处理电路,所述处理电路具有可信执行环境(trusted execution environment,TEE),用于执行一组安全的计算机指令。可由所述TEE执行的所述一组安全的计算机指令包括：第一组计算机指令,其在一组主要的计算机指令中标识,用于产生第一结果；第二组计算机指令,用于产生与由所述处理电路执行所述一组主要的计算机指令的主要结果相关联的辅助结果。所述处理电路根据所述第一结果产生所述主要结果。(A system for executing a plurality of computer instructions includes processing circuitry having a Trusted Execution Environment (TEE) for executing a set of secure computer instructions. The set of secure computer instructions executable by the TEE include: a first set of computer instructions, identified in a main set of computer instructions, for producing a first result; a second set of computer instructions for generating a secondary result associated with a primary result of execution of the set of primary computer instructions by the processing circuit. The processing circuit generates the primary result from the first result.)

1. A system for executing a plurality of computer instructions, comprising:

processing circuitry having a Trusted Execution Environment (TEE) for executing a set of secure computer instructions, wherein,

the set of secure computer instructions executable by the TEE include:

a first set of computer instructions, identified in a main set of computer instructions, for producing a first result;

a second set of computer instructions for generating a secondary result associated with a primary result of execution of the set of primary computer instructions by the processing circuit;

the processing circuit generates the primary result from the first result.

2. The system of claim 1, wherein executing the first set of computer instructions comprises accessing a secret value stored in the TEE.

3. The system according to claim 2, wherein the secret value is selected from a group of secret values consisting of: a cryptographic value, a symmetric encryption-decryption key value, a private encryption key value, a signature key value, and an input value of a zero-knowledge proof method.

4. The system of claim 2 or 3, wherein the primary result of executing the primary set of computer instructions comprises an indication of a modification target value;

generating the first result comprises generating a modification instruction for modifying the target value using the secret value;

the processing circuitry is to instruct modification of the target value in dependence on a successful result of applying an authorization test to the modification instruction;

generating the auxiliary result includes outputting an indication of the modification instruction.

5. The system of claim 4, wherein the target value indicates an amount of money.

6. The system of claim 4 or 5, wherein outputting the indication of the modification instruction comprises one or more of: write log entries to the log repository, and generate reports.

7. The system according to any of claims 4, 5 and 6, wherein said processing circuit is further configured to send said indication of said modification instruction to another processing circuit, wherein,

the further processing circuitry is to:

receiving an indication from the processing circuit to execute the modification instruction;

applying an audit test to identify in the indication of the modifying instruction the indication to execute the modifying instruction;

and outputting an audit indication when the audit test fails.

8. The system of claim 1, wherein executing the first set of computer instructions comprises executing a plurality of secret computer instructions stored in the TEE.

9. The system of any one of claims 1, 2, 3 and 8,

the primary set of computer instructions is also for receiving a request from a requestor to retrieve a private value stored in a data store connected to the processing circuit;

executing the primary result of the primary set of computer instructions comprises outputting the private value in response to the request;

generating the secondary result includes calculating an authorization value in response to the request in accordance with the identified policy;

generating the first result comprises reading the private value from the data store in accordance with the authorization value;

the processing circuit sends the private value to the requestor to successfully read and decrypt the private value from the data store.

10. The system according to any one of claims 2, 3, 8, and 9, wherein generating the first result further comprises decrypting the private value using the secret value in accordance with the authorization value.

11. The system according to any one of claims 1, 2, 3, 8, 9 and 10, wherein the private value is one of: a person's image, a person's medical image, a biometric value, a name value, a personal identification value, a gender value, an age value, a credit card number value, an account identification value, and an account access credential value.

12. A method for executing a plurality of computer instructions, comprising:

executing a set of secure computer instructions in a TEE of a processing circuit, wherein,

the set of secure computer instructions executable by the TEE include:

a first set of computer instructions, identified in a main set of computer instructions, for producing a first result; and

a second set of computer instructions for generating a secondary result associated with a primary result of execution of the set of primary computer instructions by the processing circuit;

the processing circuit generates the primary result from the first result.

13. The method of claim 12, wherein executing the first set of computer instructions comprises accessing a secret value stored in the TEE.

14. The method of claim 13, wherein the secret value is selected from a group of secret values consisting of: a cryptographic value, a symmetric encryption-decryption key value, a private encryption key value, a signature key value, and an input value of a zero-knowledge proof method.

15. The method of any of claims 13 or 14, wherein the primary result of executing the primary set of computer instructions comprises indicating a modification target value;

generating the first result comprises generating a modification instruction for modifying the target value using the secret value;

the processing circuitry is to instruct modification of the target value in dependence on a successful result of applying an authorization test to the modification instruction;

generating the auxiliary result includes outputting an indication of the modification instruction.

16. The method of claim 15, wherein the target value indicates an amount of money.

17. The method of any of claims 15 or 16, wherein outputting the indication of the modification instruction comprises one or more of: write log entries to the log repository, and generate reports.

18. The method of any of claims 15, 16 and 17, further comprising sending the indication of the modification instruction to another processing circuit; wherein the content of the first and second substances,

the further processing circuitry is to:

receiving an indication from the processing circuit to execute the modification instruction;

applying an audit test to identify in the indication of the modifying instruction the indication to execute the modifying instruction;

and outputting an audit indication when the audit test fails.

19. The method of claim 12, wherein executing the first set of computer instructions comprises executing a plurality of secret computer instructions stored in the TEE.

20. The method of any one of claims 12, 13, 14 and 19,

the primary set of computer instructions is also for receiving a request from a requestor to retrieve a private value stored in a data store connected to the processing circuit;

executing the primary result of the primary set of computer instructions comprises outputting the private value in response to the request;

generating the secondary result includes calculating an authorization value in response to the request in accordance with the identified policy;

generating the first result comprises reading the private value from the data store in accordance with the authorization value;

the processing circuit sends the private value to the requestor to successfully read and decrypt the private value from the data store.

21. A method as claimed in any one of claims 13, 14, 19 and 20, wherein generating the first result further comprises decrypting the private value using the secret value in dependence on the authorisation value.

22. The method according to any one of claims 12, 13, 14, 19, 20 and 21, wherein the private value is one of: a person's image, a person's medical image, a biometric value, a name value, a personal identification value, a gender value, an age value, a credit card number value, an account identification value, and an account access credential value.

23. A non-transitory computer-readable storage medium characterized by comprising program code, which when executed by a computer, causes the computer to perform the method of claim 12.

Background

In some embodiments thereof, the present invention relates to a system for executing a plurality of computer instructions, and more particularly, but not exclusively, to a system for preventing malicious intervention in executing the plurality of computer instructions.

For the sake of brevity, the term "service" is used hereinafter to refer to a computer-based service that is provided by a computer-based system or device, perhaps by executing code for providing the computer-based service. As used hereinafter, an attacker is an entity-either an individual or an organization-that attempts to benefit from disrupting a service, and additionally or alternatively from gaining unauthorized access to the service.

Services face an increasing known risk of being threatened by attackers who attempt to benefit from interrupting the service, or from gaining unauthorized access to the service. Some hardware processors implement a Trusted Execution Environment (TEE), providing an isolated execution environment in which computer instructions and data loaded into the TEE are not accessible to other computer instructions executed by processing circuitry external to the TEE. Loading computer instructions and data to the TEE requires authenticating the loading entity, loading the computer instructions and data, and authorizing the loading entity to access the TEE. The TEE provides integrity to the execution of computer instructions such that the execution of computer instructions is not interrupted by other computer instructions and computer instructions are not altered by other computer instructions. Furthermore, the data in the TEE is private data to the computer instructions, which other computer instructions cannot access, neither read nor write.

Disclosure of Invention

It is an object of the present invention to provide a system and method for securely executing a plurality of computer instructions.

The foregoing and other objects are achieved by the features of the independent claims. Further forms of implementation are apparent from the independent claims, the description and the drawings.

According to a first aspect of the present invention there is provided a system for executing a plurality of computer instructions, comprising: processing circuitry having a Trusted Execution Environment (TEE) for executing a set of secure computer instructions. According to a first aspect, the set of secure computer instructions executable by the TEE include: a first set of computer instructions, identified in a main set of computer instructions, for producing a first result; and a second set of computer instructions for generating a secondary result associated with a primary result of execution of the set of primary computer instructions by the processing circuit. According to a first aspect, the processing circuit generates the primary result from the first result.

According to a second aspect of the present invention there is provided a method for executing a plurality of computer instructions, comprising: a set of secure computer instructions is executed in a TEE of a processing circuit. According to a second aspect, the set of secure computer instructions executable by the TEE include: a first set of computer instructions, identified in a main set of computer instructions, for producing a first result; and a second set of computer instructions for generating a secondary result associated with a primary result of execution of the set of primary computer instructions by the processing circuit. According to a second aspect, the processing circuit generates the primary result from the first result.

According to a third aspect of the present invention, there is provided a non-transitory computer readable storage medium comprising program code which, when executed by a computer, causes the computer to perform the method of the second aspect of the present invention.

With reference to the first and second aspects, in a first possible implementation manner of the first and second aspects of the invention, executing the first set of computer instructions includes accessing a secret value stored in the TEE. Optionally, the secret value is selected from a group of secret values comprising: a cryptographic value, a symmetric encryption-decryption key value, a private encryption key value, a signature key value, and an input value of a zero-knowledge proof method. Optionally, executing the first set of computer instructions comprises executing a plurality of secret computer instructions stored in the TEE. By accessing a secret value stored in the TEE and additionally or alternatively executing the first set of computer instructions by executing a plurality of secret computer instructions stored in the TEE, it is facilitated to add protection to the primary result (e.g., signature, cryptographic signature or encryption) of executing the set of primary computer instructions, as the primary result is generated from, e.g., using or from, the first result of executing the first set of computer instructions, thereby improving the stability of a system implementing the present invention and improving the availability of services provided by the system.

With reference to the first aspect and the second aspect, or the first implementation manner of the first aspect and the second aspect, in a second possible implementation manner of the first aspect and the second aspect of the present invention, the main result of executing the main set of computer instructions includes: indicating a modification target value; generating the first result comprises generating a modification instruction for modifying the target value using the secret value, the processing circuitry indicating modification of the target value in dependence on a successful result of applying an authorisation test to the modification instruction; and generating the auxiliary result comprises outputting an indication of the modification instruction. Optionally, the target value indicates an amount of money. And indicating to modify the target value according to a successful result of applying an authorization test to the modification instruction, and outputting an indication of the modification instruction, so that monitoring of the auditing system is facilitated, the risk of unauthorized modification of the target value is reduced, and the stability and reliability of the system are improved.

With reference to the first aspect and the second aspect, or the first implementation manner and the second implementation manner of the first aspect and the second aspect, in a third possible implementation manner of the first aspect and the second aspect of the present invention, the outputting the indication of the modification instruction includes one or more of: write log entries to the log repository, and generate reports. Optionally, the processing circuit is further configured to send the indication of the modification instruction to another processing circuit. Optionally, the further processing circuitry is to: receiving an indication from the processing circuit to execute the modification instruction; applying an audit test to identify in the indication of the modifying instruction the indication to execute the modifying instruction; and outputting an audit indication in case the audit test fails. An audit test is applied to identify in the indication of the modification instruction (e.g., in a log repository or report) the indication to execute the modification instruction, thereby reducing the probability of unauthorized modification of the target value not being detected, which in turn improves the reliability and stability of the system.

With reference to the first aspect and the second aspect, or the first implementation manner of the first aspect and the second aspect, in a fourth possible implementation manner of the first aspect and the second aspect of the present invention, the set of main computer instructions is further configured to receive, from a requester, a request to retrieve a private value stored in a data storage connected to the processing circuit; executing the primary result of the primary set of computer instructions comprises outputting the private value in response to the request; generating the secondary result includes calculating an authorization value in response to the request in accordance with the identified policy; generating the first result comprises reading the private value from the data store in accordance with the authorization value; and the processing circuitry sends the private value to the requestor to successfully read and decrypt the private value from the data store. Sending the private value to the requestor to successfully read and decrypt the private value from the data store, thereby improving reliability and stability of the system. Optionally, generating the first result further comprises decrypting the private value using the secret value in accordance with the authorization value. Optionally, the private value is one of: a person's image, a person's medical image, a biometric value, a name value, a personal identification value, a gender value, an age value, a credit card number value, an account identification value, and an account access credential value.

Other systems, methods, features and advantages of the invention will be, or will become, apparent to one with skill in the art upon examination of the following figures and detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Although methods and materials similar or equivalent to those described herein can be used in the practice or testing of embodiments of the present invention, only exemplary methods and/or materials are described below. In case of conflict, the patent specification, including definitions, will control. In addition, the materials, methods, and examples are illustrative only and not necessarily limiting.

Drawings

Some embodiments of the invention are described herein, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of the embodiments of the present invention. Thus, it will be apparent to one skilled in the art from the description of the figures how embodiments of the invention may be practiced.

In the drawings:

FIG. 1 illustrates a schematic block diagram of an exemplary system provided in accordance with some embodiments of the invention;

FIG. 2 illustrates a flow diagram that schematically represents an alternative operational flow, provided in accordance with some embodiments of the present invention;

FIG. 3 illustrates a schematic block diagram representation of an exemplary data flow for generating signature instructions provided in accordance with some embodiments of the present invention;

FIG. 4 illustrates a schematic block diagram representation of an exemplary data flow for accessing private data provided in accordance with some embodiments of the present invention;

FIG. 5 illustrates a flow chart that schematically represents an optional operational flow for auditing, provided in accordance with some embodiments of the present invention.

Detailed Description

In some embodiments thereof, the present invention relates to a system for executing a plurality of computer instructions, and more particularly, but not exclusively, to a system for preventing malicious intervention in executing the plurality of computer instructions.

In addition to implementing the services, a system that provides the services typically implements one or more tools for monitoring the system and possibly generating reports about the system. Some systems implement one or more tools for executing policies that govern access to and behavior of the system. Some such tools enable a system administrator to identify attacks on the system. However, an attacker may gain control of the tool and use the tool to hide the attack. For example, when a system includes a logging and reporting tool that stores an entry for each operation performed by the service, the attacker may gain control of the logging and reporting tool and log an unauthorized operation as an authorized operation to prevent the system administrator from detecting the unauthorized operation by comparing a report generated by the logging and reporting tool with a report generated by a target system of the unauthorized operation. For example, in a banking system, an attacker gaining control over the recording and reporting instrument may trigger execution of an unauthorized financial transaction that benefits a banking account owned by the attacker, such that the unauthorized financial transaction is recorded and reported as an authorized financial transaction. Alternatively, the attacker may remove the record of the unauthorized financial transaction so that the unauthorized financial transaction does not appear in the report. In another example, in a system implementing a policy executor, the attacker may gain control over the policy executor and authorize the execution of operations that the policy executor will not authorize. For example, in a system that includes a data store that stores private data, the attacker may access the private data values by forging the results of the authorization process.

There are systems that use TEEs to protect content on a computing device that includes the TEE. Another example of existing use of TEE is to authenticate a user of the computing device, for example, using one or more biometric methods. However, there are services that cannot be performed in a single TEE, such as services that include digital network communication between at least two processors.

In some embodiments of the invention, the invention proposes to execute a basic part of the service and an auxiliary part of the service in the TEE, wherein the service provided by the system depends on the execution of the basic part and the result of the execution of the auxiliary part is associated with the service provided by the system. Executing both the primary portion and the secondary portion in the TEE reduces the risk of providing the service without executing the secondary portion. When the auxiliary portion is part of a means for preventing an attack on the system, executing both the base portion and the auxiliary portion in the TEE reduces the risk of an attacker bypassing the means for preventing the attack, since the service may not be provided without executing the auxiliary portion, thereby improving the reliability and stability of the system and the availability of the service.

According to the invention, in some embodiments said service provided by the riser system is the primary result of executing a primary set of computer instructions. In such embodiments, the base portion is a first set of computer instructions identified in the set of primary computer instructions such that the primary result is generated from a first result produced by executing the base portion, e.g., using or producing the primary result from the first result. In a first example, when the primary result comprises a response to a request, the base portion may comprise reading a private value from a data store, and the first result may comprise the private value. In the first example, the response to the request is generated using the private value. In a second example, when the primary result includes an indication to modify one or more values, the base portion may include a generate signature modification instruction, and the first result may include a signature generated using a secret stored in the TEE. In the second example, the modification instruction is signed using the signature. Optionally, the signature is a cryptographic signature and the modification instruction is a cryptographically signed modification instruction.

In some embodiments wherein the primary result is generated in accordance with the first result, optionally the first result is associated with a secondary result of executing a secondary set of computer instructions. Executing, by the TEE, the set of assisted computer instructions to generate the assisted result and the first set of computer instructions provides integrity for an association between the first result and execution of the set of assisted computer instructions. Since, in such embodiments, the primary result is generated in accordance with the first result, execution of both the set of secondary computer instructions and the first set of computer instructions by the TEE provides integrity to the association between the primary result and execution of the set of secondary computer instructions such that the primary result is not generated without execution of the set of secondary computer instructions, thereby improving the accuracy and reliability of the primary result, which in turn improves the stability and reliability of the system and the availability of the service.

In the first example, when the primary result includes the response to the request, the secondary result may include an authorization value calculated for a user sending the request. In the first example, the private value is retrieved in accordance with the authorization value, such that the response is generated in accordance with the authorization value.

In the second example, when the primary result includes an indication to modify the one or more values, generating the secondary result may include outputting an indication of the modification instruction, e.g., by writing a log entry to a log repository. In the second example, another indication of another instruction to modify the one or more values is not output, the another indication resulting from other computer instructions not executed by the TEE.

Further, according to some embodiments of the invention, generating the auxiliary result comprises sending an indication of the modification instruction to another processing circuit. Optionally, signing the indication of the modification instruction, optionally by using the secret stored in the TEE. Further, the indication to execute the modification instruction is optionally sent to the further processing circuitry. Optionally, the further processing circuitry applies an audit test to identify in the indication of the modifying instruction the indication to execute the modifying instruction. The further processing circuitry may output an audit indication in the event that the audit test fails. Applying an audit test to identify in the indication of the modification instruction that the indication of the modification instruction is to be executed increases the probability that unauthorized modification of the one or more values is detected, thereby increasing the stability and reliability of the system and the availability of the service.

Before explaining at least one embodiment of the invention in detail, it is to be understood that the invention is not necessarily limited in its application to the details of construction and the arrangement of the components and/or methods set forth in the following description and/or illustrated in the drawings and/or examples. The invention is capable of other embodiments or of being practiced or carried out in various ways.

The present invention may be a system, method and/or computer program product. The computer program product may include one (or more) computer-readable storage media having computer-readable program instructions for causing a processor to perform various aspects of the present invention.

The computer readable storage medium may be a tangible device that can store and store instructions for use by an instruction execution device. For example, the computer-readable storage medium may be, but is not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing.

The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network.

The computer readable program instructions may execute entirely on the user's computer or partly on the user's computer, or as a stand-alone software package, partly on the user's computer and partly on a remote computer, or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (e.g., using the Internet from an Internet service provider). In some embodiments, an electronic circuit comprising a programmable logic circuit, a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), or the like, may execute computer readable program instructions with state information of the computer readable program instructions to personalize the electronic circuit in order to perform aspects of the present invention.

Aspects of the present invention are described herein in connection with flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Referring now to fig. 1, shown is a schematic block diagram of an exemplary system 100 provided in accordance with some embodiments of the present invention. In such embodiments, the processing circuitry 101 has a Trusted Execution Environment (TEE) 111 for executing a secure set of computer instructions. The processing circuitry may be any type of programmable or non-programmable circuitry for performing the operations described in this disclosure. The processing circuitry may include hardware as well as software. For example, the processing circuitry may include one or more processors and transitory or non-transitory memory carrying programs that, when executed by the one or more processors, cause the processing circuitry to perform respective operations. Some examples of TEEs are as follows: intel Software protection Extensions (Intel Software Guard Extensions, Intel SGX), ARM TrustZone, Secure Encrypted Virtualization (SEV), RISC-V key, and Hardware Security Module (HSM).

For the sake of brevity, the term "processor" is used hereinafter to refer to "processing circuitry". Optionally, the processor 101 is connected to a data storage 122, e.g. for storing private data. Optionally, the data storage 122 includes a log repository. Optionally, the data storage 122 includes non-volatile memory, such as one or more of a hard disk, network attached storage, and a storage network. Optionally, the TEE111 is connected to a data store 122. Optionally, the processor 101 is connected to one or more digital communication network interfaces 121, optionally for receiving one or more requests from a requester. The requester may be an application executed by the other processor 131, optionally connected to the processor 101, optionally via one or more digital communication network interfaces 121. Optionally, one or more digital communication network interfaces 121 are connected to a local area network, such as an ethernet or wireless network. Optionally, one or more digital communication network interfaces 121 are connected to a wide area network, such as the internet.

Additionally or alternatively, the processor 101 optionally other processor 131 sends one or more instructions for modifying the one or more target values. Optionally, the one or more modification instructions are one or more signature instructions. Further additionally or alternatively, the processor 101 optionally sends one or more reports to the other processor 131. Further additionally or alternatively, the processor 101 optionally communicates with other processors 131 for authenticating and authorizing requestors that send the one or more requests. Optionally, the other processors 131 comprise a plurality of hardware processors.

The processor 101 optionally executes a main set of computer instructions. To execute the main set of computer instructions, in some embodiments of the invention, system 100 implements the following alternative methods.

Referring now also to fig. 2, a flow diagram is shown schematically representing an alternative operational flow 200, provided in accordance with some embodiments of the present invention. In 211, the processor 101 optionally receives requests from requesters, optionally from other processors 131. Optionally, the request is to retrieve a private value stored in the data store 122. In 201, processor 101 optionally executes a secure set of computer instructions in TEE 111.

Optionally, executing a main set of computer instructions has a main result. Optionally, the primary result of executing the primary set of computer instructions includes an indication to modify a target value. For example, the target value may indicate an amount of money, such as when system 100 is a banking system and the target value is an amount of balance of a user's bank account. In this example, the set of primary computer instructions may include processing a request to transfer the determined amount of money from one bank account to a second bank account to indicate a modification to the target value, which may include increasing an amount of balance of the source bank account or decreasing another amount of balance of the target bank account. Optionally, the primary result of executing the primary set of computer instructions comprises outputting a private value in response to a request received from the requestor. Some examples of private values are as follows: a person's image, a person's medical image, a biometric value, a name value, a personal identification value, a gender value, an age value, a credit card number value, an account identification value (such as a bank account or a computer-based service account), and an account access credential value.

Optionally, the set of secure computer instructions executed in TEE111 includes a first set of computer instructions identified in the set of primary computer instructions for producing a first result. Optionally, the processor 101 generates the primary result from the first result. Optionally, generating the first result comprises generating a modification instruction for modifying the target value, for example when the primary result comprises an indication to modify the target value. In this example, processor 101 instructs modification of the target value according to the modification instruction generated by TEE 111. Optionally, executing the first set of computer instructions comprises accessing a secret value stored in the TEE, for example when the modifying instruction is signed and additionally or alternatively encrypted. Some examples of secret values are a cipher value, a symmetric encryption-decryption key value, a private encryption key value, a signature key value, and an input value of a zero-knowledge proof method. Optionally, the modification instruction is generated using the secret value. For example, the modification instruction is optionally generated such that the other processor 131 modifies the target value in accordance with a successful result of applying an authorization test to the modification instruction. Optionally, a successful result of applying the authorization test to the modification instruction depends on the secret value.

Optionally, generating the first result comprises reading the private value from the data store 122. For example, processor 101 may output the private value read by TEE111 in response to the request received from the requestor. Optionally, generating the first result comprises decrypting the private value using the secret. Optionally, executing the first set of computer instructions comprises executing a plurality of secret computer instructions stored in the TEE, for example, for computing a signature or cryptographic signature. Other examples of the plurality of secret computer instructions include: encrypting computer instructions for encrypting a value; and decrypting computer instructions for decrypting the encrypted value.

Optionally, the set of secure computer instructions executed in TEE111 includes a second set of computer instructions for generating an auxiliary result. Optionally, the auxiliary result produced by the TEE111 executing the second set of computer instructions is associated with the primary result produced by the processor 101 executing the primary set of instructions. For example, generating the auxiliary result optionally includes sending an indication of the modification instruction in 221. Thus, in this example, the primary result of an instruction modifying the target value is associated with the indication of the modifying instruction. Optionally, generating the secondary result comprises calculating an authorization value in response to the request. Optionally, the authorization value is calculated according to an identified policy. Optionally, the first result is generated in accordance with the authorization value. For example, the TEE111 may read the private value from the data store 131 according to the authorized value. Optionally, TEE111 decrypts the private value read from data store 131 according to the authorized value using the secret value. Optionally, the processor 101 sends the private value to the requestor to successfully read and decrypt the private value from the data store. Thus, in some embodiments, the primary result of sending the private value to the requestor is associated with the secondary result of calculating the authorization value.

Optionally, outputting the indication of the modification instruction in 211 comprises writing a log entry to a log repository, such as a log repository stored on data store 122 or a log repository managed by other processor 131. Optionally, outputting the indication of the modification instruction comprises generating a report.

To understand the possible relationship between the primary result of the execution of the set of primary computer instructions by processor 101, the first result of the execution of the first set of computer instructions in TEE111, and the secondary result of the execution of the second set of computer instructions in TEE111, reference is now also made to fig. 3, which illustrates a schematic block diagram representing an exemplary data flow 300 for generating signature instructions provided in accordance with some embodiments of the present invention. In such embodiments, the primary result of executing the set of primary instructions by processor 101 is the generation of a signature instruction for modifying the target value. Signing the instruction for modifying the target value allows the target value to be protected such that only entities are authorized to modify the target value. Optionally, the instruction to modify the target value is cryptographically signed. In such embodiments, TEE111 receives unsigned modify instruction 301, e.g., generated by processor 101 executing some of the main set of computer instructions. Optionally, TEE111 executes the first set of computer instructions to sign modification instruction 301, resulting in signature instruction 302. Further, the TEE optionally executes the second set of computer instructions to generate an auxiliary result trusted report 310. Trusted report 310 optionally includes data indicative of signed instructions 302. An attacker attempting to generate unauthorized signature instructions cannot generate an associated trusted report because of the generation of trusted report 310 in the TEE as a result of execution of the second set of computer instructions by the TEE.

Another possible relationship between executing the primary result of the set of primary computer instructions, executing the first result of the first set of computer instructions in TEE111, and executing the secondary result of the second set of computer instructions in TEE111 includes policing access to private data stored in data storage 122. Referring now also to fig. 4, shown is a schematic block diagram representation of an exemplary data flow 400 for accessing private data provided in accordance with some embodiments of the present invention. In such embodiments, the TEE 101 receives the request 401 from a requestor, which is optionally executed by other processors 131. Optionally, the request 401 is to retrieve a private data value from the data store 122. Optionally, TEE111 executes the second set of computer instructions to calculate an authorization value, optionally accessing the identified policy at 402. Optionally, the identified policy is stored in a ledger based on blockchains. Optionally, in 402, TEE111 accesses an authorization service that implements the identified policy, such as an OAuth-based authorization service. Optionally, TEE111 executes the first set of computer instructions to read the private value in accordance with the authorized value at 420. Accordingly, access to the data store 122 is regulated in 420 according to the identified policy. The TEE111 optionally provides the private data value of the response 411 to the requestor in accordance with the authorization value. Since the data store 122 is accessed by the TEE111 executing the first set of computer instructions according to the authorized values resulting from the TEE executing the second set of computer instructions, an attacker cannot access the data store 122.

Referring now again to FIG. 2, when processor 101 sends an indication of the modification instruction at 221 via TEE111, the indication may be used to audit system 100. Referring now also to fig. 5, shown is a flow diagram schematically representing an optional operational flow 500 for auditing provided in accordance with some embodiments of the present invention. In such embodiments, processor 101 sends the indication of the modification instruction to other processors 131. In 501, the other processor 131 optionally receives an indication to execute the modifying instruction, e.g. an indication to receive the modifying instruction from the processor 101 or from an additional processor for receiving the modifying instruction from the processor 101. In 511, other processor 131 optionally applies an audit test to identify in the indication of the modification instruction (e.g., in a log repository or report) the indication to execute the modification instruction. For example, when the target balance of the target bank account increases, the other processor 131 may receive an indication of the increase. In this example, processor 131 applies the audit test to identify the increase in the instructions for modifying the target bank account. In the event that the audit test fails, other processors 131 optionally output an audit indication 521. For example, where the increase is identified as failing in the instructions for modifying the target bank account, other processor 131 may output an audit indication to alert an administrator that there may be an unauthorized increase in the target balance of the target bank account.

The description of the various embodiments of the present invention is intended to be illustrative, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen to best explain the principles of the embodiments, the practical application, or technical advances, or to enable others skilled in the art to understand the embodiments disclosed herein, as compared to techniques available in the market.

It is expected that during the life of a patent maturing from this application many relevant trusted execution environments will be developed and the scope of the term trusted execution environment is intended to include all such new technologies a priori.

The term "about" as used herein means ± 10%.

The terms "including," comprising, "" having, "and variations thereof mean" including, but not limited to. This term includes the terms "consisting of … …" and "consisting essentially of … …".

The phrase "consisting essentially of …" means that the composition or method may include additional ingredients and/or steps, provided that the additional ingredients and/or steps do not materially alter the basic and novel characteristics of the claimed composition or method.

As used herein, the singular forms "a", "an" and "the" include plural referents unless the context clearly dictates otherwise. For example, the term "compound" or "at least one compound" may comprise a plurality of compounds, including mixtures thereof.

The word "exemplary" is used herein to mean "serving as an example, instance, or illustration. Any "exemplary" embodiment is not necessarily to be construed as preferred or advantageous over other embodiments and/or to exclude the presence of other combinations of features of embodiments.

The word "optionally" is used herein to mean "provided in some embodiments and not provided in other embodiments". Any particular embodiment of the invention may incorporate a plurality of "optional" features, unless these features contradict each other.

Throughout this application, various embodiments of the present invention may be presented in a range format. It is to be understood that the description of the range format is merely for convenience and brevity and should not be construed as a fixed limitation on the scope of the present invention. Accordingly, the description of a range should be considered to have specifically disclosed all the possible sub-ranges as well as individual numerical values within that range. For example, description of a range such as from 1 to 6 should be considered to have specifically disclosed sub-ranges such as from 1 to 3, from 1 to 4, from 1 to 5, from 2 to 4, from 2 to 6, from 3 to 6, etc., as well as individual numbers within the range, such as 1, 2, 3, 4, 5, and 6. This applies regardless of the breadth of the range.

When a range of numbers is indicated herein, the expression includes any number (fractional or integer) recited within the indicated range. The phrases "in the first indicated number and the second indicated number range" and "from the first indicated number to the second indicated number range" and used interchangeably herein are meant to include the first and second indicated numbers and all fractions and integers in between.

It is appreciated that certain features of the invention, which are, for brevity, described in the context of a single embodiment, may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment, may also be provided separately or in any suitable subcombination or as any suitable other embodiment of the invention. Certain features described in the context of various embodiments are not considered essential features of those embodiments unless the embodiments are not otherwise invalid.

All publications, patents and patent specifications mentioned in this specification are herein incorporated in the specification by reference, and likewise, each individual publication, patent or patent specification is specifically and individually incorporated herein by reference. In addition, citation or identification of any reference in this application shall not be construed as an admission that such reference is available as prior art to the present invention. To the extent that section headings are used, they should not be construed as necessarily limiting.