Search

EP-4742587-A1 - REMOTE ATTESTATION METHOD, APPARATUS AND RELATED DEVICE

EP4742587A1EP 4742587 A1EP4742587 A1EP 4742587A1EP-4742587-A1

Abstract

This application provides a remote attestation method and apparatus, and a related device. A first computing device has a trusted execution environment. A registration agent component and an application are deployed in the trusted execution environment. Before loading the application, the first computing device runs the registration agent component in the trusted execution environment to obtain a certificate provided by a challenger to the registration agent component. The certificate is generated by the challenger after verification of the challenger on a remote attestation report provided by the registration agent component succeeds. The first computing device configures the certificate and a private key for the application through the registration agent component. The certificate and the private key are used to establish an encrypted channel between the application and a client. According to the foregoing method, logic of remote attestation and obtaining of a certificate and a private key is completed by an independent registration agent component, so that remote attestation on an existing application can be implemented without modifying the application.

Inventors

  • CAI, Qishen
  • XU, XIANGYI
  • JIN, YIER

Assignees

  • Huawei Technologies Co., Ltd.

Dates

Publication Date
20260513
Application Date
20240716

Claims (20)

  1. A remote attestation method, wherein a first computing device has a trusted execution environment, a registration agent component and an application are deployed in the trusted execution environment, and the method comprises: obtaining, by the first computing device through the registration agent component before loading the application, a certificate provided by a challenger to the registration agent component; and configuring, by the first computing device, the certificate and a private key for the application through the registration agent component, wherein the certificate and the private key are used to establish an encrypted channel between the application and a client.
  2. The method according to claim 1 , further comprising: loading, by the first computing device, the application in the trusted execution environment, and establishing the encrypted channel between the application and the client based on the certificate and the private key.
  3. The method according to claim 1 or 2, further comprising: running, by the first computing device, the registration agent component to obtain a remote attestation challenge initiated by the challenger, wherein the remote attestation challenge comprises a random number; and running, by the first computing device, the registration agent component to obtain a remote attestation report of the registration agent component based on the random number and provide the remote attestation report of the registration agent component to the challenger.
  4. The method according to claim 3, wherein obtaining the remote attestation report of the registration agent component based on the random number comprises: running, by the first computing device, the registration agent component to generate a first asymmetric key pair, wherein the first asymmetric key pair comprises a first public key and a first private key; and running, by the first computing device, the registration agent component to obtain the remote attestation report of the registration agent component based on the random number and the first public key.
  5. The method according to claim 3, wherein obtaining the remote attestation report of the registration agent component based on the random number comprises: running, by the first computing device, the registration agent component to generate a first asymmetric key pair, wherein the first asymmetric key pair comprises a first public key and a first private key; running, by the first computing device, the registration agent component to generate a certificate signing request CSR of the registration agent component based on the first asymmetric key pair; and running, by the first computing device, the registration agent component to obtain the remote attestation report of the registration agent component based on the random number and the CSR.
  6. The method according to claim 4 or 5, wherein the private key is the first private key.
  7. The method according to claim 4 or 5, wherein the private key is generated and provided by the challenger to the registration agent component after verification of the challenger on the remote attestation report of the registration agent component succeeds.
  8. The method according to claim 7, wherein the challenger is a certificate service component run on the first computing device, the certificate service component is deployed in a normal world of the first computing device, and the method further comprises: running, by the first computing device, the certificate service component to generate the certificate and the private key when the verification on the remote attestation report of the registration agent component succeeds; running, by the first computing device, the certificate service component to generate a symmetric key and obtain the first public key in the remote attestation report of the registration agent component; running, by the first computing device, the certificate service component to encrypt the certificate and the private key using the symmetric key, to obtain a first digest; running, by the first computing device, the certificate service component to encrypt the symmetric key using the first public key, to obtain a second digest; and running, by the first computing device, the certificate service component to provide the first digest and the second digest to the registration agent component.
  9. The method according to claim 8, wherein the method further comprises: running, by the first computing device, the registration agent component to decrypt the second digest using the first private key, to obtain the symmetric key; and running, by the first computing device, the registration agent component to decrypt the first digest using the symmetric key, to obtain the certificate and the private key.
  10. The method according to claim 8 or 9, further comprising: running, by the first computing device, the certificate service component to send a CSR of the certificate service component to a verifier; and running, by the first computing device, the certificate service component to receive a certificate issued by the verifier to the certificate service component, wherein the certificate of the certificate service component is generated by the verifier when verification on the CSR of the certificate service component succeeds.
  11. The method according to any one of claims 1 to 6, wherein the challenger is a verifier, or the challenger is a second computing device, and the second computing device is verified by the verifier.
  12. A remote attestation method, comprising: initiating, by a challenger, a remote attestation challenge to a registration agent component run in a trusted execution environment of a first computing device, wherein the registration agent component and an application are deployed in the trusted execution environment; and providing, by the challenger, a certificate to the registration agent component, so that the registration agent component configures the certificate for the application, wherein the remote attestation report is provided by the registration agent component to the challenger in response to the remote attestation challenge, and the certificate is used by the first computing device to establish, when the first computing device loads the application in the trusted execution environment, an encrypted channel between the application and a client based on the certificate and a private key.
  13. The method according to claim 12, further comprising: providing, by the challenger, the private key to the registration agent component, wherein the private key is generated by the challenger after verification on the remote attestation report of the registration agent component succeeds.
  14. The method according to claim 13, wherein the method comprises: generating, by the challenger, the certificate and the private key when the verification on the remote attestation report succeeds; generating, by the challenger, a symmetric key, and obtaining a first public key in the remote attestation report of the registration agent component; encrypting, by the challenger, the certificate and the private key using the symmetric key, to obtain a first digest; and encrypting, by the challenger, the symmetric key using the first public key, to obtain a second digest; and providing, by the challenger, the private key to the registration agent component comprises: providing, by the challenger, the first digest and the second digest to the registration agent component.
  15. The method according to any one of claims 12 to 14, wherein before initiating, by the challenger, the remote attestation challenge to the registration agent component run in the trusted execution environment of the first computing device, the method further comprises: sending, by the challenger, a certificate signing request CSR of the challenger to a verifier; and receiving, by the challenger, a certificate of the challenger issued by the verifier, wherein the certificate of the challenger is generated by the verifier when verification on the CSR of the challenger succeeds.
  16. A remote attestation apparatus, comprising an application and a registration agent component, wherein the application and the registration agent component are deployed in a trusted execution environment, and the registration agent component is used to: before the application is started, obtain a certificate provided by a challenger to the registration agent component; and configure the certificate and a private key for the application, wherein the certificate and the private key are used to establish an encrypted channel between the application and a client.
  17. The apparatus according to claim 16, wherein the application is used to establish the encrypted channel between the application and the client based on the certificate and the private key.
  18. The apparatus according to claim 16 or 17, wherein the remote attestation apparatus further comprises a certificate service component, and the certificate service component is used to: generate the certificate and the private key when verification on a remote attestation report of the registration agent component succeeds; generate a symmetric key, and obtain the first public key in the remote attestation report of the registration agent component; encrypt the certificate and the private key using the symmetric key, to obtain a first digest; encrypt the symmetric key using the first public key, to obtain a second digest; and providing the first digest and the second digest to the registration agent component.
  19. A remote attestation apparatus, comprising: a processing module, configured to initiate a remote attestation challenge to a registration agent component run in a trusted execution environment of a first computing device, wherein the registration agent component and an application are deployed in the trusted execution environment of the first computing device; and a communication module, configured to send the remote attestation challenge to the first computing device, wherein the processing module is further configured to generate a certificate of the registration agent component when verification on a remote attestation report of the registration agent component succeeds, so that the registration agent component configures the certificate for the application, wherein the remote attestation report is provided by the registration agent component to the challenger in response to the remote attestation challenge, and the certificate is used by the first computing device to establish, when the first computing device loads the application in the trusted execution environment, an encrypted channel between the application and a client based on the certificate and a private key; and the communication module is further configured to send the certificate to the first computing device.
  20. A computing device, comprising a processor and a memory, wherein the memory is configured to store instructions, the processor is configured to execute the instructions, and when the processor executes the instructions, the method according to any one of claims 1 to 11 is implemented.

Description

This application claims priority to Chinese Patent Application No. 202310996999.9, filed with the China National Intellectual Property Administration on August 8, 2023 and entitled "REMOTE ATTESTATION METHOD AND APPARATUS, AND RELATED DEVICE", which is incorporated herein by reference in its entirety. TECHNICAL FIELD The present invention relates to the field of computer technologies, and in particular, to a remote attestation method and apparatus, and a related device. BACKGROUND In confidential computing technologies, a confidential virtual machine is used as a carrier of a trusted execution environment (trusted execution environment, TEE), and supports a user to completely release an existing application without modification to the confidential virtual machine for running. However, the application still needs to have a capability of implementing remote attestation in the trusted execution environment, to support a client to check a trusted status of the trusted execution environment and establishing an encrypted secure channel with the application. However, currently, after the application is deployed in the trusted execution environment without the modification, the application cannot implement the foregoing remote attestation and establish the encrypted channel with the client. SUMMARY This application provides a remote attestation method and apparatus, and a related device, so that in confidential computing, logic of remote attestation and obtaining of a certificate and a private key can be completed by an independent registration agent component, and remote attestation on an existing application can be implemented without modifying the application. According to a first aspect, this application provides a remote attestation method, applied to a first computing device. The first computing device has a trusted execution environment. A registration agent component and an application are deployed in the trusted execution environment. The method includes: Before loading the application deployed in the trusted execution environment, the first computing device runs the registration agent component to obtain a certificate provided by a challenger to the registration agent component, where the certificate is generated by the challenger after verification of the challenger on a remote attestation report provided by the registration agent component succeeds; and the first computing device configures the certificate and a private key for the application through the registration agent component, where the certificate and the private key are used to establish an encrypted channel between the application and a client. The foregoing method is performed, so that in confidential computing, logic of remote attestation and obtaining of a certificate and a private key is completed by an independent registration agent component, and remote attestation on an existing application can be implemented without modifying the application. In a possible implementation, after the registration agent component configures the certificate and the private key for the application, the first computing device loads the application in the trusted execution environment, and establishes the encrypted channel between the application and the client based on the certificate and the private key. After the encrypted channel between the application and the client is established based on the certificate and the private key, the client and the application can support the client to check a trusted status of the trusted execution environment and communicating with the application through the channel. In a possible implementation, the method further includes: The first computing device runs the registration agent component in the trusted execution environment to obtain a remote attestation challenge sent by the challenger, where the remote attestation challenge includes a random number (number once, nonce); and the first computing device runs the registration agent component to obtain a remote attestation report of the registration agent component based on the random number in the remote attestation component and provide the remote attestation report of the registration agent component to the challenger. After the first computing device runs the registration agent component in the trusted execution environment, the registration agent component receives the remote attestation challenge of the challenger. For example, the registration agent component initiates a registration request to the challenger, and the challenger sends the remote attestation challenge to the registration agent component, to obtain the remote attestation report of the registration agent component to verify the registration agent component. Adding the random number to the remote attestation challenge can improve remote attestation security. In a possible implementation, obtaining the remote attestation report of the registration agent component based on the random number includes: The