公开(公告)号：US20210306164A1

公开(公告)日：2021-09-30

申请号：US17347037

申请日：2021-06-14

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Changzheng Wei ,  Ying Yan ,  Boran Zhao ,  Xuyang Song

IPC: H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14

Abstract: Disclosed herein are methods, systems, and apparatus, for securely executing smart contract operations in a trusted execution environment (TEE). One of the methods includes establishing, by a key management (KM) TEE of a KM node, a trust relationship with a plurality of KM TEEs in a plurality of KM nodes based on performing mutual attestations with the plurality of KM TEEs; initiating a consensus process with the plurality of KM TEEs for reaching consensus on providing one or more encryption keys to a service TEE of the KM node; in response to reaching the consensus with the plurality of KM TEEs, initiating a local attestation process with a service TEE in the KM node; determining that the local attestation process is successful; and in response to determining that the local attestation process is successful, providing one or more encryption keys to the TEE executing on the computing device.

公开(公告)号：US10943006B2

公开(公告)日：2021-03-09

申请号：US16785403

申请日：2020-02-07

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Qi Liu ,  Boran Zhao ,  Ying Yan ,  Changzheng Wei

IPC: H04L9/30 ,  H04L29/06 ,  G06F21/53 ,  G06F21/57 ,  G06F12/0802 ,  G06F9/52

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method is executed by a first thread in multiple threads on a TEE side. The method includes obtaining first data; obtaining a TEE side thread lock; calling a predetermined function by using the first data as an input parameter to switch to a non-TEE side; obtaining a write offset address and a read offset address respectively by reading a first address and a second address; determining whether a quantity of bytes of the first data is less than or equal to a quantity of writable bytes; if so, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; returning to the TEE side; and releasing the TEE side thread lock.

公开(公告)号：US20210019415A1

公开(公告)日：2021-01-21

申请号：US16915585

申请日：2020-06-29

Applicant: Advanced New Technologies Co., Ltd

Inventor： Qi Liu ,  Boran Zhao ,  Ying Yan ,  Changzheng Wei

IPC: G06F21/57 ,  G06F9/54 ,  G06F21/60

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method can be executed by a thread on a TEE side of the TEE system. The method includes obtaining first data; calling a predetermined function using the first data as an input parameter to switch to a non-TEE side; obtaining a write offset address by reading a first address; obtaining a read offset address by reading a second address; determining whether a quantity of bytes of the first data is less than or equal to a quantity of writable bytes; if so, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; and returning to the TEE side.

公开(公告)号：US10896075B1

公开(公告)日：2021-01-19

申请号：US16785328

申请日：2020-02-07

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Qi Liu ,  Boran Zhao ,  Ying Yan ,  Changzheng Wei

IPC: G06F9/54 ,  G06F12/02 ,  G06F21/60 ,  G06F9/52

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method executed by a first thread in multiple threads on a TEE side includes: obtaining first data; obtaining a TEE side thread lock; obtaining a write offset address and a read offset address respectively by reading a first address and a second address; determining whether a quantity of bytes of the first data to be transmitted is less than or equal to a quantity of writable bytes; if the quantity of bytes of the first data is less than or equal to the quantity of writable bytes, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; and releasing the TEE side thread lock.

公开(公告)号：US10884830B1

公开(公告)日：2021-01-05

申请号：US16944866

申请日：2020-07-31

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Qi Liu ,  Boran Zhao ,  Ying Yan ,  Changzheng Wei

IPC: G06F9/54 ,  G06F9/52 ,  G06F21/60 ,  G06F12/02

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method executed by a first thread in multiple threads on a TEE side includes: obtaining first data; obtaining a TEE side thread lock; obtaining a write offset address and a read offset address respectively by reading a first address and a second address; determining whether a quantity of bytes of the first data to be transmitted is less than or equal to a quantity of writable bytes; if the quantity of bytes of the first data is less than or equal to the quantity of writable bytes, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; and releasing the TEE side thread lock.

公开(公告)号：US10860710B2

公开(公告)日：2020-12-08

申请号：US16902864

申请日：2020-06-16

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Changzheng Wei ,  Ying Yan ,  Boran Zhao ,  Xuyang Song ,  Huabing Du

IPC: G06F21/53 ,  H04L9/32 ,  G06F9/455

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, an internal cache hash table stored in the TEE to determine whether the data are included in the internal cache hash table; and in response to determining that the data is included in the internal cache hash table, executing, by the virtual machine, the one or more software instructions by retrieving the data from the internal cache hash table.

公开(公告)号：US11210411B2

公开(公告)日：2021-12-28

申请号：US17315866

申请日：2021-05-10

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Qi Liu ,  Boran Zhao ,  Ying Yan ,  Changzheng Wei

IPC: G06F21/00 ,  G06F21/60 ,  G06F12/06

Abstract: Examples of a data transmission method and apparatus in TEE systems are described. One example of the method includes: obtaining first data; obtaining a write offset address by reading a first address; obtaining a read offset address by reading a second address; determining whether the number of bytes in the first data is less than or equal to the number of writable bytes, where the number of writable bytes is determined based on the write offset address and the read offset address, and each address corresponds to one byte; when the number of bytes in the first data is less than or equal to the number of writable bytes, writing the first data into third addresses starting from the write offset address; and updating the write offset address in the first address.

公开(公告)号：US20210344496A1

公开(公告)日：2021-11-04

申请号：US17378424

申请日：2021-07-16

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Changzheng Wei ,  Ying Yan ,  Hui Zhang ,  Yujun Peng

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/60 ,  H04L9/30 ,  G06F21/57 ,  H04L9/06

Abstract: One or more implementations of the present specification provide a blockchain-based data authorization method and apparatus. The method can include receiving, by a blockchain node, an authentication transaction submitted by a privacy computing platform, where the authentication transaction queries whether a data user has obtained authorization of target data possessed by a data owner, and in response to determining that the data user has obtained authorization of the target data, executing, by the blockchain node, a smart contract invoked by the authentication transaction to provide an authorization token to the privacy computing platform that instructs the privacy computing platform to obtain the target data, and send a computational result of one or more predetermined computational operations based on the target data to the data user.

公开(公告)号：US11153072B2

公开(公告)日：2021-10-19

申请号：US17135813

申请日：2020-12-28

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Changzheng Wei ,  Ying Yan ,  Boran Zhao ,  Xuyang Song ,  Huabing Du

IPC: H04L9/06 ,  G06F9/455 ,  H04L9/32

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, a global state of a blockchain stored in the TEE to locate the data; and executing, by the virtual machine, the one or more software instructions based on the data.

公开(公告)号：US20210019394A1

公开(公告)日：2021-01-21

申请号：US16785403

申请日：2020-02-07

Applicant: Advanced New Technologies Co., Ltd.

Inventor： Qi Liu ,  Boran Zhao ,  Ying Yan ,  Changzheng Wei

IPC: G06F21/53 ,  G06F9/52 ,  G06F12/0802 ,  G06F21/57

Abstract: A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for data transmission in a trusted execution environment (TEE) system. The method is executed by a first thread in multiple threads on a TEE side. The method includes obtaining first data; obtaining a TEE side thread lock; calling a predetermined function by using the first data as an input parameter to switch to a non-TEE side; obtaining a write offset address and a read offset address respectively by reading a first address and a second address; determining whether a quantity of bytes of the first data is less than or equal to a quantity of writable bytes; if so, writing the first data into third addresses starting from the write offset address; updating the write offset address in the first address; returning to the TEE side; and releasing the TEE side thread lock.