Skip to main content

Use TEE Identification in EAP-TLS
draft-chen-rats-tee-identification-03

Document Type Expired Internet-Draft (individual)
Authors Penglin Yang , chenmeiling , Li Su
Last updated 2022-04-25 (Latest revision 2021-10-22)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

In security considerations, identities of devices like certifications, private keys should be protected and cannot be exposed in public in plaintext during whole lifecycle. When using these identities to make authentications a unified architecture to prevent identity information leakage is needed. This document creates a secure and trusted TEE authentication architecture to authenticate a device's identity based on EAP-TLS and TEE. In this architecture, certificate and handshake keys which are used for EAP- TLS will be executed in TEE. Communication establishment with EAP- TLS Server will be executed in REE. A middle layer is introduced to communicate between TEE and REE to compose the original function of EAP-TLS Client. TEE authentication could be used in LAN or WLAN scenarios.

Authors

Penglin Yang
chenmeiling
Li Su

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)