Skip to main content

Use TEE Identification in EAP-TLS

Document Type Expired Internet-Draft (individual)
Authors Penglin Yang , chenmeiling , Li Su
Last updated 2022-04-25 (Latest revision 2021-10-22)
Stream (None)
Intended RFC status (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


In security considerations, identities of devices like certifications, private keys should be protected and cannot be exposed in public in plaintext during whole lifecycle. When using these identities to make authentications a unified architecture to prevent identity information leakage is needed. This document creates a secure and trusted TEE authentication architecture to authenticate a device's identity based on EAP-TLS and TEE. In this architecture, certificate and handshake keys which are used for EAP- TLS will be executed in TEE. Communication establishment with EAP- TLS Server will be executed in REE. A middle layer is introduced to communicate between TEE and REE to compose the original function of EAP-TLS Client. TEE authentication could be used in LAN or WLAN scenarios.


Penglin Yang
Li Su

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)