Encrypted Communication
Figure 2 describes encrypted communication establishment, in short, it contains the following steps;
- TRE will return one time six-digit token to PP to make sure that one the first one who receives this token can use this username / password to authenticate
- PP will send back the token together with a processing request to TRE
- TRE check this token is not used before, if not used, send the public key received from AIK to PP
- PP uses the received public key to use RSA algorithm to encrypt the username, in our simulating, we always use Mike and send back to TRE with encrypted data
- TRE received the encrypted data and use the AIK private key to decrypt the username
- TRE run the program query and return the result together with the generated quote in Step 1
- PP will run the quote part locally to confirm the TRE is not modified, which is the remote attestation step, and if passed, PP will trust the price value received from TRE.