US Patent 10897360 Addressing a trusted execution environment using clean room provisioning

Methods, systems, and devices are described herein for delivering protected data to a trusted execution environment (TrEE) associated with an untrusted requestor. In one aspect, a targeting protocol head, or other intermediary between a requestor and a key management system or other store of protected data may register a public encryption key of a TrEE that corresponds to a private encryption key held by the TrEE or a symmetric key of the TrEE. The targeting protocol head may receive a request for protected data from a requestor associated with the TrEE, and retrieve the protected data for example, from a key management system or store of protected data. The targeting protocol head may generate targeted protected data by encrypting the protected data with the public encryption key or symmetric key of the TrEE. The targeting protocol head may then send the targeted protected data to the requestor.