-
公开(公告)号:US10949547B2
公开(公告)日:2021-03-16
申请号:US16153039
申请日:2018-10-05
Applicant: Google LLC
Inventor: Keith Moyer , Uday Savagaonkar , Chong Cai , Matthew Gingell , Anna Sapek
Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.
-
公开(公告)号:US12197596B2
公开(公告)日:2025-01-14
申请号:US18200648
申请日:2023-05-23
Applicant: Google LLC
Inventor: Keith Moyer , Uday Savagaonkar , Chong Cai , Matthew Gingell , Anna Sapek
IPC: G06F21/44 , G06F21/53 , G06F21/57 , G06F21/60 , G06F21/62 , G06F21/74 , H04L9/08 , H04L9/14 , H04L9/30 , H04L9/32 , H04L9/40
Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.
-
公开(公告)号:US11714912B2
公开(公告)日:2023-08-01
申请号:US17201741
申请日:2021-03-15
Applicant: Google LLC
Inventor: Keith Moyer , Uday Savagaonkar , Chong Cai , Matthew Gingell , Anna Sapek
CPC classification number: G06F21/602 , G06F21/6245 , H04L9/0861 , H04L9/14 , H04L9/30
Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.
-
公开(公告)号:US20210200883A1
公开(公告)日:2021-07-01
申请号:US17201741
申请日:2021-03-15
Applicant: Google LLC
Inventor: Keith Moyer , Uday Savagaonkar , Chong Cai , Matthew Gingell , Anna Sapek
Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.
-
公开(公告)号:US12244582B2
公开(公告)日:2025-03-04
申请号:US18428700
申请日:2024-01-31
Applicant: Google LLC
IPC: H04L9/40 , G06Q30/018 , H04L9/08
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
公开(公告)号:US20240171560A1
公开(公告)日:2024-05-23
申请号:US18428700
申请日:2024-01-31
Applicant: Google LLC
CPC classification number: H04L63/08 , H04L9/0844 , H04L63/0428 , H04L63/101 , G06Q30/0185
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
公开(公告)号:US20230297697A1
公开(公告)日:2023-09-21
申请号:US18200648
申请日:2023-05-23
Applicant: Google LLC
Inventor: Keith Moyer , Uday Savagaonkar , Chong Cai , Matthew Gingell , Anna Sapek
CPC classification number: G06F21/602 , G06F21/6245 , H04L9/0861 , H04L9/14 , H04L9/30
Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.
-
公开(公告)号:US11962576B2
公开(公告)日:2024-04-16
申请号:US17973664
申请日:2022-10-26
Applicant: Google LLC
Inventor: Anna Sapek , Uday Savagaonkar , Jeffrey Thomas Andersen , Thomas Michael Roeder
IPC: H04L9/40 , G06Q30/018 , H04L9/08
CPC classification number: H04L63/08 , H04L9/0844 , H04L63/0428 , H04L63/101 , G06Q30/0185
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
公开(公告)号:US20230039096A1
公开(公告)日:2023-02-09
申请号:US17973664
申请日:2022-10-26
Applicant: Google LLC
Inventor: Anna Sapek , Uday Savagaonkar , Jeffrey Thomas Andersen , Thomas Michael Roeder
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
公开(公告)号:US11509643B2
公开(公告)日:2022-11-22
申请号:US17046547
申请日:2018-07-18
Applicant: Google LLC
Inventor: Anna Sapek , Uday Savagaonkar , Jeffrey Thomas Andersen , Thomas Michael Roeder
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
-
-
-
-
-
-
-
-