-
公开(公告)号:US20230297697A1
公开(公告)日:2023-09-21
申请号:US18200648
申请日:2023-05-23
Applicant: Google LLC
Inventor: Keith Moyer , Uday Savagaonkar , Chong Cai , Matthew Gingell , Anna Sapek
CPC classification number: G06F21/602 , G06F21/6245 , H04L9/0861 , H04L9/14 , H04L9/30
Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.
-
公开(公告)号:US20240126930A1
公开(公告)日:2024-04-18
申请号:US18392055
申请日:2023-12-21
Applicant: Google LLC
Inventor: Uday Savagaonkar , Eric Northup
CPC classification number: G06F21/72 , G06F13/4221 , G06F21/602 , G06F21/79 , G06F2213/0026
Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.
-
公开(公告)号:US11962576B2
公开(公告)日:2024-04-16
申请号:US17973664
申请日:2022-10-26
Applicant: Google LLC
Inventor: Anna Sapek , Uday Savagaonkar , Jeffrey Thomas Andersen , Thomas Michael Roeder
IPC: H04L9/40 , G06Q30/018 , H04L9/08
CPC classification number: H04L63/08 , H04L9/0844 , H04L63/0428 , H04L63/101 , G06Q30/0185
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
公开(公告)号:US11947662B2
公开(公告)日:2024-04-02
申请号:US17950205
申请日:2022-09-22
Applicant: Google LLC
Inventor: Matthew Gingell , Peter Gonda , Alexander Thomas Cope , Sergey Karamov , Keith Moyer , Uday Savagaonkar , Chong Cai
CPC classification number: G06F21/53 , G06F21/12 , G06F21/57 , G06F21/6245 , G06F21/74
Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.
-
公开(公告)号:US20230039096A1
公开(公告)日:2023-02-09
申请号:US17973664
申请日:2022-10-26
Applicant: Google LLC
Inventor: Anna Sapek , Uday Savagaonkar , Jeffrey Thomas Andersen , Thomas Michael Roeder
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
Patent Agency Ranking
公开(公告)号:US11509643B2
公开(公告)日:2022-11-22
申请号:US17046547
申请日:2018-07-18
Applicant: Google LLC
Inventor: Anna Sapek , Uday Savagaonkar , Jeffrey Thomas Andersen , Thomas Michael Roeder
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
公开(公告)号:US20210232676A1
公开(公告)日:2021-07-29
申请号:US17046593
申请日:2018-07-18
Applicant: Google LLC
Inventor: Matthew Gingell , Peter Gonda , Alexander Thomas Cope , Sergey Karamov , Keith Moyer , Uday Savagaonkar , Chong Cai
Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.
-
公开(公告)号:US20210037001A1
公开(公告)日:2021-02-04
申请号:US17046547
申请日:2018-07-18
Applicant: Google LLC
Inventor: Anna Sapek , Uday Savagaonkar , Jeffrey Thomas Andersen , Thomas Michael Roeder
Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.
-
公开(公告)号:US11921905B2
公开(公告)日:2024-03-05
申请号:US17046535
申请日:2018-07-18
Applicant: Google LLC
Inventor: Uday Savagaonkar , Eric Northup
CPC classification number: G06F21/72 , G06F13/4221 , G06F21/602 , G06F21/79 , G06F2213/0026
Abstract: Aspects of the disclosure relate to providing a secure collaboration between one or more PCIe accelerators and an enclave. An example system may include a PCIe accelerator apparatus. The PCIs accelerator apparatus may include the one or more PCIe accelerators and a microcontroller configured to provide a cryptographic identity to the PCIe accelerator apparatus. The PCIe accelerator apparatus may be configured to use the cryptographic identity to establish communication between the PCIe accelerator apparatus the enclave.
-
公开(公告)号:US11494485B2
公开(公告)日:2022-11-08
申请号:US17046593
申请日:2018-07-18
Applicant: Google LLC
Inventor: Matthew Gingell , Peter Gonda , Alexander Thomas Cope , Sergey Karamov , Keith Moyer , Uday Savagaonkar , Chong Cai
Abstract: A uniform enclave interface is provided for creating and operating enclaves across multiple different types of backends and system configurations. For instance, an enclave manager may be created in an untrusted environment of a host computing device. The enclave manager may include instructions for creating one or more enclaves. An enclave may be generated in memory of the host computing device using the enclave manager. One or more enclave clients of the enclave may be generated by the enclave manager such that the enclave clients configured to provide one or more entry points into the enclave. One or more trusted application instances may be created in the enclave.
-
-
-
-
-
-
-
-
-
Search Results
16
records
(took 0.021 seconds)
