公开(公告)号：US20240241960A1

公开(公告)日：2024-07-18

申请号：US18622133

申请日：2024-03-29

申请人： Gordon King ,  Kent Thompson ,  Mingshen Sun ,  Shih-Han Wang ,  Yanhui Zhao ,  Eunjung Yoon ,  Haidong Xia

发明人： Gordon King ,  Kent Thompson ,  Mingshen Sun ,  Shih-Han Wang ,  Yanhui Zhao ,  Eunjung Yoon ,  Haidong Xia

IPC分类号： G06F21/57

CPC分类号： G06F21/57 ,  G06F2221/033

摘要： Various systems and methods are described for implementing remote attestation and data provenance verification. An example method for attestation and provenance verification, performed by a computing node, includes: receiving evidence from a client relating to a computing task; analyzing the evidence to determine a provenance verification result for trustworthiness of the computing task; evaluating compliance of the computing task with a policy; and returning an attestation token that includes the provenance verification result for the computing task, in response to determining the computing task is compliant with the policy.

公开(公告)号：US20120297487A1

公开(公告)日：2012-11-22

申请号：US13110479

申请日：2011-05-18

申请人： Haidong Xia

发明人： Haidong Xia

IPC分类号： G06F21/24

CPC分类号： G06F21/10

摘要： Example embodiments disclosed herein relate to distributing updated execution information to a cluster of nodes. Licensing information about whether the nodes are licensed to receive the updated execution information is generated. The licensing information is validated. The validated licensing information is used to distribute the updated execution information to the nodes.

摘要翻译： 本文公开的示例性实施例涉及将更新的执行信息分发到节点群集。 生成关于节点是否被许可以接收更新的执行信息的许可信息。 许可信息已验证。 验证的许可信息用于将更新的执行信息分发到节点。

公开(公告)号：US20210109870A1

公开(公告)日：2021-04-15

申请号：US17131751

申请日：2020-12-23

申请人： Ravi L. Sahita ,  Anjo Lucas Vahldiek-Oberwagner ,  Teck Joo Goh ,  Rameshkmar Illikkal ,  Andrzej Kuriata ,  Vedvyas Shanbhogue ,  Mona Vij ,  Haidong Xia

发明人： Ravi L. Sahita ,  Anjo Lucas Vahldiek-Oberwagner ,  Teck Joo Goh ,  Rameshkmar Illikkal ,  Andrzej Kuriata ,  Vedvyas Shanbhogue ,  Mona Vij ,  Haidong Xia

IPC分类号： G06F12/14 ,  G06F21/53 ,  G06F21/60 ,  G06F21/79 ,  G06F12/1009

摘要： Example methods and systems are directed to isolating memory in trusted execution environments (TEEs). In function-as-a-service (FaaS) environments, a client makes use of a function executing within a TEE on a FaaS server. To minimize the trusted code base (TCB) for each function, each function may be placed in a separate TEE. However, this causes the overhead of creating a TEE to be incurred for each function. As discussed herein, multiple functions may be placed in a single TEE without compromising the data integrity of each function. For example, by using a different extended page table (EPT) for each function, the virtual address spaces of the functions are kept separate and map to different, non-overlapping physical address spaces. Partial overlap may be permitted to allow functions to share some data while protecting other data. Memory for each function may be encrypted using a different encryption key.

公开(公告)号：US09135409B2

公开(公告)日：2015-09-15

申请号：US13110479

申请日：2011-05-18

申请人： Haidong Xia

发明人： Haidong Xia

IPC分类号： G06F21/10

CPC分类号： G06F21/10

摘要： Example embodiments disclosed herein relate to distributing updated execution information to a cluster of nodes. Licensing information about whether the nodes are licensed to receive the updated execution information is generated. The licensing information is validated. The validated licensing information is used to distribute the updated execution information to the nodes.

摘要翻译： 本文公开的示例性实施例涉及将更新的执行信息分发到节点群集。 生成关于节点是否被许可以接收更新的执行信息的许可信息。 许可信息已验证。 验证的许可信息用于将更新的执行信息分发到节点。

公开(公告)号：US20240022550A1

公开(公告)日：2024-01-18

申请号：US18373615

申请日：2023-09-27

申请人： Yeluri Raghuram ,  Anil Rao ,  Haidong Xia ,  Uttam Shetty ,  Nikhil M. Deshpande

发明人： Yeluri Raghuram ,  Anil Rao ,  Haidong Xia ,  Uttam Shetty ,  Nikhil M. Deshpande

IPC分类号： H04L9/40

CPC分类号： H04L63/062

摘要： Various systems and methods for providing a trusted key access broker are described herein. A system may be configured to receive, at a trusted key access broker, from a requestor via a broker application programming interface, a request for a cryptographic key operation, the request associated with attestation evidence data; use the attestation evidence data to validate the requestor; in response to validating the requestor, translate and transmit the request for the cryptographic key operation to one of the plurality of key management systems; receive a response from the one of the plurality of key management systems; and transmit the response to the requestor.

公开(公告)号：US20210111892A1

公开(公告)日：2021-04-15

申请号：US17131684

申请日：2020-12-22

申请人： Anjo Lucas Vahldiek-Oberwagner ,  Ravi L. Sahita ,  Mona Vij ,  Dayeol Lee ,  Haidong Xia ,  Rameshkumar Illikkal ,  Samuel Ortiz ,  Kshitij Arun Doshi ,  Mourad Cherfaoui ,  Andrzej Kuriata ,  Teck Joo Goh

发明人： Anjo Lucas Vahldiek-Oberwagner ,  Ravi L. Sahita ,  Mona Vij ,  Dayeol Lee ,  Haidong Xia ,  Rameshkumar Illikkal ,  Samuel Ortiz ,  Kshitij Arun Doshi ,  Mourad Cherfaoui ,  Andrzej Kuriata ,  Teck Joo Goh

IPC分类号： H04L9/32

摘要： In function-as-a-service (FaaS) environments, a client makes use of a function executing within a trusted execution environment (TEE) on a FaaS server. Multiple tenants of the FaaS platform may provide functions to be executed by the FaaS platform via a gateway. Each tenant may provide code and data for any number of functions to be executed within any number of TEEs on the FaaS platform and accessed via the gateway. Additionally, each tenant may provide code and data for a single surrogate attester TEE. The client devices of the tenant use the surrogate attester TEE to attest each of the other TEEs of the tenant and establish trust with the functions in those TEEs. Once the functions have been attested, the client devices have confidence that the other TEEs of the tenant are running on the same platform as the gateway.