-
公开(公告)号:US20190311056A1
公开(公告)日:2019-10-10
申请号:US15948638
申请日:2018-04-09
发明人: Robert Birke , Navaneeth Rameshan , Yiyu Chen , Martin Schmatz
IPC分类号: G06F17/30
摘要: The present disclosure relates to a method of managing requests to a key-value database. A non-limiting example of the method includes receiving a request that includes a number of keys. The number of keys can be compared with a first threshold number and second threshold number. If the number of keys exceeds the first threshold number, the request can be split. If the number of keys is smaller than the second threshold number, the request can be merged with at least one previous or subsequent request. Requests resulting from the splitting and merging steps can be submitted to the key-value database for further processing of the submitted requests.
-
公开(公告)号:US12105985B2
公开(公告)日:2024-10-01
申请号:US17655634
申请日:2022-03-21
IPC分类号: G06F3/06
CPC分类号: G06F3/0655 , G06F3/0604 , G06F3/0679
摘要: The invention is notably directed to a method of processing data in-memory. The method applies electrical signals to at least two input lines, which correspond to at least two rows. These two rows include at least one of the K rows and at least one of the L rows. This causes to obtain output signals in output of the M output lines, wherein the output signals depend on target values and operand values, in accordance with data stored across said at least two rows. Finally, the output signals are read out and a transformation operation is concurrently performed, in-memory, on the target values based on the operand values. This way transformed data are obtained by way of in-memory processing. The transformation may for instance be a cryptographic operation; the operand data may encode a cryptographic key. The invention is further directed to related apparatuses and systems, notably cryptographic service systems.
-
公开(公告)号:US10931443B2
公开(公告)日:2021-02-23
申请号:US16111194
申请日:2018-08-23
摘要: A computer-implemented method manages cryptographic objects in a hierarchical key management system including a hardware security module (HSM), which institutes a key hierarchy extending from a ground level l0. Clients interact with the HSM to obtain cryptographic objects. A request is received from one of the clients for an object at a given level ln of the hierarchy (above the ground level l0). A binary representation of the object is accessed as a primary bit pattern p0, at the HSM and said pattern is scrambled via a bitwise XOR operation. The latter operates, on the one hand, on the primary bit pattern p0 and, on the other hand, on a control bit pattern pc that is a binary representation of an access code of the same length as said primary bit pattern p0. The pattern pc is obtained based on that given level ln of the hierarchy.
-
公开(公告)号:US10545871B2
公开(公告)日:2020-01-28
申请号:US16390334
申请日:2019-04-22
发明人: Robert Birke , Yiyu Chen , Navaneeth Rameshan , Martin Schmatz
IPC分类号: G06F12/0831 , G06F12/0804 , G06F12/0877 , G06F12/0873 , G06F12/0871 , G06F12/0868 , G06F12/0842 , G06F11/34 , G06F9/455 , G06F12/084 , G06F12/0897
摘要: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.
-
公开(公告)号:US10318425B2
公开(公告)日:2019-06-11
申请号:US15647301
申请日:2017-07-12
发明人: Robert Birke , Yiyu Chen , Navaneeth Rameshan , Martin Schmatz
IPC分类号: G06F12/0831 , G06F12/0804 , G06F12/0877 , G06F12/0873 , G06F12/0871 , G06F12/0868
摘要: A method for coordinating cache and memory reservation in a computerized system includes identifying at least one running application, recognizing the at least one application as a latency-critical application, monitoring information associated with a current cache access rate and a required memory bandwidth of the at least one application, allocating a cache partition, a size of the cache partition corresponds to the cache access rate and the required memory bandwidth of the at least one application, defining a threshold value including a number of cache misses per time unit, determining a reduction of cache misses per time unit, in response to the reduction of cache misses per time unit being above the threshold value, retaining the cache partition, assigning a priority of scheduling memory request including a medium priority level, and assigning a memory channel to the at least one application to avoid memory channel contention.
-
公开(公告)号:US12120097B2
公开(公告)日:2024-10-15
申请号:US17889782
申请日:2022-08-17
CPC分类号: H04L63/0435 , H04L9/0631 , H04L9/0822 , H04L9/321
摘要: A computer-implemented method according to one embodiment includes using a first symmetric key to encrypt a second symmetric key. The first symmetric key is securely loaded inside a hardware security module (HSM) by a key management service before the encryption of the second symmetric key, and a cloud provider only has access to encrypted bits of the first symmetric key. Key data of a key-value-pair of the second symmetric key is used as additional authenticated data (AAD) for the encryption of the second symmetric key. The second symmetric key is used to encrypt value data of the key-value-pair. The method further includes storing the encrypted second symmetric key, the AAD used in the encryption of the second symmetric key, and tag bits created during the encryption of the second symmetric key, to thereafter use for verifying node related data.
-
公开(公告)号:US20240064130A1
公开(公告)日:2024-02-22
申请号:US17889782
申请日:2022-08-17
CPC分类号: H04L63/0435 , H04L9/0822 , H04L9/0631 , H04L9/321
摘要: A computer-implemented method according to one embodiment includes using a first symmetric key to encrypt a second symmetric key. The first symmetric key is securely loaded inside a hardware security module (HSM) by a key management service before the encryption of the second symmetric key, and a cloud provider only has access to encrypted bits of the first symmetric key. Key data of a key-value-pair of the second symmetric key is used as additional authenticated data (AAD) for the encryption of the second symmetric key. The second symmetric key is used to encrypt value data of the key-value-pair. The method further includes storing the encrypted second symmetric key, the AAD used in the encryption of the second symmetric key, and tag bits created during the encryption of the second symmetric key, to thereafter use for verifying node related data.
-
8.发明公开公开(公告)号:US20230394150A1
公开(公告)日:2023-12-07
申请号:US17832273
申请日:2022-06-03
CPC分类号: G06F21/57 , G06F21/64 , H04L9/0825
摘要: A computer-implemented method according to one embodiment includes performing an attestation of code of a logic loader in a trusted execution environment (TEE) and receiving a request for the logic loader to load service logic code to the TEE. An integrity check of the service logic code associated with the request is performed. In response to the service logic code associated with the request passing the integrity check, the logic loader is allowed to load the service logic code associated with the request to the TEE. A computer program product according to another embodiment includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method.
-
公开(公告)号:US11456867B2
公开(公告)日:2022-09-27
申请号:US16663445
申请日:2019-10-25
摘要: A method manages cryptographic objects (COs). The method includes accessing an entropy-based random number and instructing to store this random number. The method includes generating one or more COs based on a deterministic algorithm that causes to interact with a security module (SM), such as a hardware security module (HSM), to generate a seed according to both a reference key of the SM and the random number accessed. A random number generator is seeded with the generated seed to generate the desired COs.
-
公开(公告)号:US11416633B2
公开(公告)日:2022-08-16
申请号:US16278028
申请日:2019-02-15
摘要: In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.
-
-
-
-
-
-
-
-
-
搜索结果
27 条记录 (耗时 0.022 秒)
