Method and apparatus for secure signing and utilization of distributed computations

US 10,068,108 B2
Filed: 05/30/2017
Issued: 09/04/2018
Est. Priority Date: 05/12/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, by an apparatus, a lattice of signatures of a distributed cloud computation environment, wherein the distributed cloud computation environment includes a plurality of functional flows, at least one of the functional flows includes distribution paths that represent a distribution of computation closures associated with respective levels of the distributed cloud computation environment, each of the computation closures is a granular reflective set of instructions, data, and related execution context, the lattice consists of root elements of all signatures in the distributed cloud computation environment, and the root elements are parameters of one or more security requirements, one or more functional flow specifications, one or more computation distribution maps, one or more links among the computation closures and the respective levels, or a combination thereof in the distributed cloud computation environment;

formatting, by the apparatus, each of the computation closures of the at least one functional flow and a subset of the signatures corresponding to the computation closures in a predetermined semantic information representation structure;

initiating, by the apparatus, a signing of the computation closures with the of the signatures;

initiating, by the apparatus, a transfer of the signed computation closures among one or more of the respective levels, one or more nodes, or a combination thereof of the distributed cloud computation environment;

initiating, by the apparatus, an authentication of the signed computation closures as transferred by comparing the lattice with root elements of the signed computation closures; and

initiating, by the apparatus, an execution of the signed computation closures at the one or more levels, the one or more nodes, or a combination thereof based, at least in part, on an authentication of the signed computation closure.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for providing secure signing and utilization of distributed computations. A distributed computation authentication platform causes, at least in part, a signing of one or more computation closures of at least one functional flow. The distributed computation authentication platform also processes and/or facilitates a processing of the one or more signed computation closures to cause, at least in part, a transfer of the one or more signed computation closures among one or more levels, one or more nodes, or a combination thereof, wherein an execution of the one or more signed computation closures at the one or more levels, the one or more nodes, or a combination thereof is based, at least in part, on an authentication of the signed one or more computation closure.

Citations

20 Claims

1. A method comprising:
- determining, by an apparatus, a lattice of signatures of a distributed cloud computation environment, wherein the distributed cloud computation environment includes a plurality of functional flows, at least one of the functional flows includes distribution paths that represent a distribution of computation closures associated with respective levels of the distributed cloud computation environment, each of the computation closures is a granular reflective set of instructions, data, and related execution context, the lattice consists of root elements of all signatures in the distributed cloud computation environment, and the root elements are parameters of one or more security requirements, one or more functional flow specifications, one or more computation distribution maps, one or more links among the computation closures and the respective levels, or a combination thereof in the distributed cloud computation environment;
  
  formatting, by the apparatus, each of the computation closures of the at least one functional flow and a subset of the signatures corresponding to the computation closures in a predetermined semantic information representation structure;
  
  initiating, by the apparatus, a signing of the computation closures with the of the signatures;
  
  initiating, by the apparatus, a transfer of the signed computation closures among one or more of the respective levels, one or more nodes, or a combination thereof of the distributed cloud computation environment;
  
  initiating, by the apparatus, an authentication of the signed computation closures as transferred by comparing the lattice with root elements of the signed computation closures; and
  
  initiating, by the apparatus, an execution of the signed computation closures at the one or more levels, the one or more nodes, or a combination thereof based, at least in part, on an authentication of the signed computation closure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method of claim 1, further comprising:
    - constructing a lattice of the at least one functional flow using the root elements of the subset of the signatures, an operation on the root elements of the subset of the signatures, or a combination thereof, wherein the authentication is based on comparing the lattice of the distributed cloud computation environment with the lattice of the at least one functional flow,wherein the semantic information representation structure is based on a resource description framework, and the computation closures and the signatures are formatted as resource description framework graphs.
  - 3. A method of claim 2, wherein the computation closures are signed by combining resource description framework graphs of the signatures with corresponding resource description framework graphs of the computation closures.
  - 4. A method of claim 3, further comprising:
    - determining cost functions associated with the authentication of the signed computation closures,processing the cost functions to determine whether to initiate the authentication of the signed computation closures,wherein the cost functions relate, at least in part, to one or more security costs, one or more energy costs, one or more privacy capability parameters, or a combination thereof involved in the authentication.
  - 5. A method of claim 4, further comprising:
    - verifying the one or more signed computation closures one or more capabilities of the one or more signed computation closures, and one or more capabilities of destination nodes based, at least in part, on the one or more cost functions to determine whether to bypass at least one of the one or more signed computation closures.
  - 6. A method of claim 4, further comprising:
    - generating the signatures as polynomials from a degree of a respective polynomial, one or more cryptographic keys, one or more parameters and one or more non-zero coefficients that determine a functional output of the respective polynomial, a length and a shape of an initial constructor of the respective polynomial, or a combination thereof; and
      
      processing the signed computation closures and one or more capabilities of the distribution paths, the one or more levels, the one or more nodes, or a combination thereof to bypass at least one of the one or more signatures.
  - 7. A method of claim 6, wherein each of the computation closures is signed with a plurality of the subset of the signatures, and wherein at least one of the polynomials includes a highest exponent for a term with non-zero coefficient in the respective polynomial expressed in a canonical form.
  - 8. A method of claim 1,wherein the distributed cloud computation environment shares at least a part of the root elements of the lattice with one or more other distributed cloud computation environment.
  - 9. A method of claim 1, further comprising:
    - determining that at least one of the subset of the signatures does not match any of the root elements of the lattice of the distributed cloud computation environment;
      
      tagging a respective computation closure signed with the at least one signature as invalid; and
      
      bypassing the respective computation closure without execution.
  - 10. A method of claim 6, further comprising:
    - determining that at least one of the computation closures is signed with at least one of the subset of the signatures without security rules;
      
      tagging the at least one computation closure as invalid; and
      
      bypassing the at least one computation closure without execution.

11. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code for one or more programs,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus embedded in a device to perform at least the following,determine a lattice of signatures of a distributed cloud computation environment, wherein the distributed cloud computation environment includes a plurality of functional flows, at least one of the functional flows includes distribution paths that represent a distribution of computation closures associated with respective levels of the distributed cloud computation environment, each of the computation closures is a granular reflective set of instructions, data, and related execution context, the lattice consists of root elements of all signatures in the distributed cloud computation environment, and the root elements are parameters of one or more security requirements, one or more functional flow specifications, one or more computation distribution maps, one or more links among the computation closures and the respective levels, or a combination thereof in the distributed cloud computation environment;
  
  format each of the computation closures of the at least one functional flow and a subset of the signatures corresponding to the computation closures in a predetermined semantic information representation structure;
  
  initiate a signing of the computation closures with the subset of the signatures;
  
  initiate a transfer of the signed computation closures among one or more of the respective levels, one or more nodes, or a combination thereof of the distributed cloud computation environment;
  
  initiate an authentication of the signed computation closures as transferred by comparing the lattice with root elements of the signed computation closures; and
  
  initiate an execution of the signed computation closures at the one or more levels, the one or more nodes, or a combination thereof based, at least in part, on an authentication of the signed computation closure.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. An apparatus of claim 11, wherein the apparatus is further caused to:
    - construct a lattice of the at least one functional flow using the root elements of the subset of the signatures, an operation on the root elements of the subset of the signatures, or a combination thereof, wherein the authentication is based on comparing the lattice of the distributed cloud computation environment with the lattice of the at least one functional flow,wherein the semantic information representation structure is based on a resource description framework, and the computation closures and the signatures are formatted as resource description framework graphs.
  - 13. An apparatus of claim 12, wherein the computation closures are signed by combining resource description framework graphs of the signatures with corresponding resource description framework graphs of the computation closures.
  - 14. An apparatus of claim 13, wherein the apparatus is further caused to:
    - determine cost functions associated with the authentication of the signed computation closures,process the cost functions to determine whether to initiate the authentication of the signed computation closures,wherein the cost functions relate, at least in part, to one or more security costs, one or more energy costs, one or more privacy capability parameters, or a combination thereof involved in the authentication.
  - 15. An apparatus of claim 14, wherein the apparatus is further caused to:
    - verify the one or more signed computation closures one or more capabilities of the one or more signed computation closures, and one or more capabilities of destination nodes based, at least in part, on the one or more cost functions to determine whether to bypass at least one of the one or more signed computation closures.
  - 16. An apparatus of claim 14, wherein the apparatus is further caused to:
    - generate the signatures as polynomials from a degree of a respective polynomial, one or more cryptographic keys, one or more parameters and one or more non-zero coefficients that determine a functional output of the respective polynomial, a length and a shape of an initial constructor of the respective polynomial, or a combination thereof; and
      
      process the signed computation closures and one or more capabilities of the distribution paths, the one or more levels, the one or more nodes, or a combination thereof to bypass at least one of the one or more signatures.
  - 17. An apparatus of claim 16, wherein each of the computation closures is signed with a plurality of the subset of the signatures, and wherein at least one of the polynomials includes a highest exponent for a term with non-zero coefficient in the respective polynomial expressed in a canonical form.
  - 18. An apparatus of claim 11, wherein the distributed cloud computation environment shares at least a part of the root elements of the lattice with one or more other distributed cloud computation environment.
  - 19. An apparatus of claim 11, wherein the apparatus is further caused to:
    - determine that at least one of the subset of the signatures does not match any of the root elements of the lattice of the distributed cloud computation environment;
      
      tag a respective computation closure signed with the at least one signature as invalid; and
      
      bypass the respective computation closure without execution.
  - 20. An apparatus of claim 16, wherein the apparatus is further caused to:
    - determine that at least one of the computation closures is signed with at least one of the subset of the signatures without security rules;
      
      tag the at least one computation closure as invalid; and
      
      bypass the at least one computation closure without execution.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Boldyrev, Sergey, Kaaja, Jari-Jukka Harald, Laine, Hannu Ensio, Honkola, Jukka, Luukkala, Vesa-Veikko, Oliver, Ian Justin
Primary Examiner(s)
Brown, Christopher J

Application Number

US15/608,516
Publication Number

US 20170277911A1
Time in Patent Office

462 Days
Field of Search

726 3
US Class Current
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 63/0823   using certificates cryptogr...

H04L 9/3093   involving Lattices or polyn...

H04L 9/3247   involving digital signatures

Method and apparatus for secure signing and utilization of distributed computations

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure signing and utilization of distributed computations

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links