Cryptographic evidence of persisted capabilities
First Claim
Patent Images
1. A system comprising:
- a processing resource connected to a globally shared memory and additional processing resources via a fabric; and
a non-transitory machine readable medium storing instructions that, when executed, cause the processing resource to;
in response to a request from one or more processes executing on the processing resource and invoking a persisted capability stored in the globally shared memory, determine whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability, wherein the persisted capability stored in the globally shared memory is a second persisted capability;
store a local capability into the globally shared memory as a first persisted capability;
extend a trust domain of the local capability to the first persisted capability via cryptographic evidence of authenticity and integrity of the first persisted capability; and
load the persisted capability upon the determination to trust the persisted capability based on successful verification,wherein the persisted capability is a token of authority employed by the system to provide the one or more requesting processes assess to system resources.
1 Assignment
0 Petitions
Accused Products
Abstract
Example implementations relate to cryptographic evidence of persisted capabilities. In an example implementation, in response to a request to access a persisted capability stored in a globally shared memory, a system may decide whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability. The system may load the persisted capability upon a decision to trust the persisted capability based on successful verification.
-
Citations
18 Claims
-
1. A system comprising:
-
a processing resource connected to a globally shared memory and additional processing resources via a fabric; and a non-transitory machine readable medium storing instructions that, when executed, cause the processing resource to; in response to a request from one or more processes executing on the processing resource and invoking a persisted capability stored in the globally shared memory, determine whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability, wherein the persisted capability stored in the globally shared memory is a second persisted capability; store a local capability into the globally shared memory as a first persisted capability; extend a trust domain of the local capability to the first persisted capability via cryptographic evidence of authenticity and integrity of the first persisted capability; and load the persisted capability upon the determination to trust the persisted capability based on successful verification, wherein the persisted capability is a token of authority employed by the system to provide the one or more requesting processes assess to system resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for establishing trust in persisted capabilities by a system including physical processing resource implementing machine readable instructions, the method comprising:
-
generating first cryptographic evidence of authenticity and integrity of a first persisted capability; storing the first cryptographic evidence and the first persisted capability into globally shared memory connected to the system via a fabric; when a process executing on the physical processing resource of the system invokes a second persisted capability stored in the globally shared memory by an additional physical processing resource connected to the system and the globally shared memory via the fabric; establishing trusted communication with the fabric; accessing a key management system on the basis of establishment of trusted communication with the fabric; and retrieving from the key management system a cryptographic key for verifying a second cryptographic evidence; verifying the second cryptographic evidence accompanying the second persisted capability using the retrieved cryptographic key; and loading the second persisted capability upon successful verification of the second cryptographic evidence, wherein the first persisted capability and the second capability are tokens of authority employed by the same to provide processes access to system resources. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory machine readable medium storing instructions executable by a processing resource of a system, the non-transitory machine readable medium comprising:
-
instructions to generate first cryptographic evidence of authenticity and integrity of a first persisted capability; instructions to store the first cryptographic evidence and the first persisted capability into globally shared memory connected to the system via a fabric; instructions, triggered when one or more processes executing on the processing resource of the system invokes the first persisted capability stored in the globally shared memory, to send to a key management server a cryptographic key to be used to verify the first cryptographic evidence; instructions to revoke access to the first persisted capability by alteration of the cryptographic key at the key management server; instructions, triggered when the one or more processes executing on the processing resource of the system invokes a second persisted capability stored in the globally shared memory by an additional processing resource connected to the system and the globally shared memory via the fabric, to; establish trusted communication with the fabric; access the key management system on the basis of establishment of trusted communication with the fabric; retrieve from the key management system, another cryptographic key for verification of the second cryptographic evidence; verify second cryptographic evidence accompanying the second persisted capability using the another cryptographic key; and instructions to load the second persisted capability upon successful verification of the second cryptographic evidence, wherein the first persisted capability and the second persisted capability are tokens of authority employed by the system to provide processes access to system resources. - View Dependent Claims (18)
-
Specification