Cryptographic evidence of persisted capabilities

US 10,461,926 B2
Filed: 08/31/2016
Issued: 10/29/2019
Est. Priority Date: 08/31/2016
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processing resource connected to a globally shared memory and additional processing resources via a fabric; and

a non-transitory machine readable medium storing instructions that, when executed, cause the processing resource to;

in response to a request from one or more processes executing on the processing resource and invoking a persisted capability stored in the globally shared memory, determine whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability, wherein the persisted capability stored in the globally shared memory is a second persisted capability;

store a local capability into the globally shared memory as a first persisted capability;

extend a trust domain of the local capability to the first persisted capability via cryptographic evidence of authenticity and integrity of the first persisted capability; and

load the persisted capability upon the determination to trust the persisted capability based on successful verification,wherein the persisted capability is a token of authority employed by the system to provide the one or more requesting processes assess to system resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example implementations relate to cryptographic evidence of persisted capabilities. In an example implementation, in response to a request to access a persisted capability stored in a globally shared memory, a system may decide whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability. The system may load the persisted capability upon a decision to trust the persisted capability based on successful verification.

10 Citations

18 Claims

1. A system comprising:
- a processing resource connected to a globally shared memory and additional processing resources via a fabric; and
  
  a non-transitory machine readable medium storing instructions that, when executed, cause the processing resource to;
  
  in response to a request from one or more processes executing on the processing resource and invoking a persisted capability stored in the globally shared memory, determine whether to trust the persisted capability by verification of cryptographic evidence accompanying the persisted capability, wherein the persisted capability stored in the globally shared memory is a second persisted capability;
  
  store a local capability into the globally shared memory as a first persisted capability;
  
  extend a trust domain of the local capability to the first persisted capability via cryptographic evidence of authenticity and integrity of the first persisted capability; and
  
  load the persisted capability upon the determination to trust the persisted capability based on successful verification,wherein the persisted capability is a token of authority employed by the system to provide the one or more requesting processes assess to system resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein to extend the trust domain, the processing resource is caused by the instructions to:
    - cryptographically sign the local capability using a private key of an asymmetric key pair to generate a digital signature, andstore the digital signature into the globally shared memory, the digital signature to serve as the cryptographic evidence of authenticity and integrity of the first persisted capability.
  - 3. The system of claim 1, wherein to extend the trust domain, the processing resource is caused by the instructions to:
    - generate a keyed-hash message authentication code (HMAC) based on the local capability, andstore the HMAC into the globally shared memory, the HMAC to serve as the cryptographic evidence of authenticity and integrity of the first persisted capability.
  - 4. The system of claim 1, wherein the non-transitory machine readable medium stores instructions that, when executed, cause the processing resource to:
    - establish trusted communication with the fabric that includes the globally shared memory, andupon establishment of the trusted communication;
      
      provide a public key of an asymmetric key pair to a key management system, andretrieve another public key from the key management system, the another public key provided to the key management system by a node in communication with the globally shared memory, and the another public key for verification of cryptographic evidence accompanying a third persisted capability stored to the globally shared memory by the node.
  - 5. The system of claim 1, wherein the non-transitory machine readable medium stores instructions that, when executed, cause the processing resource to:
    - establish trusted communication with the fabric that includes the globally shared memory, andupon establishment of the trusted communication;
      
      provide to a key management system a key for calculation of keyed-hash message authentication codes (HMACs),retrieve another key from the key management system, the another key provided to the key management system by a node in communication with the globally shared memory, and the another key for generating an HMAC of a third persisted capability stored by the node to the globally shared memory, the generated HMAC for comparison-based verification of cryptographic evidence accompanying the third persisted capability of the node by the node.
  - 6. The system of claim 1, wherein the cryptographic evidence accompanying the first persisted capability includes a digital signature or keyed-hash message authentication code based on metadata, the metadata including state information of a node that created the persisted capability.
  - 7. The system of claim 1, wherein the non-transitory machine readable medium stores instructions that, when executed, cause the processing resource to revoke access to the first persisted capability by replacement of a key that verifies the first persisted capability with a different key or no key.
  - 8. The system of claim 1, wherein the second persisted capability is the first persisted capability, andthe request to access the second persisted capability is issued by a process executing on the processing resource after a reboot of the processing resource.
  - 9. The system of claim 1, wherein the fabric comprises a memory fabric connecting the processing resource of the system to the additional processing resources within a rack-scale system such that the system and the additional processing resources share access to the globally shared memory within the rack-scale system.

10. A method for establishing trust in persisted capabilities by a system including physical processing resource implementing machine readable instructions, the method comprising:
- generating first cryptographic evidence of authenticity and integrity of a first persisted capability;
  
  storing the first cryptographic evidence and the first persisted capability into globally shared memory connected to the system via a fabric;
  
  when a process executing on the physical processing resource of the system invokes a second persisted capability stored in the globally shared memory by an additional physical processing resource connected to the system and the globally shared memory via the fabric;
  
  establishing trusted communication with the fabric;
  
  accessing a key management system on the basis of establishment of trusted communication with the fabric; and
  
  retrieving from the key management system a cryptographic key for verifying a second cryptographic evidence;
  
  verifying the second cryptographic evidence accompanying the second persisted capability using the retrieved cryptographic key; and
  
  loading the second persisted capability upon successful verification of the second cryptographic evidence,wherein the first persisted capability and the second capability are tokens of authority employed by the same to provide processes access to system resources.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising storing at the key management system another cryptographic key for verification of the first cryptographic evidence.
  - 12. The method of claim 10, wherein the retrieved cryptographic key is for verifying the second cryptographic evidence by generating a keyed-hash message authentication code (HMAC) based on the second persisted capability and the cryptographic key together, and causing a successful verification if the HMAC matches the second cryptographic evidence.
  - 13. The method of claim 10, wherein the second cryptographic evidence includes a digital signature generated using a private key on metadata that identifies a state of the system, andthe retrieved cryptographic key for verifying the second cryptographic evidence is a public key that pairs with the private key.
  - 14. The method of claim 10, further comprising:
    - storing in a key management server a second cryptographic key for verifying the first cryptographic evidence; and
      
      revoking access to the first persisted capability by altering the cryptographic key stored in the key management server.
  - 15. The method of claim 10, wherein the second cryptographic evidence is associated with a timestamp indicating when the second persistent capability was created, and the verifying the second cryptographic evidence includes confirming whether the timestamp is within a predetermined time window.
  - 16. The method of claim 10, wherein the second persisted capability is the first persisted capability, andthe verifying a second cryptographic evidence is enforced after a reboot of the system.

17. A non-transitory machine readable medium storing instructions executable by a processing resource of a system, the non-transitory machine readable medium comprising:
- instructions to generate first cryptographic evidence of authenticity and integrity of a first persisted capability;
  
  instructions to store the first cryptographic evidence and the first persisted capability into globally shared memory connected to the system via a fabric;
  
  instructions, triggered when one or more processes executing on the processing resource of the system invokes the first persisted capability stored in the globally shared memory, to send to a key management server a cryptographic key to be used to verify the first cryptographic evidence;
  
  instructions to revoke access to the first persisted capability by alteration of the cryptographic key at the key management server;
  
  instructions, triggered when the one or more processes executing on the processing resource of the system invokes a second persisted capability stored in the globally shared memory by an additional processing resource connected to the system and the globally shared memory via the fabric, to;
  
  establish trusted communication with the fabric;
  
  access the key management system on the basis of establishment of trusted communication with the fabric;
  
  retrieve from the key management system, another cryptographic key for verification of the second cryptographic evidence;
  
  verify second cryptographic evidence accompanying the second persisted capability using the another cryptographic key; and
  
  instructions to load the second persisted capability upon successful verification of the second cryptographic evidence,wherein the first persisted capability and the second persisted capability are tokens of authority employed by the system to provide processes access to system resources.
- View Dependent Claims (18)
- - 18. The non-transitory machine readable medium of claim 17, wherein the instructions to generate first cryptographic evidence includes:
    - instructions to generate a keyed-hash message authentication code (HMAC) based on the first persisted capability and the cryptographic key, the HMAC to serve as the first cryptographic evidence of authenticity and integrity of a first persisted capability, orinstructions to cryptographically sign the first persisted capability using a private key of an asymmetric key pair to generate a digital signature, the digital signature to serve as the first cryptographic evidence of authenticity and integrity of a first persisted capability, and the cryptographic key includes a public key of the asymmetric key pair.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Dalton, Chris I., Milojicic, Dejan S.
Primary Examiner(s)
Naghdali, Khalil

Application Number

US15/252,392
Publication Number

US 20180063158A1
Time in Patent Office

1,154 Days
Field of Search

713176
US Class Current
CPC Class Codes

G06F 21/575   Secure boot

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3242   involving keyed hash functi...

Cryptographic evidence of persisted capabilities

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic evidence of persisted capabilities

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links