Controlling secure processing of confidential data in untrusted devices

US 10,496,833 B2
Filed: 08/10/2018
Issued: 12/03/2019
Est. Priority Date: 10/09/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a trusted device configured to implement a plurality of stack machines;

at least one hardware device processor; and

a computer-readable storage medium storing executable instructions that, when executed, cause the at least one hardware device processor to implement an untrusted module,wherein the untrusted module is configured to;

receive requests to perform one or more database processing operations on data that is stored in secure, encrypted form on the system;

initiate the one or more database processing operations by sending transaction work units from the untrusted module to the trusted device, the trusted device using the plurality of stack machines to execute the transaction work units;

queue additional transaction work units at the untrusted module while the plurality of stack machines of the trusted device are busy;

responsive to detecting that a particular stack machine becomes available, send a batch of additional transaction work units from the untrusted module to the trusted device;

obtain secure query results of processing the transaction work units and the additional transaction work units from the trusted device; and

provide the secure query results in response to the requests.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.

7 Citations

View as Search Results

20 Claims

1. A system comprising:
- a trusted device configured to implement a plurality of stack machines;
  
  at least one hardware device processor; and
  
  a computer-readable storage medium storing executable instructions that, when executed, cause the at least one hardware device processor to implement an untrusted module,wherein the untrusted module is configured to;
  
  receive requests to perform one or more database processing operations on data that is stored in secure, encrypted form on the system;
  
  initiate the one or more database processing operations by sending transaction work units from the untrusted module to the trusted device, the trusted device using the plurality of stack machines to execute the transaction work units;
  
  queue additional transaction work units at the untrusted module while the plurality of stack machines of the trusted device are busy;
  
  responsive to detecting that a particular stack machine becomes available, send a batch of additional transaction work units from the untrusted module to the trusted device;
  
  obtain secure query results of processing the transaction work units and the additional transaction work units from the trusted device; and
  
  provide the secure query results in response to the requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the plurality of stack machines of the trusted device are configured to execute the batch of additional transaction work units in parallel.
  - 3. The system of claim 2, wherein the trusted device comprises a field-programmable gate array (FPGA) having a plurality of FPGA cores that are configured to execute the batch of additional transaction work units in parallel.
  - 4. The system of claim 1, wherein the untrusted module is configured to:
    - send the batch of additional transaction work units to the trusted device over a peripheral bus in a single communication operation.
  - 5. The system of claim 4, wherein the peripheral bus is a Peripheral Component Interconnect Express (PCIe) bus and the single communication operation is a single PCIe communication.
  - 6. The system of claim 1, wherein the untrusted module is configured to perform concurrency control operations and the trusted device is configured to perform query expression evaluation.
  - 7. The system of claim 1, wherein the requests are received from a client device having an associated client encryption key that is provided on the trusted device and inaccessible to the untrusted module.

8. A method comprising:
- receiving requests to perform database processing operations, the requests being received by an untrusted module of a computing device;
  
  based at least on the requests, performing the database processing operations by sending transaction work units from the untrusted module to a trusted module having a plurality of stack machines;
  
  queuing additional transaction work units at the untrusted module while the plurality of stack machines of the trusted module are busy;
  
  responsive to detecting that a particular stack machine becomes available, sending a batch of additional transaction work units from the untrusted module to the trusted module;
  
  obtaining secure query results of processing the transaction work units and the additional transaction work units from the trusted module; and
  
  providing the secure query results in response to the requests.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The method of claim 8, further comprising:
    - receiving the requests over a network from a client machine; and
      
      sending the secure query results over the network to the client machine.
  - 10. The method of claim 8, further comprising:
    - responsive to detecting that the particular stack machine becomes available, sending the batch of additional transaction work units to the trusted module using a single communication over a bus.
  - 11. The method of claim 10, the single communication comprising a direct memory access transfer to the trusted module.
  - 12. The method of claim 10, the single communication comprising a memory-mapped input/output transfer to the trusted module.
  - 13. The method of claim 10, each of the transaction work units and the additional transaction work units including an input parameter and an output result of a call to the trusted module.
  - 14. The method of claim 8, further comprising:
    - performing concurrency control of the database processing operations in the untrusted module.
  - 15. The method of claim 8, further comprising:
    - performing an equality comparison in an individual stack machine.
  - 16. The method of claim 15, the equality comparison comprising:
    - pushing a first encrypted value onto the top of a stack;
      
      decrypting the first encrypted value to obtain a first decrypted value on top of the stack;
      
      pushing a second encrypted value onto the top of the stack;
      
      decrypting the second encrypted value to obtain a second decrypted value on top of the stack;
      
      comparing the first decrypted value and the second decrypted value at the top of the stack to obtain a comparison result; and
      
      outputting the comparison result from the trusted module.
  - 17. The method of claim 8, further comprising:
    - performing a mathematical operation in an individual stack machine, the mathematical operation comprising;
      
      pushing an encrypted value onto the top of a stack;
      
      decrypting the encrypted value to obtain a decrypted value;
      
      pushing another value onto the top of the stack;
      
      adding the decrypted value to the another value to obtain a result;
      
      encrypting the result to obtain an encrypted result; and
      
      outputting the encrypted result from the trusted module.

18. A system comprising:
- at least one hardware device processor; and
  
  a computer-readable storage medium storing executable instructions that, when executed, cause the at least one hardware device processor to implement an untrusted module,wherein the untrusted module is configured to;
  
  receive requests to perform one or more database processing operations on data that is stored in secure, encrypted form by the system;
  
  initiate the one or more database processing operations by sending transaction work units from the untrusted module to a trusted module having a plurality of stack machines configured to execute the transaction work units;
  
  queue additional transaction work units at the untrusted module while the plurality of stack machines of the trusted module are busy;
  
  responsive to detecting that a particular stack machine becomes available, send a batch of additional transaction work units from the untrusted module to the trusted module;
  
  obtain secure query results of processing the transaction work units and the additional transaction work units from the trusted module; and
  
  provide the secure query results in response to the requests.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the additional transaction work units of the batch comprise input parameters that are processed in parallel by the trusted module.
  - 20. The system of claim 18, further comprising the trusted module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Arasu, Arvind, Eguro, Kenneth, Joglekar, Manas Rajendra, Kaushik, Raghav, Kossmann, Donald, Ramamurthy, Ravishankar
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US16/100,787
Publication Number

US 20190005254A1
Time in Patent Office

480 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/2246   Trees, e.g. B+trees

G06F 16/24552   Database cache management

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/72   in cryptographic circuits

G06F 21/76   in application-specific int...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/088   Usage controlling of secret...

Controlling secure processing of confidential data in untrusted devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Controlling secure processing of confidential data in untrusted devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others