Enclave pool shared key
First Claim
1. An apparatus, comprising:
- a device including at least one memory adapted to store run-time data for the device, and at least one processor that is adapted to execute processor-executable code that, in response to execution, enables the device to perform actions, including;
forming an enclave pool, wherein the enclave pool includes a plurality of enclaves, wherein the enclaves are secure execution environments, and wherein each enclave of the enclave pool has an enclave key pair including a private enclave key and a public enclave key;
generating a shared enclave pool key that is derived from the public enclave key of each enclave of the enclave pool;
allocating a first enclave of the enclave pool to a first cryptlet;
receiving a payload of the first enclave such that the payload of the first enclave has a first digital signature by the private enclave key of the first enclave;
allocating a second enclave of the enclave pool to the first cryptlet;
receiving a payload of the second enclave such that the payload of the second enclave has a second digital signature by the private enclave key of the second enclave; and
validating, via the shared enclave pool key, the first digital signature and the second signature.
1 Assignment
0 Petitions
Accused Products
Abstract
In one example, an enclave pool is formed. The enclave pool may include a plurality of enclaves. Each enclave may have a private enclave key and a public enclave key. A shared enclave pool key may be generated from or otherwise based on the public enclave key of each enclave of the enclave pool. A first enclave may be allocated from the enclave pool to a first cryptlet. A payload of the first enclave is received. The payload of the first enclave may be signed with a first digital signature by the private enclave key of the first enclave. A payload of the second enclave may be received. The payload of the second enclave may be signed with a second digital signature by the private enclave key of the second enclave. The first digital signature and the second signature may be validated via the shared enclave pool key.
-
Citations
20 Claims
-
1. An apparatus, comprising:
a device including at least one memory adapted to store run-time data for the device, and at least one processor that is adapted to execute processor-executable code that, in response to execution, enables the device to perform actions, including; forming an enclave pool, wherein the enclave pool includes a plurality of enclaves, wherein the enclaves are secure execution environments, and wherein each enclave of the enclave pool has an enclave key pair including a private enclave key and a public enclave key; generating a shared enclave pool key that is derived from the public enclave key of each enclave of the enclave pool; allocating a first enclave of the enclave pool to a first cryptlet; receiving a payload of the first enclave such that the payload of the first enclave has a first digital signature by the private enclave key of the first enclave; allocating a second enclave of the enclave pool to the first cryptlet; receiving a payload of the second enclave such that the payload of the second enclave has a second digital signature by the private enclave key of the second enclave; and validating, via the shared enclave pool key, the first digital signature and the second signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A processor-readable storage medium, having stored thereon process-executable code that, upon execution by at least one processor, enables actions, comprising:
-
creating an enclave pool, wherein the enclave pool includes a plurality of enclaves, the enclaves are secure execution environments, and wherein each enclave of the enclave pool stores an enclave key pair including a private enclave key and a public enclave key; receiving the public enclave key of each enclave of the enclave pool; generating a shared enclave pool key that is based upon the public enclave key of each enclave of the enclave pool; assigning a first enclave of the enclave pool to a first cryptlet; receiving a payload of the first enclave such that the payload of the first enclave has a first signature by the private enclave key of the first enclave; assigning a second enclave of the enclave pool to the first cryptlet; receiving a payload of the second enclave such that the payload of the second enclave has a second signature by the private enclave key of the second enclave; and using the shared enclave pool key to validate the first signature and the second signature. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
forming an enclave pool, wherein the enclave pool includes a plurality of enclaves, wherein the enclaves are secure execution environments, and wherein each enclave of the enclave pool has an enclave key pair including a private enclave key and a public enclave key; generating a shared enclave pool key that is derived from the public enclave key of each enclave of the enclave pool; allocating a first enclave of the enclave pool to a first cryptlet; receiving a payload of the first enclave such that the payload of the first enclave has a first digital signature by the private enclave key of the first enclave; allocating a second enclave of the enclave pool to the first cryptlet; receiving a payload of the second enclave such that the payload of the second enclave has a second digital signature by the private enclave key of the second enclave; and validating, via the shared enclave pool key, the first digital signature and the second signature. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification