Cluster of secure execution platforms

US 10,567,359 B2
Filed: 07/18/2017
Issued: 02/18/2020
Est. Priority Date: 07/18/2017
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a cluster of Secure Execution Platforms (SEPs) having connectivity to a data storage, wherein each SEP of said cluster is configured to maintain, using a key, confidentiality of data while processing thereof;

wherein the key is shared among the SEPs of said cluster, wherein the key is automatically generated by said cluster or portion thereof and is unavailable to any non-cluster entity;

said data storage retains encrypted data that is encrypted using the key;

wherein a first SEP of said cluster is configured to encrypt client data using the key to obtain encrypted client data and store the encrypted client data in said data storage;

wherein a second SEP of said cluster is configured to retrieve encrypted stored data from said data storage, decrypt the encrypted stored data using the key to obtain non-encrypted form of the encrypted stored data;

wherein a third SEP of said cluster is configured to add a new SEP to said cluster, wherein said third SEP is configured to forward the key to the new SEP over a secure communication channel; and

wherein the third SEP is configured to observe a bulletin board to verify that the new SEP is allowed to receive the key before forwarding the key over a secure channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer program product and a system comprising: a cluster of Secure Execution Platforms (SEPs) having connectivity to a data storage, each SEP of said cluster is configured to maintain, using a key, confidentiality of data while processing thereof; the key is shared among the SEPs of said cluster, the key is automatically generated by the cluster or portion thereof and is unavailable to any non-cluster entity; the data storage retains encrypted data that is encrypted using the key; a first SEP of the cluster is configured to encrypt client data using the key to obtain encrypted client data and store the encrypted client data in the data storage; and a second SEP of the cluster is configured to retrieve encrypted stored data from the data storage, decrypt the encrypted stored data using the key to obtain non-encrypted form of the encrypted stored data.

Citations

18 Claims

1. A system comprising:
- a cluster of Secure Execution Platforms (SEPs) having connectivity to a data storage, wherein each SEP of said cluster is configured to maintain, using a key, confidentiality of data while processing thereof;
  
  wherein the key is shared among the SEPs of said cluster, wherein the key is automatically generated by said cluster or portion thereof and is unavailable to any non-cluster entity;
  
  said data storage retains encrypted data that is encrypted using the key;
  
  wherein a first SEP of said cluster is configured to encrypt client data using the key to obtain encrypted client data and store the encrypted client data in said data storage;
  
  wherein a second SEP of said cluster is configured to retrieve encrypted stored data from said data storage, decrypt the encrypted stored data using the key to obtain non-encrypted form of the encrypted stored data;
  
  wherein a third SEP of said cluster is configured to add a new SEP to said cluster, wherein said third SEP is configured to forward the key to the new SEP over a secure communication channel; and
  
  wherein the third SEP is configured to observe a bulletin board to verify that the new SEP is allowed to receive the key before forwarding the key over a secure channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein said second SEP is configured to retrieve the encrypted stored data in response to a query from a client device, wherein the non-encrypted form of the encrypted stored data is utilized to provide a response to the query, whereby fulfilling the query without the client device accessing said storage data.
  - 3. The system of claim 1, wherein said first SEP and said second SEP are a same SEP.
  - 4. The system of claim 1, wherein said first SEP has write only access permission to said data storage, and wherein said second SEP has read only access permission to said data storage.
  - 5. The system of claim 1, wherein the third SEP is configured to verify correctness of a code and a platform of the new SEP using an attestation mechanism before forwarding the key over a secure channel.
  - 6. The system of claim 1, wherein the new SEP is configured to verify correctness of a code and a platform of the third SEP using an attestation mechanism before accepting the key from the third SEP.
  - 7. The system of claim 1, wherein the bulletin board is implemented using a distributed fault tolerant scheme.
  - 8. The system of claim 1, wherein the bulletin board is implemented using a dedicated SEP.
  - 9. The system of claim 1, wherein the third SEP is configured to verify that observed information in the bulletin board is signed by a number of administrators that is larger than a threshold.
  - 10. The system of claim 1, wherein the new SEP is barred from forwarding the key.
  - 11. The system of claim 1, wherein said third SEP is configured to set a predetermined lifespan to the new SEP, wherein the new SEP is configured to be removed from said cluster at the end of the predetermined lifespan.
  - 12. The system of claim 1, wherein said third SEP is configured to add the new SEP to said cluster, in response to a number of SEPs in said cluster is below a predefined threshold.
  - 13. The system of claim 1, wherein said third SEP is configured to add the new SEP to said cluster in response to said first SEP or said second SEP becoming non-operational, whereby the new SEP is configured to replace a non-operational SEP.
  - 14. The system of claim 1, wherein said third SEP is a same SEP as said first SEP or said second SEP.
  - 15. The system of claim 1, wherein the key is generated by a fourth and a fifth SEPs of said cluster, wherein the fourth SEP or the fifth SEPs are configured to distribute the key to other SEPs in said cluster.
  - 16. The system of claim 1, wherein said cluster is configured, in response to generating the key, to employ a consensus protocol to agree on the key.
  - 17. The system of claim 1, wherein an administrator of said cluster or said data storage does not have the key.

18. A computer program product comprising a non-transitory computer readable storage medium retaining instructions to be executed by a Secure Execution Platform (SEP) within a computerized environment, wherein the computerized environment comprising a cluster of SEPs having connectivity to a data storage, wherein the data storage retains encrypted data that is encrypted using a key, wherein the key is shared among the SEPs of the cluster, wherein the key is automatically generated by the cluster or portion thereof and is unavailable to any non-cluster entity, wherein the cluster comprises the SEP, wherein each SEP of said cluster is configured to maintain, using the key, confidentiality of data while processing thereof, wherein the instructions when executed by the SEP, cause the SEP to perform the steps of:
- in response to receiving first client data over a secure communication channel from a first client device, encrypting the first client data using the key to obtain encrypted client data and storing the encrypted client data in the data storage, whereby the first client data retained in the data storage is not obtainable by any non-computerized entity;
  
  in response to receiving an access query from a second client device requiring access to retained data, retrieving an encrypted form of the retained data from the data storage, decrypting the encrypted form using the key to obtain the second client data, and providing a response to the second client device over a secure communication channel, wherein the response is based on the second client data;
  
  in response to receiving an access query from a third client device requiring to add a new SEP to the duster, forwarding the key to the new SEP over a secure communication channel, and observing a bulletin board to verify that the new SEP is allowed to receive the key before forwarding the key over a secure channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Harnik, Danny, Hershcovitch, Moshik, Ta-Shma, Paula, Weinsberg, Yaron
Primary Examiner(s)
Lanier, Benjamin E

Application Number

US15/652,314
Publication Number

US 20190026234A1
Time in Patent Office

945 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/6209   to a single file or object,...

G06F 2212/1052   Security improvement

G06F 2212/154   Networked environment

G06F 2212/163   Server or database system

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 67/1097   for distributed storage of ...

Cluster of secure execution platforms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Cluster of secure execution platforms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links