Cluster of secure execution platforms
First Claim
1. A system comprising:
- a cluster of Secure Execution Platforms (SEPs) having connectivity to a data storage, wherein each SEP of said cluster is configured to maintain, using a key, confidentiality of data while processing thereof;
wherein the key is shared among the SEPs of said cluster, wherein the key is automatically generated by said cluster or portion thereof and is unavailable to any non-cluster entity;
said data storage retains encrypted data that is encrypted using the key;
wherein a first SEP of said cluster is configured to encrypt client data using the key to obtain encrypted client data and store the encrypted client data in said data storage;
wherein a second SEP of said cluster is configured to retrieve encrypted stored data from said data storage, decrypt the encrypted stored data using the key to obtain non-encrypted form of the encrypted stored data;
wherein a third SEP of said cluster is configured to add a new SEP to said cluster, wherein said third SEP is configured to forward the key to the new SEP over a secure communication channel; and
wherein the third SEP is configured to observe a bulletin board to verify that the new SEP is allowed to receive the key before forwarding the key over a secure channel.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer program product and a system comprising: a cluster of Secure Execution Platforms (SEPs) having connectivity to a data storage, each SEP of said cluster is configured to maintain, using a key, confidentiality of data while processing thereof; the key is shared among the SEPs of said cluster, the key is automatically generated by the cluster or portion thereof and is unavailable to any non-cluster entity; the data storage retains encrypted data that is encrypted using the key; a first SEP of the cluster is configured to encrypt client data using the key to obtain encrypted client data and store the encrypted client data in the data storage; and a second SEP of the cluster is configured to retrieve encrypted stored data from the data storage, decrypt the encrypted stored data using the key to obtain non-encrypted form of the encrypted stored data.
-
Citations
18 Claims
-
1. A system comprising:
-
a cluster of Secure Execution Platforms (SEPs) having connectivity to a data storage, wherein each SEP of said cluster is configured to maintain, using a key, confidentiality of data while processing thereof; wherein the key is shared among the SEPs of said cluster, wherein the key is automatically generated by said cluster or portion thereof and is unavailable to any non-cluster entity; said data storage retains encrypted data that is encrypted using the key; wherein a first SEP of said cluster is configured to encrypt client data using the key to obtain encrypted client data and store the encrypted client data in said data storage; wherein a second SEP of said cluster is configured to retrieve encrypted stored data from said data storage, decrypt the encrypted stored data using the key to obtain non-encrypted form of the encrypted stored data; wherein a third SEP of said cluster is configured to add a new SEP to said cluster, wherein said third SEP is configured to forward the key to the new SEP over a secure communication channel; and
wherein the third SEP is configured to observe a bulletin board to verify that the new SEP is allowed to receive the key before forwarding the key over a secure channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product comprising a non-transitory computer readable storage medium retaining instructions to be executed by a Secure Execution Platform (SEP) within a computerized environment, wherein the computerized environment comprising a cluster of SEPs having connectivity to a data storage, wherein the data storage retains encrypted data that is encrypted using a key, wherein the key is shared among the SEPs of the cluster, wherein the key is automatically generated by the cluster or portion thereof and is unavailable to any non-cluster entity, wherein the cluster comprises the SEP, wherein each SEP of said cluster is configured to maintain, using the key, confidentiality of data while processing thereof, wherein the instructions when executed by the SEP, cause the SEP to perform the steps of:
-
in response to receiving first client data over a secure communication channel from a first client device, encrypting the first client data using the key to obtain encrypted client data and storing the encrypted client data in the data storage, whereby the first client data retained in the data storage is not obtainable by any non-computerized entity; in response to receiving an access query from a second client device requiring access to retained data, retrieving an encrypted form of the retained data from the data storage, decrypting the encrypted form using the key to obtain the second client data, and providing a response to the second client device over a secure communication channel, wherein the response is based on the second client data; in response to receiving an access query from a third client device requiring to add a new SEP to the duster, forwarding the key to the new SEP over a secure communication channel, and observing a bulletin board to verify that the new SEP is allowed to receive the key before forwarding the key over a secure channel.
-
Specification