CONTROLLING SECURE PROCESSING OF CONFIDENTIAL DATA IN UNTRUSTED DEVICES

US 20170103217A1
Filed: 10/09/2015
Published: 04/13/2017
Est. Priority Date: 10/09/2015
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

at least one hardware device processor; and

a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to;

control a number of transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a database management system, the data being communicated for database transaction processing in the secure trusted device, the number of transmissions being controlled by;

receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, the index comprising secure, encrypted index values,decrypting, at the trusted device, the key and one or more of the encrypted index values, andinitiating a transmission, in response to the receiving, a pointer value that identifies a lookup position in the index for the key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A number of transmissions of secure data communicated between a secure trusted device and an unsecure untrusted device in a DBMS is controlled. The data is communicated for database transaction processing in the secure trusted device. The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, decrypting, at the trusted device, the key and one or more encrypted index values, and initiating a transmission, a pointer value that identifies a lookup position in the index for the key. The index comprises secure, encrypted index values. Other optimizations for secure processing are also described, including controlling available computation resources on a secure trusted device in a DBMS and controlling transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a DBMS.

Citations

20 Claims

1. A system comprising:
- at least one hardware device processor; and
  
  a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to;
  
  control a number of transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a database management system, the data being communicated for database transaction processing in the secure trusted device, the number of transmissions being controlled by;
  
  receiving, from the untrusted device, an encrypted key value of a key and a representation of an index of a B-tree structure, the index comprising secure, encrypted index values,decrypting, at the trusted device, the key and one or more of the encrypted index values, andinitiating a transmission, in response to the receiving, a pointer value that identifies a lookup position in the index for the key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein:
    - receiving the encrypted key value includes receiving, from the untrusted device, an encrypted key value of a key and a secure, encrypted representation of the index that includes a vector representation of the index, wherein the number of transmissions is further controlled by;
      
      determining, at the trusted device, the pointer value by performing a binary search over the vector representation, and returning a lookup position of the key in the vector representation.
  - 3. The system of claim 2, wherein:
    - performing the binary search over the vector representation includes decrypting one or more of the secure, encrypted index values in the vector representation, as the one or more secure, encrypted index values are accessed as part of the binary search.
  - 4. The system of claim 3, wherein:
    - performing the binary search over the vector representation includes decrypting one or more of the secure, encrypted index values in the vector representation, as the one or more secure, encrypted index values are accessed as part of the binary search, without decrypting secure, encrypted index values of the vector representation, other than the one or more secure, encrypted index values.
  - 5. The system of claim 2, wherein:
    - receiving the encrypted key value comprises receiving, at the trusted device, from the untrusted device, the encrypted key value of the key and the vector representation of the index, in a single transmission from the untrusted device to the trusted device.
  - 6. The system of claim 1, wherein:
    - receiving the encrypted key value includes receiving, from the untrusted device, an encrypted key value of a key and a handle value indicating a location of a cached version of the index that is stored as an unencrypted vector representation at the trusted device, wherein the amount is further controlled by;
      
      determining, at the trusted device, the pointer value by performing a binary search over the unencrypted vector representation, and returning a lookup position of the key in the unencrypted vector representation.
  - 7. The system of claim 1, wherein the secure trusted device includes one or more stack machines.
  - 8. The system of claim 7, wherein:
    - receiving the encrypted key value includes receiving, from the untrusted device, an encrypted key value of a key and an indicator identifying a stack program, wherein the number of transmissions is further controlled by;
      
      determining, at the trusted device, the pointer value by performing a binary search over a vector representation of the index, by the stack program that is included in the one or more stack machines, and returning a lookup position of the key in the vector representation.
  - 9. The system of claim 1, wherein the secure trusted device includes one or more field-programmable gate arrays (FPGAs).
  - 10. The system of claim 1, wherein the secure trusted device includes one or more field-programmable gate arrays (FPGAs) that each include a plurality of FPGA cores and a plaintext data cache storing decrypted versions of data corresponding to encrypted versions of data stored in the untrusted device.

11. A system comprising:
- at least one hardware device processor; and
  
  a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to;
  
  control available computation resources on a secure trusted device in a database management system (DBMS) by;
  
  receiving, at the secure, trusted device, from an untrusted device, a request to perform one or more database processing operations on data that is stored in secure, encrypted form at the untrusted device, andinitiating the one or more database processing operations using a plurality of stack machines that are physically hosted at the secure, trusted device.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein:
    - initiating the one or more database processing operations includes initiating the one or more database processing operations in parallel using a plurality of stack machines that are physically hosted at the secure, trusted device.
  - 13. The system of claim 11, wherein:
    - initiating the one or more database processing operations includes initiating the one or more database processing operations in parallel using a plurality of field-programmable gate array (FPGA) cores that are physically hosted at the secure, trusted device that includes one or more FPGAs.
  - 14. The system of claim 11, wherein:
    - receiving the request includes receiving, at the secure, trusted device, from the untrusted device, a plurality of transaction work units that have been queued at the untrusted device prior to transmission of the plurality of transaction work units in a single transmission from the untrusted device to the secure, trusted device, wherein;
      
      initiating the one or more database processing operations includes initiating the one or more database processing operations for the plurality of transaction work units in a batch,wherein controlling the available computation resources includes returning results of the database processing operations for the plurality of transaction work units in a single communication operation.
  - 15. The system of claim 14, wherein:
    - returning the results of the database processing operations for the plurality of transaction work units in a single communication operation includes returning the results as a single Peripheral Component Interconnect Express (PCIe) communication.
  - 16. The system of claim 11, wherein:
    - receiving the request includes receiving, at the untrusted device, one or more intra-transaction batched database transaction processing requests from the untrusted device, each transaction processing request comprising a plurality of query expressions on secure, encrypted data, the plurality of query expressions folded into a single evaluation call for processing at the secure trusted device, whereininitiating the one or more database processing operations includes initiating evaluation of the plurality of query expressions by initiating execution of the single evaluation call using a transaction evaluation primitive operation that is a primitive operation on the secure, trusted device, whereincontrolling the available computation resources includes returning, to the untrusted device, in response to the receiving, results of processing of the intra-transaction batched database transaction processing requests that is performed at the secure trusted device.
  - 17. The system of claim 11, wherein:
    - communication of database data between the untrusted device and the secure, trusted device is performed only on secure, encrypted data.

18. A system comprising:
- at least one hardware device processor; and
  
  a computer-readable storage medium storing executable instructions that, when executed, cause one or more of the at least one hardware device processor to;
  
  control a number of transmissions of secure data that is communicated between a secure trusted device and an unsecure untrusted device in a database management system (DBMS), the data being communicated for database transaction processing in the secure trusted device, the number of transmissions being controlled by;
  
  obtaining, at the untrusted device, one or more intra-transaction batched database transaction processing requests, each transaction processing request comprising a plurality of query expressions on secure, encrypted data, the plurality of query expressions folded into a single evaluation call for processing at the secure trusted device,initiating a transmission in a single communication operation, from the untrusted device, to the secure trusted device, of the one or more intra-transaction batched database transaction processing requests, andreceiving, from the secure trusted device, in response to the transmission, results of processing of the intra-transaction batched database transaction processing requests that is performed at the secure trusted device.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein:
    - obtaining the one or more intra-transaction batched database transaction processing requests includes obtaining the one or more intra-transaction batched database transaction processing requests from a client device that is configured to perform expression folding, to fold the plurality of query expressions into the single evaluation call for processing at the secure trusted device.
  - 20. The system of claim 18, wherein:
    - obtaining the one or more intra-transaction batched database transaction processing requests includes obtaining the one or more intra-transaction batched database transaction processing requests by performing expression folding, to fold the plurality of query expressions into the single evaluation call for processing at the secure trusted device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Kaushik, Raghav, Kossmann, Donald, Arasu, Arvind, Eguro, Kenneth, Joglekar, Manas Rajendra, Ramamurthy, Ravishankar

Granted Patent

US 10,073,981 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/2246   Trees, e.g. B+trees

G06F 16/24552   Database cache management

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/72   in cryptographic circuits

G06F 21/76   in application-specific int...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/088   Usage controlling of secret...

CONTROLLING SECURE PROCESSING OF CONFIDENTIAL DATA IN UNTRUSTED DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONTROLLING SECURE PROCESSING OF CONFIDENTIAL DATA IN UNTRUSTED DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links