Method and apparatus for cloud-assisted cryptography
First Claim
Patent Images
1. A system comprising:
- a hardware processor that includes;
attestation hardware logic to generate an attestation of a security level of the system responsive to an attestation request received from a consuming device and included in a secure session request and send the attestation to the consuming device to enable a secure session to be established between the system and consuming device;
private key decryption hardware logic to decrypt an encrypted private key received from the consuming device using a second private key of the system to produce a private key, the encrypted private key encrypted by a content source using a public key of the system; and
symmetric key decryption hardware logic to receive the private key from the private key decryption hardware logic, decrypt an encrypted symmetric key received from the consuming device, and after decryption of the encrypted symmetric key provide the symmetric key to the consuming device, wherein the decryption is performed using the private key, wherein prior to receipt of the encrypted private key and the encrypted symmetric key from the consuming device, the system is to establish a trusted execution environment (TEE), the system comprising a cloud computational server; and
a dynamic random access memory (DRAM) coupled to the hardware processor.
1 Assignment
0 Petitions
Accused Products
Abstract
In an embodiment, a system includes a processor that includes private key decryption logic to decrypt an encrypted private key received from a consuming device to produce a private key, and symmetric key decryption logic to receive the private key from the private key decryption logic and to decrypt an encrypted symmetric key received from the consuming device using the private key. The system also includes a dynamic random access memory (DRAM) coupled to the processor. Other embodiments are described and claimed.
18 Citations
16 Claims
-
1. A system comprising:
-
a hardware processor that includes; attestation hardware logic to generate an attestation of a security level of the system responsive to an attestation request received from a consuming device and included in a secure session request and send the attestation to the consuming device to enable a secure session to be established between the system and consuming device; private key decryption hardware logic to decrypt an encrypted private key received from the consuming device using a second private key of the system to produce a private key, the encrypted private key encrypted by a content source using a public key of the system; and symmetric key decryption hardware logic to receive the private key from the private key decryption hardware logic, decrypt an encrypted symmetric key received from the consuming device, and after decryption of the encrypted symmetric key provide the symmetric key to the consuming device, wherein the decryption is performed using the private key, wherein prior to receipt of the encrypted private key and the encrypted symmetric key from the consuming device, the system is to establish a trusted execution environment (TEE), the system comprising a cloud computational server; and a dynamic random access memory (DRAM) coupled to the hardware processor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one non-transitory computer readable storage medium comprising instructions that when executed enable a system to perform a method comprising:
-
receiving, by a cloud computational server (CCS) that includes at least one hardware processor, a request from a consuming device for a security attestation and providing the security attestation via an attestation hardware logic of the CCS responsive to the request; thereafter receiving, by the CCS, a request from the consuming device to decrypt an encrypted symmetric key; receiving the encrypted symmetric key and an encrypted private key comprising a private key that has been encrypted by a content source via a public key of the CCS; decrypting, in a private key decryption hardware logic of the CCS, the first encrypted private key using a second private key of the CCS to produce the private key; and after decrypting the first encrypted private key, decrypting, in a symmetric key decryption hardware logic of the CCS, the encrypted symmetric key using the private key to produce a symmetric key. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a hardware processor including; secure session hardware logic to; provide a consuming device security attestation to a cloud cryptographic service (CCS) prior to establishment of a secure communication session; initiate the secure communication session with the CCS; provide to the CCS, via the secure communication session, a request to decrypt an encrypted symmetric key that is encrypted by a content source via a private key, the encrypted symmetric key, and an encrypted private key including the private key that is encrypted via public key encryption associated with the CCS; and receive, from the CCS, the symmetric key responsive the request to decrypt the encrypted symmetric key; and decryption hardware logic to decrypt, using the symmetric key, an encrypted data file to produce an unencrypted data file; and a dynamic random access memory (DRAM). - View Dependent Claims (15, 16)
-
Specification