Protecting communications with hardware accelerators for increased workflow security
First Claim
1. A method of increasing workflow security in a data center, the method comprising:
- receiving, at a computing device of the data center, an encrypted communication from a customer of the data center;
providing, to a hardware accelerator hosted by the computing device, the encrypted communication, the hardware accelerator comprising a Field Programmable Gate Array (FPGA) device;
decrypting, on the hardware accelerator, the encrypted communication using cryptographic information that is stored within the hardware accelerator and is only accessible to the hardware accelerator, the cryptographic information having been provided by the customer;
retrieving, by the computing device, on behalf of the hardware accelerator, encrypted data stored on a storage device that is communicationally coupled to the computing device, the retrieving being responsive to the decrypting;
providing, to the hardware accelerator, the encrypted data; and
decrypting, on the hardware accelerator, the encrypted data using the cryptographic information;
wherein the workflow security comprises communications to and from the customer and data comprising the encrypted data.
1 Assignment
0 Petitions
Accused Products
Abstract
To protect customer data and provide increased workflow security for processing requested by a customer, a secure communicational channel can be established between a customer and one or more hardware accelerators such that even processes executing on a host computing device hosting such hardware accelerators are excluded from the secure communicational channel. An encrypted bitstream is provided to hardware accelerators and the hardware accelerators obtain therefrom cryptographic information supporting the secure communicational channel with the customer. Such cryptographic information is stored and used exclusively from within the hardware accelerator, rendering it inaccessible to processes executing on a host computing device. The cryptographic information can be a shared secret, an appropriate one of a pair of cryptographic keys, or other like cryptographic information. Similarly, the encrypted bitstream can comprise the cryptographic information, computer-executable instructions executable by the processing circuitry of the hardware accelerator to derive such cryptographic information, or combinations thereof.
32 Citations
20 Claims
-
1. A method of increasing workflow security in a data center, the method comprising:
-
receiving, at a computing device of the data center, an encrypted communication from a customer of the data center; providing, to a hardware accelerator hosted by the computing device, the encrypted communication, the hardware accelerator comprising a Field Programmable Gate Array (FPGA) device; decrypting, on the hardware accelerator, the encrypted communication using cryptographic information that is stored within the hardware accelerator and is only accessible to the hardware accelerator, the cryptographic information having been provided by the customer; retrieving, by the computing device, on behalf of the hardware accelerator, encrypted data stored on a storage device that is communicationally coupled to the computing device, the retrieving being responsive to the decrypting; providing, to the hardware accelerator, the encrypted data; and decrypting, on the hardware accelerator, the encrypted data using the cryptographic information; wherein the workflow security comprises communications to and from the customer and data comprising the encrypted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computing device providing increased workflow security in a data center, the computing device comprising:
-
a general-purpose central processing unit; a hardware accelerator comprising a Field Programmable Gate Array (FPGA) device; a network interface; a first set of one or more computer-readable storage media comprising computer-executable instructions, which, when executed by the general-purpose central processing unit, cause the computing device to; receive an encrypted communication from a customer of the data center; provide, to the hardware accelerator, the encrypted communication; retrieve, on behalf of the hardware accelerator, encrypted data stored on a storage device that is communicationally coupled to the computing device; and provide, to the hardware accelerator, the encrypted data; and a second set of one or more computer-readable storage media comprising computer-executable instructions, which, when executed by the hardware accelerator, cause the hardware accelerator to; decrypt the encrypted communication using cryptographic information that is stored within the hardware accelerator and is only accessible to the hardware accelerator, the cryptographic information having been provided by the customer, wherein the retrieving performed by the computing device is performed responsive to the decrypting; and decrypt the encrypted data using the cryptographic information; wherein the workflow security comprises communications to and from the customer and data comprising the encrypted data. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A system providing increased workflow security in a data center, the system comprising:
- a computer device of the data center configured to perform steps comprising;
receiving an encrypted communication from a customer of the data center;
providing, to a hardware accelerator, the encrypted communication;
retrieving, on behalf of the hardware accelerator, encrypted data stored on a storage device that is communicationally coupled to the computing device; and
providing, to the hardware accelerator, the encrypted data; and
the hardware accelerator comprising a Field Programmable Gate Array (FPGA) device, the hardware accelerator configured to perform steps comprising;
decrypting the encrypted communication using cryptographic information that is stored within the hardware accelerator and is only accessible to the hardware accelerator, the cryptographic information having been provided by the customer, wherein the retrieving performed by the computing device is performed responsive to the decrypting; and
decrypting the encrypted data using the cryptographic information;
wherein the workflow security comprises communications to and from the customer and data comprising the encrypted data.
- a computer device of the data center configured to perform steps comprising;
Specification