Encave pool management

US 10,740,455 B2
Filed: 05/11/2017
Issued: 08/11/2020
Est. Priority Date: 05/11/2017
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a device including at least one memory adapted to store run-time data for the device, and at least one processor that is adapted to execute processor-executable code that, in response to execution, enables the device to perform actions, including;

forming an enclave pool, wherein the enclave pool includes a plurality of enclaves, wherein the enclaves are secure execution environments, and wherein each enclave of the enclave pool has an enclave key pair including a private enclave key and a public enclave key;

registering the public enclave key of each enclave in the enclave pool in an enclave pool registry;

generating a shared enclave pool key that is derived from the public enclave key of each enclave of the enclave pool;

storing, in a shared key ledger, the shared enclave pool key as a first version of the shared enclave pool key;

each time a change in membership occurs to the enclave pool;

updating the enclave pool registry based on the change in membership to the enclave pool, such that the updated enclave pool registry includes a registration of the public enclave key of each enclave in the changed enclave pool;

replacing the shared enclave pool key with an updated shared enclave pool key that is derived from the public enclave key of each enclave in the changed enclave pool; and

storing, in the shared key ledger, the updated shared enclave pool key as another version of the shared enclave pool key;

allocating a first enclave of the enclave pool to a first cryptlet;

receiving a payload of the first enclave such that the payload of the first enclave has a first digital signature by the private enclave key of the first enclave;

allocating a second enclave of the enclave pool to the first cryptlet;

receiving a payload of the second enclave such that the payload of the second enclave has a second digital signature by the private enclave key of the second enclave;

validating the first digital signature against each version of the shared enclave pool key in the shared key ledger; and

validating the second digital signature against each version of the shared enclave pool key in the shared key ledger.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The public enclave key of each enclave in an enclave pool may be registered in an enclave pool registry, and the registry updated each time there is an enclave pool membership change. A shared enclave pool key may be derived from the public enclave key of each enclave of the enclave pool. The shared enclave pool key may be stored, in a shared key ledger, as a first version of the shared enclave key, and an updated version of the shared key may be generated and stored as another version each time there is an enclave pool membership change. The output of a cryptlet that executed in multiple enclaves may be signed with the enclave private key of each enclave in which the cryptlet executed. Each enclave signature may be compared against each version of the of the shared enclave pool key in the shared key ledger.

96 Citations

View as Search Results

20 Claims

1. An apparatus, comprising:
- a device including at least one memory adapted to store run-time data for the device, and at least one processor that is adapted to execute processor-executable code that, in response to execution, enables the device to perform actions, including;
  
  forming an enclave pool, wherein the enclave pool includes a plurality of enclaves, wherein the enclaves are secure execution environments, and wherein each enclave of the enclave pool has an enclave key pair including a private enclave key and a public enclave key;
  
  registering the public enclave key of each enclave in the enclave pool in an enclave pool registry;
  
  generating a shared enclave pool key that is derived from the public enclave key of each enclave of the enclave pool;
  
  storing, in a shared key ledger, the shared enclave pool key as a first version of the shared enclave pool key;
  
  each time a change in membership occurs to the enclave pool;
  
  updating the enclave pool registry based on the change in membership to the enclave pool, such that the updated enclave pool registry includes a registration of the public enclave key of each enclave in the changed enclave pool;
  
  replacing the shared enclave pool key with an updated shared enclave pool key that is derived from the public enclave key of each enclave in the changed enclave pool; and
  
  storing, in the shared key ledger, the updated shared enclave pool key as another version of the shared enclave pool key;
  
  allocating a first enclave of the enclave pool to a first cryptlet;
  
  receiving a payload of the first enclave such that the payload of the first enclave has a first digital signature by the private enclave key of the first enclave;
  
  allocating a second enclave of the enclave pool to the first cryptlet;
  
  receiving a payload of the second enclave such that the payload of the second enclave has a second digital signature by the private enclave key of the second enclave;
  
  validating the first digital signature against each version of the shared enclave pool key in the shared key ledger; and
  
  validating the second digital signature against each version of the shared enclave pool key in the shared key ledger.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, the actions further comprising:
    - allocating a third enclave of the enclave pool to the first cryptlet;
      
      receiving a payload of the third enclave such that the payload of the third enclave has a third digital signature by the private enclave key of the third enclave; and
      
      further validating, via the shared enclave pool key, the third digital signature.
  - 3. The apparatus of claim 1, wherein the enclaves of the plurality of enclaves are private, tamper-resistant execution environments that are secure from external interference.
  - 4. The apparatus of claim 1, wherein each enclave of the plurality of enclaves is at least one of a Virtual Secure Machine or a secure hardware enclave.
  - 5. The apparatus of claim 1, wherein the enclaves of the plurality of enclaves are secure execution environments in which code can be run in an isolated, private environment and for which results of the secure execution are capable of being attested to have run unaltered and in private.
  - 6. The apparatus of claim 1, wherein the first enclave is a hardware enclave, and wherein the private key of the first enclave is etched in silicon.
  - 7. The apparatus of claim 1, wherein updating the enclave pool registry based on the change in membership to the enclave pool includes updating the enclave pool registry so that the enclave pool registry indicates, for each enclave in the updated enclave pool, an enclave type of the enclave.
  - 8. The apparatus of claim 7, wherein the enclave type includes an indication as to whether the enclave is a software enclave or a hardware enclave.
  - 9. The apparatus of claim 7, wherein allocating the first enclave of the enclave pool to the first cryptlet is accomplished that the first enclave of the enclave pool is selected based on an enclave type requirement of the first cryptlet such that the first cryptlet is a cryptlet having a cryptlet type corresponding to the enclave type requirement of the first cryptlet.

10. A method, comprising:
- each time a change in membership occurs to an enclave pool, wherein the enclave pool includes a plurality of enclaves, wherein the enclaves are secure execution environments, and wherein each enclave of the enclave pool has an enclave key pair including a private enclave key and a public enclave key;
  
  updating an enclave pool registry that is associated with the enclave pool based on the change in membership to the enclave pool, such that the updated enclave pool registry includes a registration of the public enclave key of each enclave in the changed enclave pool;
  
  replacing a shared enclave pool key that is associated with the enclave pool with an updated shared enclave pool key that is derived from the public enclave key of each enclave in the changed enclave pool; and
  
  storing, in a shared key ledger, a version of the shared enclave pool key; and
  
  validating at least one payload of at least one enclave of the changed enclave pool based on the shared enclave pool key.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein each enclave of the plurality of enclaves is at least one of a Virtual Secure Machine or a secure hardware enclave.
  - 12. The method of claim 10, wherein updating the enclave pool registry based on the change in membership to the enclave pool includes updating the enclave pool registry so that the enclave pool registry indicates, for each enclave in the updated enclave pool, an enclave type of the enclave.
  - 13. The method of claim 12, wherein the enclave type includes an indication as to whether the enclave is a software enclave or a hardware enclave.
  - 14. The method of claim 12, further comprising allocating a first enclave of the enclave pool to a first cryptlet, wherein allocating the first enclave of the enclave pool to the first cryptlet is accomplished that the first enclave of the enclave pool is selected based on an enclave type requirement of the first cryptlet such that the first cryptlet is a cryptlet having a cryptlet type corresponding to the enclave type requirement of the first cryptlet.
  - 15. The method of claim 10, further comprising:
    - allocating a first enclave of the enclave pool to a first cryptlet;
      
      receiving a payload of the first enclave such that the payload of the first enclave has a first digital signature by the private enclave key of the first enclave;
      
      allocating a second enclave of the enclave pool to the first cryptlet;
      
      receiving a payload of the second enclave such that the payload of the second enclave has a second digital signature by the private enclave key of the second enclave;
      
      validating the first digital signature against each version of the shared enclave pool key in the shared key ledger; and
      
      validating the second digital signature against each version of the shared enclave pool key in the shared key ledger.
  - 16. The method of claim 15, further comprising:
    - allocating a third enclave of the enclave pool to the first cryptlet;
      
      receiving a payload of the third enclave such that the payload of the third enclave has a third digital signature by the private enclave key of the third enclave; and
      
      validating the third digital signature against each version of the of the shared enclave pool key in the shared key ledger.

17. A processor-readable storage medium, having stored thereon processor-executable code that, upon execution by at least one processor, enables actions, comprising:
- upon a membership change occurring with an enclave pool, wherein the enclave pool includes a plurality of enclaves;
  
  updating a shared enclave pool key that is associated with the enclave pool with an updated shared enclave pool key that is generated based on a public enclave key of each enclave in the changed enclave pool; and
  
  adding, to a shared key ledger, a version of the shared enclave pool key; and
  
  validating at least one payload of at least one enclave of the changed enclave pool based on the shared enclave pool key.
- View Dependent Claims (18, 19, 20)
- - 18. The processor-readable storage medium of claim 17, wherein each enclave of the plurality of enclaves is at least one of a Virtual Secure Machine or a secure hardware enclave.
  - 19. The processor-readable storage medium of claim 17, wherein the enclaves of the plurality of enclaves are secure execution environments in which code can be run in an isolated, private environment and for which results of the secure execution are capable of being attested to have run unaltered and in private.
  - 20. The processor-readable storage medium of claim 17, the actions further comprising:
    - allocating a first enclave of the enclave pool to a first cryptlet;
      
      receiving a payload of the first enclave such that the payload of the first enclave has a first digital signature by the private enclave key of the first enclave;
      
      allocating a second enclave of the enclave pool to the first cryptlet;
      
      receiving a payload of the second enclave such that the payload of the second enclave has a second digital signature by the private enclave key of the second enclave;
      
      validating the first digital signature against each version of the shared enclave pool key in the shared key ledger; and
      
      validating the second digital signature against each version of the shared enclave pool key in the shared key ledger.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Gray, John Marley
Primary Examiner(s)
Kincaid, Kristine L
Assistant Examiner(s)
Lapian, Alexander R

Application Number

US15/592,867
Publication Number

US 20180330079A1
Time in Patent Office

1,188 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/602   Providing cryptographic fac...

H04L 63/065   for group communications cr...

H04L 63/123   received data contents, e.g...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

Encave pool management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

96 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Encave pool management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links