SG11201905461VA - Data sealing with a sealing enclave - Google Patents
Data sealing with a sealing enclaveInfo
- Publication number
- SG11201905461VA SG11201905461VA SG11201905461VA SG11201905461VA SG11201905461VA SG 11201905461V A SG11201905461V A SG 11201905461VA SG 11201905461V A SG11201905461V A SG 11201905461VA SG 11201905461V A SG11201905461V A SG 11201905461VA SG 11201905461V A SG11201905461V A SG 11201905461VA
- Authority
- SG
- Singapore
- Prior art keywords
- enclave
- data
- international
- sealing
- microsoft
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/10—Providing a specific technical effect
- G06F2212/1052—Security improvement
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Medicines Containing Antibodies Or Antigens For Use As Internal Diagnostic Agents (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Buffer Packaging (AREA)
- Packaging For Recording Disks (AREA)
- Computer And Data Communications (AREA)
- Bag Frames (AREA)
Abstract
EnclaveClient Setup 106 Verifica inn 108 100 42 Builds (51) International Patent Classification: GOOF 21/60 (2013.01) GOOF 21/62 (2013.01) (21) International Application Number: PCT/US2017/067455 (22) International Filing Date: 20 December 2017 (20.12.2017) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 15/414,492 24 January 2017 (24.01.2017) US (71) Applicant: MICROSOFT TECHNOLOGY LI- CENSING, LLC [US/US]; One Microsoft Way, Redmond, WA 98052-6399 (US). (72) Inventor: COSTA, Manuel; Microsoft Technology Li- censing, LLC, One Microsoft Way, Redmond, WA 98052-6399 (US). (74) Agent: MINHAS, Sandip, S. et al.; Microsoft Technolo- gy Licensing, LLC, One Microsoft Way, Redmond, WA 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, (54) Title: DATA SEALING WITH A SEALING ENCLAVE Setup Computation En e 4 p t i Results Trusted Hardware 172 Untrusted Software 174 Enclave 176 + I Data 182 I Code 180 T Tr sts Manages Authors Trusts Data Owner Software Provider Trusts FIG. 1 152 V 162 Infrastructure Owner Manufacturer (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 02 August 2018 (02.08.2018) WIP0 I PCT o mons onolo olomollmomiooimmo oimIE (10) International Publication Number WO 2018/140164 Al (57) : Techniques for securely sealing and unsealing enclave data across platforms are presented. Enclave data from a source enclave hosted on a first computer may be securely sealed to a sealing enclave on a second computer, and may further be securely unsealed for a destination enclave on a third computer. Securely transferring an enclave workload from one computer to another is disclosed. [Continued on next page] WO 2018/140164 Al D ill TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(11)) as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.17(iii)) Published: — with international search report (Art. 21(3))
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US15/414,492 US10931652B2 (en) | 2017-01-24 | 2017-01-24 | Data sealing with a sealing enclave |
| PCT/US2017/067455 WO2018140164A1 (en) | 2017-01-24 | 2017-12-20 | Data sealing with a sealing enclave |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| SG11201905461VA true SG11201905461VA (en) | 2019-08-27 |
Family
ID=60972452
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| SG11201905461VA SG11201905461VA (en) | 2017-01-24 | 2017-12-20 | Data sealing with a sealing enclave |
Country Status (19)
| Country | Link |
|---|---|
| US (1) | US10931652B2 (en) |
| EP (2) | EP3798889B1 (en) |
| JP (1) | JP7089529B2 (en) |
| KR (1) | KR102510273B1 (en) |
| CN (1) | CN110199286B (en) |
| AU (1) | AU2017395734B2 (en) |
| BR (1) | BR112019013586A2 (en) |
| CA (1) | CA3048407C (en) |
| CL (1) | CL2019002009A1 (en) |
| CO (1) | CO2019007656A2 (en) |
| IL (1) | IL267948B (en) |
| MX (1) | MX2019008692A (en) |
| MY (1) | MY202282A (en) |
| NZ (1) | NZ754523A (en) |
| PH (1) | PH12019550115A1 (en) |
| RU (1) | RU2759329C2 (en) |
| SG (1) | SG11201905461VA (en) |
| WO (1) | WO2018140164A1 (en) |
| ZA (1) | ZA201903704B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10911451B2 (en) | 2017-01-24 | 2021-02-02 | Microsoft Technology Licensing, Llc | Cross-platform enclave data sealing |
| US11443033B2 (en) | 2017-01-24 | 2022-09-13 | Microsoft Technology Licensing, Llc | Abstract enclave identity |
| EP3762846B1 (en) * | 2018-04-11 | 2023-06-07 | Google LLC | Mutually distrusting enclaves |
| US10691621B2 (en) * | 2018-04-12 | 2020-06-23 | Sony Interactive Entertainment Inc. | Data cache segregation for spectre mitigation |
| US20210406386A1 (en) * | 2018-05-28 | 2021-12-30 | Royal Bank Of Canada | System and method for multiparty secure computing platform |
| US11934540B2 (en) | 2018-05-28 | 2024-03-19 | Royal Bank Of Canada | System and method for multiparty secure computing platform |
| US11443072B2 (en) | 2018-06-29 | 2022-09-13 | Microsoft Technology Licensing, Llc | Peripheral device with resource isolation |
| US11126757B2 (en) * | 2018-10-19 | 2021-09-21 | Microsoft Technology Licensing, Llc | Peripheral device |
| US11741196B2 (en) | 2018-11-15 | 2023-08-29 | The Research Foundation For The State University Of New York | Detecting and preventing exploits of software vulnerability using instruction tags |
| US11416633B2 (en) * | 2019-02-15 | 2022-08-16 | International Business Machines Corporation | Secure, multi-level access to obfuscated data for analytics |
| US11316687B2 (en) * | 2019-03-04 | 2022-04-26 | Cypress Semiconductor Corporation | Encrypted gang programming |
| WO2020200411A1 (en) * | 2019-04-01 | 2020-10-08 | Telefonaktiebolaget Lm Ericsson (Publ) | Attestation of trusted execution environments |
| US11356367B2 (en) * | 2019-11-22 | 2022-06-07 | Red Hat, Inc. | Secure preloading of serverless function sequences |
| CN113139175A (en) * | 2020-01-19 | 2021-07-20 | 阿里巴巴集团控股有限公司 | Processing unit, electronic device, and security control method |
| US11627116B2 (en) * | 2020-03-02 | 2023-04-11 | Fortanix, Inc. | Secure computation of multiparty data |
| US11700125B2 (en) | 2020-10-05 | 2023-07-11 | Redcom Laboratories, Inc. | zkMFA: zero-knowledge based multi-factor authentication system |
| US20240152641A1 (en) * | 2021-03-02 | 2024-05-09 | Roche Diagnostics Operations, Inc. | Secure collaborative laboratory data analytics system |
| EP4420024A1 (en) * | 2021-10-22 | 2024-08-28 | Microsoft Technology Licensing, LLC | Secure authentication using attestation tokens and inviolable quotes to validate request origins |
| US12013954B2 (en) * | 2022-03-31 | 2024-06-18 | Intel Corporation | Scalable cloning and replication for trusted execution environments |
| CN117493344B (en) * | 2023-11-09 | 2024-07-26 | 兰州大学 | Data organization method based on confidential computing technology |
Family Cites Families (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8839450B2 (en) | 2007-08-02 | 2014-09-16 | Intel Corporation | Secure vault service for software components within an execution environment |
| US7712143B2 (en) * | 2006-09-27 | 2010-05-04 | Blue Ridge Networks, Inc. | Trusted enclave for a computer system |
| US8208637B2 (en) | 2007-12-17 | 2012-06-26 | Microsoft Corporation | Migration of computer secrets |
| US8549625B2 (en) * | 2008-12-12 | 2013-10-01 | International Business Machines Corporation | Classification of unwanted or malicious software through the identification of encrypted data communication |
| KR20110035573A (en) * | 2009-09-30 | 2011-04-06 | 주식회사 케이티 | Method for providing safety of virtual machine installation in cloud computing environment |
| US8972746B2 (en) * | 2010-12-17 | 2015-03-03 | Intel Corporation | Technique for supporting multiple secure enclaves |
| US9009475B2 (en) | 2011-04-05 | 2015-04-14 | Apple Inc. | Apparatus and methods for storing electronic access clients |
| US8984610B2 (en) | 2011-04-18 | 2015-03-17 | Bank Of America Corporation | Secure network cloud architecture |
| US8176283B1 (en) * | 2011-09-26 | 2012-05-08 | Google Inc. | Permissions of objects in hosted storage |
| AU2013263340B2 (en) * | 2012-05-16 | 2015-05-14 | Okta, Inc. | Systems and methods for providing and managing distributed enclaves |
| US8438631B1 (en) * | 2013-01-24 | 2013-05-07 | Sideband Networks, Inc. | Security enclave device to extend a virtual secure processing environment to a client device |
| WO2014196966A1 (en) * | 2013-06-04 | 2014-12-11 | Intel Corporation | Technologies for hardening the security of digital information on client platforms |
| US9276750B2 (en) * | 2013-07-23 | 2016-03-01 | Intel Corporation | Secure processing environment measurement and attestation |
| EP3033707A4 (en) * | 2013-08-12 | 2017-03-29 | Graphite Software Corporation | Secure authentication and switching to encrypted domains |
| US9430642B2 (en) | 2013-09-17 | 2016-08-30 | Microsoft Technology Licensing, Llc | Providing virtual secure mode with different virtual trust levels each having separate memory access protections, interrupt subsystems and private processor states |
| WO2015060858A1 (en) * | 2013-10-24 | 2015-04-30 | Intel Corporation | Methods and apparatus for protecting software from unauthorized copying |
| KR101801567B1 (en) * | 2013-12-19 | 2017-11-27 | 인텔 코포레이션 | Policy-based trusted inspection of rights managed content |
| US9355262B2 (en) * | 2013-12-27 | 2016-05-31 | Intel Corporation | Modifying memory permissions in a secure processing environment |
| US9462001B2 (en) * | 2014-01-15 | 2016-10-04 | Cisco Technology, Inc. | Computer network access control |
| US9792427B2 (en) * | 2014-02-07 | 2017-10-17 | Microsoft Technology Licensing, Llc | Trusted execution within a distributed computing system |
| US9584517B1 (en) * | 2014-09-03 | 2017-02-28 | Amazon Technologies, Inc. | Transforms within secure execution environments |
| US9461994B2 (en) * | 2014-11-26 | 2016-10-04 | Intel Corporation | Trusted computing base evidence binding for a migratable virtual machine |
| US9940456B2 (en) | 2014-12-16 | 2018-04-10 | Intel Corporation | Using trusted execution environments for security of code and data |
| US9904803B2 (en) | 2015-03-25 | 2018-02-27 | Intel Corporation | Technologies for hardening data encryption with secure enclaves |
| US20160335453A1 (en) * | 2015-05-15 | 2016-11-17 | Gina Kounga | Managing Data |
| US9954950B2 (en) * | 2015-12-23 | 2018-04-24 | Intel Corporation | Attestable information flow control in computer systems |
| US10565370B2 (en) * | 2015-12-24 | 2020-02-18 | Intel Corporation | System and method for enabling secure memory transactions using enclaves |
| CN105991647B (en) * | 2016-01-21 | 2019-06-28 | 李明 | A kind of method of data transmission |
| US10469265B2 (en) * | 2016-03-31 | 2019-11-05 | Intel Corporation | Technologies for secure inter-enclave communications |
| US10437985B2 (en) * | 2016-10-01 | 2019-10-08 | Intel Corporation | Using a second device to enroll a secure application enclave |
| US10338957B2 (en) | 2016-12-27 | 2019-07-02 | Intel Corporation | Provisioning keys for virtual machine secure enclaves |
| US10530777B2 (en) | 2017-01-24 | 2020-01-07 | Microsoft Technology Licensing, Llc | Data unsealing with a sealing enclave |
| US10372945B2 (en) | 2017-01-24 | 2019-08-06 | Microsoft Technology Licensing, Llc | Cross-platform enclave identity |
-
2017
- 2017-01-24 US US15/414,492 patent/US10931652B2/en active Active
- 2017-12-20 SG SG11201905461VA patent/SG11201905461VA/en unknown
- 2017-12-20 CA CA3048407A patent/CA3048407C/en active Active
- 2017-12-20 BR BR112019013586-3A patent/BR112019013586A2/en unknown
- 2017-12-20 NZ NZ754523A patent/NZ754523A/en unknown
- 2017-12-20 AU AU2017395734A patent/AU2017395734B2/en active Active
- 2017-12-20 EP EP20208027.1A patent/EP3798889B1/en active Active
- 2017-12-20 JP JP2019539980A patent/JP7089529B2/en active Active
- 2017-12-20 EP EP17829497.1A patent/EP3574439B1/en active Active
- 2017-12-20 CN CN201780084410.0A patent/CN110199286B/en active Active
- 2017-12-20 WO PCT/US2017/067455 patent/WO2018140164A1/en unknown
- 2017-12-20 KR KR1020197021624A patent/KR102510273B1/en active IP Right Grant
- 2017-12-20 MX MX2019008692A patent/MX2019008692A/en unknown
- 2017-12-20 MY MYPI2019003995A patent/MY202282A/en unknown
- 2017-12-20 RU RU2019126623A patent/RU2759329C2/en active
-
2019
- 2019-06-10 ZA ZA2019/03704A patent/ZA201903704B/en unknown
- 2019-06-28 PH PH12019550115A patent/PH12019550115A1/en unknown
- 2019-07-09 IL IL267948A patent/IL267948B/en unknown
- 2019-07-16 CO CONC2019/0007656A patent/CO2019007656A2/en unknown
- 2019-07-18 CL CL2019002009A patent/CL2019002009A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| US20180212939A1 (en) | 2018-07-26 |
| EP3574439B1 (en) | 2021-01-20 |
| PH12019550115A1 (en) | 2019-12-02 |
| AU2017395734A1 (en) | 2019-07-04 |
| EP3798889B1 (en) | 2022-09-28 |
| CL2019002009A1 (en) | 2019-12-13 |
| KR102510273B1 (en) | 2023-03-14 |
| BR112019013586A2 (en) | 2020-01-07 |
| RU2019126623A3 (en) | 2021-04-16 |
| US10931652B2 (en) | 2021-02-23 |
| KR20190108575A (en) | 2019-09-24 |
| ZA201903704B (en) | 2020-10-28 |
| JP7089529B2 (en) | 2022-06-22 |
| AU2017395734B2 (en) | 2021-11-18 |
| JP2020505700A (en) | 2020-02-20 |
| CO2019007656A2 (en) | 2019-07-31 |
| CN110199286A (en) | 2019-09-03 |
| RU2019126623A (en) | 2021-02-26 |
| MX2019008692A (en) | 2019-09-11 |
| WO2018140164A1 (en) | 2018-08-02 |
| EP3574439A1 (en) | 2019-12-04 |
| RU2759329C2 (en) | 2021-11-11 |
| CN110199286B (en) | 2023-04-14 |
| CA3048407C (en) | 2024-06-04 |
| IL267948A (en) | 2019-09-26 |
| EP3798889A1 (en) | 2021-03-31 |
| IL267948B (en) | 2022-01-01 |
| CA3048407A1 (en) | 2018-08-02 |
| MY202282A (en) | 2024-04-22 |
| NZ754523A (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| SG11201905461VA (en) | Data sealing with a sealing enclave | |
| SG11201905460SA (en) | Data unsealing with a sealing enclave | |
| SG11201905463TA (en) | Abstract enclave identity | |
| SG11201809866PA (en) | Cryptographic applications for a blockchain system | |
| SG11201903604PA (en) | Iot security service | |
| SG11201902981RA (en) | Iot provisioning service | |
| SG11201810587VA (en) | Docking station for motorised vehicles | |
| SG11201804506RA (en) | Systems and methods for rendering multiple levels of detail | |
| SG11201804696RA (en) | Techniques for metadata processing | |
| SG11201907320YA (en) | Trusted login method, server, and system | |
| SG11201805532XA (en) | Multivalent and multispecific 41bb-binding fusion proteins | |
| SG11201903882VA (en) | Il-2 variants for the treatment of autoimmune diseases | |
| SG11201908283TA (en) | Obfuscation of user content in structured user data files | |
| SG11201900269XA (en) | Channel sensing for independent links | |
| SG11201809872TA (en) | Using hardware based secure isolated region to prevent piracy and cheating on electronic devices | |
| SG11201907665QA (en) | Intelligent rope or cable termination | |
| SG11202000330XA (en) | Concept for generating an enhanced sound field description or a modified sound field description using a multi-point sound field description | |
| SG11201908293QA (en) | Selective application of reprojection processing on layer sub-regions for optimizing late stage reprojection power | |
| SG11201908288XA (en) | Configurable annotations for privacy-sensitive user content | |
| SG11201809912UA (en) | Hybrid carriers for nucleic acid cargo | |
| SG11201809963XA (en) | Application framework using blockchain-based asset ownership | |
| SG11201900480YA (en) | Anti-tim-3 antibodies | |
| SG11201909454QA (en) | Container-based virtual camera rotation | |
| SG11201905458WA (en) | Addressing a trusted execution environment using signing key | |
| SG11201908067VA (en) | Opportunistic timing of device notifications |