Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020072188 - ENCLAVE FORK SUPPORT

Publication Number WO/2020/072188
Publication Date 09.04.2020
International Application No. PCT/US2019/051219
International Filing Date 16.09.2019
IPC
G06F 21/12 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
12Protecting executable software
G06F 21/44 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
44Program or device authentication
G06F 21/53 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/57 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/60 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
G06F 21/74 2013.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
71to assure secure computing or processing of information
74operating in dual or compartmented mode, i.e. at least one secure mode
CPC
G06F 21/12
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
12Protecting executable software
G06F 21/445
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
44Program or device authentication
445by mutual authentication, e.g. between devices or programs
G06F 21/53
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
52during program execution, e.g. stack integrity ; ; Preventing unwanted data erasure; Buffer overflow
53by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/57
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/60
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
G06F 21/602
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
60Protecting data
602Providing cryptographic facilities or services
Applicants
  • GOOGLE LLC [US]/[US]
Inventors
  • MOYER, Keith
  • SAVAGAONKAR, Uday
  • CAI, Chong
  • GINGELL, Matthew
  • SAPEK, Anna
Agents
  • CHEN, Si
  • PORTER, Tim
  • DAVID, Sidney
  • KRUMHOLZ, Arnold, H.
  • LITTENBERG, Joseph, S.
Priority Data
16/153,03905.10.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) ENCLAVE FORK SUPPORT
(FR) PRISE EN CHARGE D'AUTOCLONAGE D'ENCLAVE
Abstract
(EN)
A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.
(FR)
L'invention concerne la prise en charge d'un autoclonage permettant de dupliquer une application en exécution à l'intérieur d'une entité d'enclave. À cet effet, une demande de duplication d'une application en exécution à l'intérieur d'une première enclave peut être reçue par un ou plusieurs processeurs d'un dispositif informatique hôte de la première enclave. Un instantané de la première enclave comprenant l'application peut être généré. L'instantané peut être chiffré à l'aide d'une clé d'instantané et copié dans une mémoire non sécurisée de l'hôte. Une seconde enclave peut être générée. La clé d'instantané peut être envoyée depuis la première enclave vers la seconde enclave par l'intermédiaire d'un canal de communication sécurisé. L'instantané chiffré peut être copié depuis la mémoire non sécurisée de l'hôte dans la seconde enclave. L'instantané chiffré peut être déchiffré à l'intérieur de la seconde enclave à l'aide de la clé d'instantané.
Also published as
Latest bibliographic data on file with the International Bureau