What technology area does this patent fall under?

Primary CPC classification G06F21/6281. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Sep 17 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Preemption of a container in a secure computation environment

US10417453B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10417453-B2
Application number	US-201615372307-A
Country	US
Kind code	B2
Filing date	Dec 7, 2016
Priority date	Dec 14, 2015
Publication date	Sep 17, 2019
Grant date	Sep 17, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determination may be made as to whether the container is associated with a preemption privilege and the executing of the container may be terminated after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving a container corresponding to executable code; executing the container in a secure computation environment by performing one or more operations specified by the executable code of the container; receiving, from a high level operating system (HLOS) that is external to the secure computation environment, an instruction to terminate the executing of the container; determining whether the container is associated with a preemption privilege by verifying a cryptographic signature of the container during execution of the container; and terminating, by a processing device, the executing of the container after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege. 2. The method of claim 1 , wherein the terminating of the executing of the container based on whether the container is associated with the preemption privilege comprises: ignoring the instruction from the HLOS in response to determining that the container is associated with the preemption privilege; and terminating the container based on a timer value that is associated with the preemption privilege. 3. The method of claim 2 , wherein the timer value that is associated with the preemption privilege is different than a default timer value of the secure computation environment for another container that is not associated with any preemption privilege. 4. The method of claim 1 , further comprising: determining whether an operation of the one or more operations specified by the executable code of the container that is currently being performed corresponds to a modification of a resource associated with the secure computation environment, wherein the terminating of the executing of the container is further based on the determination of whether the operation that is currently being performed corresponds to the modification of the resource so that the terminating of the execution of the container is performed after a completion of the operation that corresponds to the modification of the resource. 5. The method of claim 4 , wherein the modification of the resource is a write operation to one-time programmable (OTP) memory. 6. The method of claim 1 , wherein determining whether the container is associated with the preemption privilege comprises: verifying that the cryptographic signature is from a root entity that is associated with the container; and in response to verifying the cryptographic signature, adding an amount of time specified by the preemption privilege to a watchdog timer that is associated with the secure computation environment. 7. The method of claim 6 , wherein the watchdog timer corresponds to a maximum amount of time for the secure computation environment to execute the container. 8. A system comprising: a memory; and a processing device operatively coupled with the memory to: receive a container corresponding to executable code; execute the container in a secure computation environment by performing one or more operations specified by the executable code of the container; receive, from a high level operating system (HLOS) that is external to the secure computation environment, an instruction to terminate the executing of the container; determine whether the container is associated with a preemption privilege by verifying a cryptographic signature of the container during execution of the container; and terminate the executing of the container after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege. 9. The system of claim 8 , wherein to terminate the executing of the container based on whether the container is associated with the preemption privilege comprises, the processing device is further to: ignore the instruction from the HLOS in response to determining that the container is associated with the preemption privilege; and terminate the container based on a timer value that is associated with the preemption privilege. 10. The system of claim 9 , wherein the timer value that is associated with the preemption privilege is different than a default timer value of the secure computation environment for another container that is not associated with any preemption privilege. 11. The system of claim 8 , wherein the processing device is further to: determine whether an operation of the one or more operations specified by the executable code of the container that is currently being performed corresponds to a modification of a resource associated with the secure computation environment, wherein the terminating of the executing of the container is further based on the determination of whether the operation that is currently being performed corresponds to the modification of the resource so that the terminating of the execution of the container is performed after a completion of the operation that corresponds to the modification of the resource. 12. The system of claim 11 , wherein the modification of the resource is a write operation to one-time programmable (OTP) memory. 13. The system of claim 8 , wherein to determine whether the container is associated with the preemption privilege, the processing device is further to: verify that the cryptographic signature is from a root entity that is associated with the container; and in response to verifying the cryptographic signature, add an amount of time specified by the preemption privilege to a watchdog timer that is associated with the secure computation environment. 14. The system of claim 13 , wherein the watchdog timer corresponds to a maximum number of processing cycles of the secure computation environment that are used to execute the container. 15. A non-transitory computer readable medium comprising instructions that, when executed by a processing device, cause the processing device to perform operations comprising: receiving a container corresponding to executable code; executing the container in a secure computation environment by performing one or more operations specified by the executable code of the container; receiving, from a high level operating system (HLOS) that is external to the secure computation environment, an instruction to terminate the executing of the container; determining whether the container is associated with a preemption privilege by verifying a cryptographic signature of the container during execution of the container; and terminating, by a processing device, the executing of the container after receiving the instruction from the HLOS based on the determination of whether the container is associated with the preemption privilege. 16. The non-transitory computer readable medium of claim 15 , wherein to terminate the executing of the container based on whether the container is associated with the preemption privilege, the operations further comprise: ignoring the instruction from the HLOS in response to determining that the container is associated with the preemption privilege; and terminating the container based on a timer value that is associated with the preemption privilege. 17. The non-transitory computer readable medium of claim 16 , wherein the timer value that is associated with the preemption privilege is different than a default timer value of the secure computation environment for another container that is not associated with any preemption privilege. 18. The non-transitory computer readable medium of claim 15 , the operations further comprising: determ

Assignees

Cryptography Res Inc

Inventors

Classifications

G06F21/45
Structures or tools for the administration of authentication · CPC title
G06F21/602
Providing cryptographic facilities or services · CPC title
G06F21/6281Primary
at program execution time, where the protection is within the operating system · CPC title
G06F21/52Primary
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title
G06F9/4418
Suspend and resume; Hibernate and awake · CPC title

Patent family

Related publications grouped by family.

View patent family 59018663

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10417453B2 cover?: A container corresponding to executable code may be received. The container may be executed in a secure computation environment by performing one or more operations specified by the executable code of the container. An instruction to terminate the executing of the container may be received from a high level operating system (HLOS) that is external to the secure computation environment. A determ…
Who is the assignee on this patent?: Cryptography Res Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6281. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Sep 17 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Secure software containers

Managing and classifying states

System and method for providing a watchdog timer to enable collection of crash data

Isolating tenants executing in multi-tenant software containers

Frequently asked questions