Secure communication method and apparatus and multimedia device employing the same
US-2016315762-A1 · Oct 27, 2016 · US
Methods for facilitating secure cloud compute environments and devices thereof
US10469272B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10469272-B2 |
| Application number | US-201715663400-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 28, 2017 |
| Priority date | Jul 28, 2017 |
| Publication date | Nov 5, 2019 |
| Grant date | Nov 5, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, non-transitory computer readable media, and computing devices that facilitate secure cloud compute environments are disclosed. A secure application package (SAP) is encrypted with an SAP encryption key. The encrypted SAP is stored on cloud storage. A profiling bitstream is sent to a cloud provider. The profiling bitstream is configured to, when implemented by the HLD, generate and return a profile response, including a bitstream encryption key, which is encrypted with a public key. The profile response is decrypted using a private key and the bitstream encryption key is extracted. An application bitstream is sent to the cloud provider. The application bitstream is encrypted with the bitstream encryption key, includes the SAP encryption key, and is configured to, when implemented by the HLD, obtain the SAP from the cloud storage, decrypt the SAP using the SAP encryption key, and execute an application in a softcore included in the application bitstream.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: decrypting, by a first computing device, a profile response to extract a bitstream encryption key, wherein the profile response is received from a second computing device in response to a profiling bitstream sent to the second computing device; and sending, by the first computing device and to the second computing device, an application bitstream that is encrypted with the bitstream encryption key and includes a secure application package encryption key used to encrypt a secure application package stored at the second computing device. 2. The method of claim 1 , wherein the secure application package comprises an application, data to be used by the application, and an operating system. 3. The method of claim 1 , further comprising storing, by the first computing device, random data, wherein the profiling bitstream further includes challenge logic generated using the random data. 4. The method of claim 3 , further comprising sending, by the first computing device, the application bitstream to the second computing device when integrity check is passed, wherein the integrity check is based on a comparison of a result of an execution of the challenge logic included in the profile response to another result generated from another execution of the challenge logic using the stored random data. 5. The method of claim 1 , further comprising locking, by the first computing device, the application bitstream based on a hardware logic identifier included in the profile response. 6. The method of claim 1 , wherein the profiling bitstream is configured to program a hardware logic device to only accept a subsequent bitstream encrypted with the bitstream encryption key. 7. A non-transitory machine readable medium having stored thereon instructions for facilitating secure cloud compute environments comprising machine executable code which when executed by a first machine causes the first machine to: decrypt a profile response to extract a bitstream encryption key, wherein the profile response is received from a second machine in response to a profiling bitstream sent to the second machine; and sending, to the second machine, an application bitstream that is encrypted with the bitstream encryption key and includes a secure application package encryption key used to encrypt a secure application package stored at the second machine. 8. The non-transitory machine readable medium of claim 7 , wherein the secure application package comprises an application, data to be used by the application, and an operating system. 9. The non-transitory machine readable medium of claim 7 , wherein the machine executable code when executed by the first machine further causes the first machine to store random data, wherein the profiling bitstream further includes challenge logic generated using the random data. 10. The non-transitory machine readable medium of claim 9 , wherein the machine executable code when executed by the first machine further causes the first machine to send the application bitstream to the second machine when integrity check is passed, wherein the integrity check is based on a comparison of a result of an execution of the challenge logic included in the profile response to another result generated from another execution of the challenge logic using the stored random data. 11. The non-transitory machine readable medium of claim 7 , wherein the machine executable code when executed by the first machine further causes the first machine to lock the application bitstream based on a hardware logic identifier included in the profile response. 12. The non-transitory machine readable medium of claim 7 , wherein the profiling bitstream is configured to program a hardware logic device to only accept a subsequent bitstream encrypted with the bitstream encryption key. 13. A first computing device, comprising: a memory containing machine readable medium comprising machine executable code having stored thereon instructions for facilitating secure cloud compute environments; and a processor coupled to the memory, the processor configured to execute the machine executable code to cause the processor to: decrypt a profile response to extract a bitstream encryption key, wherein the profile response is received from a second computing device in response to a profiling bitstream sent to the second computing device; and sending, to the second computing device, an application bitstream that is encrypted with the bitstream encryption key and includes a secure application package encryption key used to encrypt a secure application package stored at the second computing device. 14. The first computing device of claim 13 , wherein the secure application package comprises an application, data to be used by the application, and an operating system. 15. The first computing device of claim 13 , wherein the processor is further configured to execute the machine executable code to further cause the processor to store random data, wherein the profiling bitstream further includes challenge logic generated using the random data. 16. The first computing device of claim 13 , wherein the processor is further configured to execute the machine executable code to further cause the processor to send the application bitstream to the second computing device when integrity check is passed, wherein the integrity check is based on a comparison of a result of an execution of the challenge logic included in the profile response to another result generated from another execution of the challenge logic using the stored random data. 17. The first computing device of claim 13 , wherein the processor is further configured to execute the machine executable code to further cause the processor to lock the application bitstream based on a hardware logic identifier included in the profile response. 18. The first computing device of claim 13 , wherein the profiling bitstream is configured to program a hardware logic device to only accept a subsequent bitstream encrypted with the bitstream encryption key.
Assignees
Inventors
Classifications
using key encryption key · CPC title
- H04L9/3278Primary
using physically unclonable functions [PUF] · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
using a plurality of keys or algorithms · CPC title
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10469272B2 cover?
- Methods, non-transitory computer readable media, and computing devices that facilitate secure cloud compute environments are disclosed. A secure application package (SAP) is encrypted with an SAP encryption key. The encrypted SAP is stored on cloud storage. A profiling bitstream is sent to a cloud provider. The profiling bitstream is configured to, when implemented by the HLD, generate and retu…
- Who is the assignee on this patent?
- Netapp Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3278. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 05 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).