Providing high availability computing service by issuing a certificate
US-10790979-B1 · Sep 29, 2020 · US
Providing high availability computing service by issuing a certificate
US10972272B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10972272-B2 |
| Application number | US-202017035415-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 28, 2020 |
| Priority date | Aug 29, 2019 |
| Publication date | Apr 6, 2021 |
| Grant date | Apr 6, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for distributing a certificate to a trusted computing unit, the method comprising: receiving, by a trusted certificate generator, a first certificate request from a first computing unit running a first computing task, wherein a plurality of copies of the first computing task are executed by a plurality of computing units, the first computing unit is one of the plurality of computing units, the first certificate request comprises first authentication information comprising a first code hash of the first computing task; performing, by the trusted certificate generator, authentication on the first computing unit based on the first authentication information; in response to authenticating the first computing unit based on the first authentication information, obtaining, by the trusted certificate generator, a first certificate chain and a first private key that are generated for the first code hash, wherein the first certificate chain comprises a first root certificate and a corresponding first public key certificate, and the first public key certificate matches the first private key to form a first certificate pair; and sending, by the trusted certificate generator, a first certificate report to the first computing unit, wherein the first certificate report comprises the first certificate pair, thereby enabling the first computing unit to use itself as a transport layer security (TLS) server and to use the first certificate pair as a certificate pair of the TLS server. 2. The computer-implemented method of claim 1 , wherein the first authentication information is an authentication result file authenticated by a third-party authentication institution, and the authentication result file comprises signature information of the third-party authentication institution; and performing authentication on the first computing unit based on the first authentication information comprises verifying the signature information, and in response to determining that the verification succeeds, determining that the authentication on the first computing unit succeeds. 3. The computer-implemented method of claim 1 , wherein the first authentication information is a unit report file generated by the first computing unit, and the unit report file comprises the first code hash and signature information of the first computing unit; and performing authentication on the first computing unit based on the first authentication information comprises: sending the unit report file to a third-party authentication institution to obtain an authentication result file, wherein the authentication result file comprises signature information of the third-party authentication institution; and verifying the signature information, and in response to determining that the verification succeeds, determining that the authentication on the first computing unit succeeds. 4. The computer-implemented method of claim 1 , wherein obtaining the first certificate chain and the first private key that are generated for the first code hash comprises: determining whether there is a generated first certificate chain corresponding to the first code hash; and when there is a generated first certificate chain corresponding to the first code hash, reading the generated first certificate chain; or when there is no generated first certificate chain corresponding to the first code hash, generating the first certificate chain for the first code hash. 5. The computer-implemented method of claim 1 , wherein the first public key certificate comprises a first public key generated for the first code hash and first signature information signed by the trusted certificate generator, the first public key and the first private key form a key pair, the first root certificate comprises a second public key generated for the first code hash and second signature information signed by the trusted certificate generator, and the second public key is used to verify the first signature information and the second signature information. 6. The computer-implemented method of claim 1 , wherein the first public key certificate comprises a first public key generated for the first code hash and first signature information signed by the trusted certificate generator, the first public key and the first private key form a key pair, the first root certificate comprises the first public key and second signature information signed by the trusted certificate generator, and the first public key is used to verify the first signature information and the second signature information. 7. The computer-implemented method of claim 1 , wherein before the receiving the first certificate request from the first computing unit running the first computing task, the method further comprises performing key negotiation with the first computing unit to establish a trusted channel, wherein the trusted channel is used to receive the first certificate request and send the first certificate report. 8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising: receiving, by a trusted certificate generator, a first certificate request from a first computing unit running a first computing task, wherein a plurality of copies of the first computing task are executed by a plurality of computing units, the first computing unit is one of the plurality of computing units, the first certificate request comprises first authentication information comprising a first code hash of the first computing task; performing authentication on the first computing unit based on the first authentication information; in response to authenticating the first computing unit based on the first authentication information, obtaining a first certificate chain and a first private key that are generated for the first code hash, wherein the first certificate chain comprises a first root certificate and a corresponding first public key certificate, and the first public key certificate matches the first private key to form a first certificate pair; and sending a first certificate report to the first computing unit, wherein the first certificate report comprises the first certificate pair, thereby enabling the first computing unit to use itself as a transport layer security (TLS) server and to use the first certificate pair as a certificate pair of the TLS server. 9. The non-transitory, computer-readable medium of claim 8 , wherein the first authentication information is an authentication result file authenticated by a third-party authentication institution, and the authentication result file comprises signature information of the third-party authentication institution; and performing authentication on the first computing unit based on the first authentication information comprises verifying the signature information, and in response to determining that the verification succeeds, determining that the authentication on the first computing unit succeeds. 10. The non-transitory, computer-readable medium of claim 8 , wherein the first authentication information is a unit report file generated by the first computing unit, and the unit report file comprises the first code hash and signature information of the first computing unit; and performing authentication on the first computing unit based on the first authentication information comprises: sending the unit report file to a third-party authentication institution to obtain an authentication result file, wherein the authentication result file comprises signature information of the third-party authentication institution; and verifying the signature information, and in response to determining that th
Assignees
Inventors
Classifications
- H04L9/321Primary
involving a third party or a trusted authority · CPC title
the source of the received data · CPC title
received data contents, e.g. message integrity · CPC title
above the transport layer · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10972272B2 cover?
- This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includ…
- Who is the assignee on this patent?
- Advanced New Technologies Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/321. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 06 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 11 related publications on this page (citations in our corpus or others sharing the same primary CPC).