System and method for generating symmetric key to implement media access control security check
US-2020358764-A1 · Nov 12, 2020 · US
Method and apparatus for performing multi-party secure computing based-on issuing certificate
US11038699B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11038699-B2 |
| Application number | US-202016813524-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 9, 2020 |
| Priority date | Aug 29, 2019 |
| Publication date | Jun 15, 2021 |
| Grant date | Jun 15, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications. One of the methods includes: receiving, from a computing unit, a certificate request, wherein the computing unit comprises at least one processor and a memory communicably coupled to the at least one processor, wherein the memory stores programming instructions associated with a computing task executable by the at least one processor, and wherein the certificate request comprises a group of identifiers of a group of computing tasks and authentication information that comprises a hash value of the programming instructions; authenticating the computing unit based on the authentication information; in response to the computing unit is authenticated, determining, based on the hash value, that a computing task is included in the group of computing tasks; obtaining a certificate chain and a private key pre-generated for the group of identifiers; and sending a certificate report to the computing unit.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for authentication, comprising: receiving, from a first trusted computing unit included in a plurality of trusted computing units performing a distributed computing process, a certificate request, wherein the certificate request comprises a group identifier of a group of computing tasks to be performed by the plurality of trusted computing units during the distributed computing process, authentication information, and a hash value of programming instructions associated with a first computing task of the group of computing tasks; authenticating the first trusted computing unit based on the authentication information; in response to authenticating the first trusted computing unit determining, based on the hash value, that that the first computing task is included in the group of computing tasks; obtaining a certificate chain and a private key, wherein the private key is pre-generated for the group of computing tasks, wherein the certificate chain comprises a root certificate and a corresponding public key certificate, and wherein the corresponding public key certificate and the private key form a certificate pair, wherein the corresponding public key certificate comprises a first public key generated for the group of computing tasks and a first signature of a trusted certificate generator, and wherein the first public key and the private key form an asymmetric key pair; and sending a certificate report to the first trusted computing unit, wherein the certificate report comprises the root certificate and the certificate pair. 2. The computer-implemented method of claim 1 , wherein the certificate report enables the first trusted computing unit to: serve as a transport layer security (TLS) server for providing computing services to itself; serve as a TLS client for external computing tasks; set the certificate pair as a TLS server issued certificate pair; and set the root certificate as a TLS client trusted root certificate. 3. The computer-implemented method of claim 1 , wherein the authentication information comprises an authentication report signed by a third-party certification authority, and wherein authenticating the first trusted computing unit is performed by verifying a signature included in the authentication report. 4. The computer-implemented method of claim 1 , wherein the authentication information comprises a report generated by the first trusted computing unit, wherein the report comprises the hash value and a digital signature of the first trusted computing unit, and wherein authenticating the first trusted computing unit comprises: sending the report to a third-party certification authority; receiving an authentication report signed by the third-party certification authority; and determining that the first trusted computing unit is authenticated based on the authenticated report signed by the third-party certification authority. 5. The computer-implemented method of claim 1 , further comprising: before receiving the certificate request, receiving a generation command from a configuration management device, wherein the generation command comprises the group identifier and a plurality of hash values of programming instructions corresponding to respective computing tasks of the group of computing tasks; and generating the certificate chain and the private key. 6. The computer-implemented method of claim 1 , wherein determining that the first computing task is included in the group of computing tasks comprises: obtaining a plurality of hash values of programming instructions corresponding to respective computing tasks of the group of computing tasks; and determining that the hash value is included in the plurality of hash values. 7. The computer-implemented method of claim 1 , wherein the root certificate comprises a second public key generated for the group of computing tasks and a second signature of the trusted certificate generator, and wherein the second public key verifies the first signature and the second signature. 8. The computer-implemented method of claim 1 , wherein the root certificate comprises the first public key and a second signature of the trusted certificate generator, and wherein the first public key verifies the first signature and the second signature. 9. The computer-implemented method of claim 1 , further comprising: before receiving the certificate request, performing key negotiation with the first trusted computing unit to generate additional encryption keys for establishing a trusted communication channel. 10. A computer-implemented system for authentication, comprising one or more computers, and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, cause the one or more computers to perform one or more operations comprising: receiving, from a first trusted computing unit included in a plurality of trusted computing units performing a distributed computing process, a certificate request, wherein the certificate request comprises a group identifier of a group of computing tasks to be performed by the plurality of trusted computing units during the distributed computing process, authentication information, and a hash value of programming instructions associated with a first computing task of the group of computing tasks; authenticating the first trusted computing unit based on the authentication information; in response to authenticating the first trusted computing unit determining, based on the hash value, that that the first computing task is included in the group of computing tasks; obtaining a certificate chain and a private key, wherein the private key is pre-generated for the group of computing tasks, wherein the certificate chain comprises a root certificate and a corresponding public key certificate, and wherein the corresponding public key certificate and the private key form a certificate pair, wherein the corresponding public key certificate comprises a first public key generated for the group of computing tasks and a first signature of a trusted certificate generator, and wherein the first public key and the private key form an asymmetric key pair; and sending a certificate report to the first trusted computing unit, wherein the certificate report comprises the root certificate and the certificate pair. 11. The computer-implemented system of claim 10 , wherein the certificate report enables the first trusted computing unit to: serve as a transport layer security (TLS) server for providing computing services to itself; serve as a TLS client for external computing tasks; set the certificate pair as a TLS server issued certificate pair; and set the root certificate as a TLS client trusted root certificate. 12. The computer-implemented system of claim 10 , wherein the authentication information comprises an authentication report signed by a third-party certification authority, and wherein authenticating the first trusted computing unit is performed by verifying a signature included in the authentication report. 13. The computer-implemented system of claim 10 , wherein the authentication information comprises a report generated by the first trusted computing unit, wherein the report comprises the hash value and a digital signature of the first trusted computing unit, and wherein authenticating the first trusted computing unit comprises: sending the report to a third-party certification authority; receiving an authentication report signed by the thir
Assignees
Inventors
Classifications
the source of the received data · CPC title
involving digital signatures · CPC title
using cryptographic hash functions · CPC title
with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys · CPC title
- H04L9/3265Primary
using certificate chains, trees or paths; Hierarchical trust model · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11038699B2 cover?
- Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications. One of the methods includes: receiving, from a computing unit, a certificate request, wherein the computing unit comprises at least one processor and a memory communicably coupled to the at least one processor, wherein the memory stores programming i…
- Who is the assignee on this patent?
- Advanced New Technologies Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3265. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 15 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).