Reconfigurable device bitstream key authentication
US-2021012035-A1 · Jan 14, 2021 · US
Technologies for accelerated hierarchical key caching in edge systems
US11212085B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11212085-B2 |
| Application number | US-201916368982-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 29, 2019 |
| Priority date | Mar 29, 2019 |
| Publication date | Dec 28, 2021 |
| Grant date | Dec 28, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Technologies for accelerated key caching in an edge hierarchy include multiple edge appliance devices organized in tiers. An edge appliance device receives a request for a key, such as a private key. The edge appliance device determines whether the key is included in a local key cache and, if not, requests the key from an edge appliance device included in an inner tier of the edge hierarchy. The edge appliance device may request the key from an edge appliance device included in a peer tier of the edge hierarchy. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys in the key cache for eviction. The edge appliance device may activate per-tenant accelerated logic to identify one or more keys for pre-fetching. Those functions of the edge appliance device may be performed by an accelerator such as an FPGA. Other embodiments are described and claimed.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computing device for key management, the computing device comprising: a key cache, wherein the key cache is included in secure storage of the computing device; and an edge hierarchical key manager to: receive a first request for a first key, wherein the first request is associated with a tenant of the computing device, wherein the first request is indicative of a key identifier provided by a function-as-a-service (FaaS) instance associated with an edge device; determine whether the first key is stored in the key cache in response to receipt of the first request; provide a second request to obtain the first key from a remote computing device in response to a determination that the first key is not stored in the key cache, wherein the computing device and the remote computing device are included in an edge hierarchy, wherein the computing device is included in a first tier of the edge hierarchy, and wherein the remote computing device is included in a next tier of the edge hierarchy that is logically more remote from the edge device in relation to the first tier; and provide the first key as a response to the first request, the response based on (a) a determination that the first key is stored in the key cache or (b) the second request to obtain the first key from the remote computing device. 2. The computing device of claim 1 , further including an accelerator, the accelerator including the edge hierarchical key manager. 3. The computing device of claim 1 , wherein the edge hierarchical key manager is further to: receive a priority level associated with the tenant via a management interface of the computing device; and configure the key cache based on the priority level associated with the tenant. 4. The computing device of claim 1 , wherein the edge hierarchical key manager is further to provide a third request to obtain the first key from a second remote computing device in response to the determination that the first key is not stored in the key cache, wherein the second remote computing device is included in the first tier of the edge hierarchy. 5. The computing device of claim 1 , wherein: to receive the first request for the first key includes to receive the first request from the FaaS instance, wherein the FaaS instance is instantiated by the computing device; and to provide the first key as the response includes to provide the first key to the FaaS instance associated with the tenant. 6. The computing device of claim 5 , wherein to provide the first key to the FaaS instance includes to provide the first key to a memory controller or a compute element of the computing device. 7. The computing device of claim 1 , wherein: to receive the first request for the first key includes to receive the first request from a second remote computing device in the edge hierarchy; and to provide the first key includes to provide the first key to the second remote computing device. 8. The computing device of claim 7 , wherein the second remote computing device is included in a previous tier of the edge hierarchy, wherein the previous tier is logically less remote from the edge device in relation to the first tier. 9. The computing device of claim 1 , wherein: the edge hierarchical key manager is further to: determine whether the key cache is full in response to the determination that the first key is not stored in the key cache; activate a cache management policy accelerated logic of the computing device in response to a determination that the key cache is full, wherein the cache management policy accelerated logic is associated with the tenant; and evict the first key from the key cache in response to identification of the first key; and the cache management policy accelerated logic is to identify the first key in the key cache for eviction in response to activation of the cache management policy accelerated logic. 10. The computing device of claim 9 , wherein the edge hierarchical key manager is further to: receive the cache management policy accelerated logic via a management interface of the computing device; and program an accelerator with the cache management policy accelerated logic in response to receipt of the cache management policy accelerated logic. 11. The computing device of claim 1 , wherein: the edge hierarchical key manager is further to activate a key prefetch accelerated logic of the computing device, wherein the key prefetch accelerated logic is associated with the tenant; the key prefetch accelerated logic is to identify the first key for pre-fetching in response to activation of the key prefetch accelerated logic; and to provide the second request to obtain the first key from the remote computing device further includes to provide the second request to obtain the first key from the remote computing device in response to identification of the first key for prefetching. 12. The computing device of claim 11 , wherein the edge hierarchical key manager is further to: receive the key prefetch accelerated logic via a management interface of the computing device; and program an accelerator with the key prefetch accelerated logic in response to receipt of the key prefetch accelerated logic. 13. The computing device of claim 11 , wherein to identify the first key includes to identify the first key based on telemetry information associated with the computing device. 14. A method for key management, the method comprising: receiving, by a computing device, a first request for a first key, wherein the first request is associated with a tenant of the computing device, wherein the first request is indicative of a key identifier provided by a function-as-a-service (FaaS) instance associated with an edge device; determining, by the computing device, whether the first key is stored in a key cache of the computing device, wherein the key cache is included in secure storage of the computing device; providing, by the computing device, a second request to obtain the first key from a remote computing device in response to determining that the first key is not stored in the key cache, wherein the computing device and the remote computing device are included in an edge hierarchy, wherein the computing device is included in a first tier of the edge hierarchy, and wherein the remote computing device is included in a next tier of the edge hierarchy that is logically more remote from the edge device in relation to the first tier; and providing, by the computing device, the first key as a response to the first request, the response based on (a) determining that the first key is stored in the key cache or (b) providing the second request to obtain the first key from the remote computing device. 15. The method of claim 14 , further including providing, by the computing device, a third request to obtain the first key from a second remote computing device in response to determining that the first key is not stored in the key cache, wherein the second remote computing device is included in the first tier of the edge hierarchy. 16. The method of claim 14 , wherein: receiving the first request for the first key includes receiving the first request from the FaaS instance, wherein the FaaS instance is instantiated by the computing device; and providing the first key as the response includes providing the first key to the FaaS instance associated with the tenant. 17. The method of claim 14 , wherein: receiving the first request for the first key includes receiving the first request from a second remote computing device in the edge hie
Assignees
Inventors
Classifications
involving additional devices, e.g. trusted platform module [TPM], smartcard or USB · CPC title
- H04L9/0836Primary
using tree structure or hierarchical structure · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
- H04L9/083Primary
involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11212085B2 cover?
- Technologies for accelerated key caching in an edge hierarchy include multiple edge appliance devices organized in tiers. An edge appliance device receives a request for a key, such as a private key. The edge appliance device determines whether the key is included in a local key cache and, if not, requests the key from an edge appliance device included in an inner tier of the edge hierarchy. Th…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0836. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).