Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Some embodiments of the present specification provide a method and an apparatus for establishing a trusted channel between a user and a trusted computing cluster. According to the method, when a user wants to establish a trusted channel with a trusted computing cluster, the user only negotiates a session key with any first trusted computing unit in the cluster to establish the trusted channel. Then, the first trusted computing unit encrypts the session key using a cluster key common to the trusted computing cluster to which the first trusted computing unit belongs, and sends the encrypted session key to a cluster manager. The cluster manager transmits the encrypted session key in the trusted computing cluster, so that other trusted computing units in the cluster obtain the session key and join the trusted channel. Thus, the user establishes a trusted channel with the entire trusted computing cluster.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing certifications.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.

Abstract: This disclosure relates to providing a high availability computing service in a distributed system. In one aspect, a method includes sending, by a computing unit of multiple computing units that are each executing a respective copy of a computing task, a certificate request to a trusted certificate generator. The request includes authentication information. The authentication information includes a code hash of the computing task. The computing unit receives a certificate report including a public key certificate in a certificate chain generated for the code hash and a private key corresponding to the public key certificate. The public key certificate and the private key form a certificate pair. The certificate chain includes multiple certificates including the public key certificate and a root certificate corresponding to the public key certificate. The computing unit is used as a TLS server. The certificate pair is set as a certificate pair of the TLS server.