Patents by Inventor Anna Sapek
Anna Sapek has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11962576Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: GrantFiled: October 26, 2022Date of Patent: April 16, 2024Assignee: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Publication number: 20230297697Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: ApplicationFiled: May 23, 2023Publication date: September 21, 2023Inventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Patent number: 11714912Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: GrantFiled: March 15, 2021Date of Patent: August 1, 2023Assignee: Google LLCInventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Publication number: 20230039096Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: ApplicationFiled: October 26, 2022Publication date: February 9, 2023Inventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Patent number: 11509643Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: GrantFiled: July 18, 2018Date of Patent: November 22, 2022Assignee: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Publication number: 20210200883Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: ApplicationFiled: March 15, 2021Publication date: July 1, 2021Inventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Patent number: 10949547Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: GrantFiled: October 5, 2018Date of Patent: March 16, 2021Assignee: Google LLCInventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek
-
Publication number: 20210037001Abstract: Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request.Type: ApplicationFiled: July 18, 2018Publication date: February 4, 2021Applicant: Google LLCInventors: Anna Sapek, Uday Savagaonkar, Jeffrey Thomas Andersen, Thomas Michael Roeder
-
Publication number: 20200110886Abstract: A fork support is provided for duplicating an application running inside an enclave entity. In this regard, a request to duplicate an application running inside a first enclave may be received by one or more processors of a host computing device of the first enclave. A snapshot of the first enclave including the application may be generated. The snapshot may be encrypted with a snapshot key and copied to untrusted memory of the host. A second enclave may be generated. The snapshot key may be sent from the first enclave to the second enclave through a secure communication channel. The encrypted snapshot may be copied from the untrusted memory of the host into the second enclave. The encrypted snapshot may be decrypted inside the second enclave with the snapshot key.Type: ApplicationFiled: October 5, 2018Publication date: April 9, 2020Inventors: Keith Moyer, Uday Savagaonkar, Chong Cai, Matthew Gingell, Anna Sapek