公开(公告)号：US11627116B2

公开(公告)日：2023-04-11

申请号：US16806685

申请日：2020-03-02

Applicant: Fortanix, Inc.

Inventor： Ambuj Kumar ,  Anand Kashyap ,  Nehal Bandi

IPC: H04L9/40 ,  G06F21/53 ,  G06F21/57 ,  H04L9/32 ,  G06F21/60 ,  G06F21/10

Abstract: Encrypted first data and encrypted second data may be received, where each data is from different client servers. A request to perform an operation with the first data and the second data may be received. Whether the operation is authorized to be performed with the first data and the second data at an enclave may be verified. In response to verifying that the operation is authorized to be performed with the first data and the second data at the enclave, the encrypted first data and the encrypted second data may be decrypted to the first data and the second data, respectively. Furthermore, the operation may be performed with the first data and the second data at the enclave.

公开(公告)号：US11627117B2

公开(公告)日：2023-04-11

申请号：US16996691

申请日：2020-08-18

Applicant: Fortanix, Inc.

Inventor： Anand Kashyap ,  Ambuj Kumar ,  Nehal Bandi

IPC: H04L9/40 ,  G06F16/245 ,  G06F21/60 ,  G06F16/953 ,  H04L9/08 ,  G06F16/22

Abstract: An encrypted search query may be received from a requesting client system at a secure enclave of a processing device. The encrypted search query may be decrypted to form a decrypted search query. One or more index entries of a metadata index that correspond to the decrypted search query may be identified, such that each identified index entry is associated with a content reference that identifies a content item located outside the secure enclave. The index entries that correspond to the decrypted search query may include one or more index entries having one or more associated index metadata items that correspond to the decrypted search query. One or more secure search results may be generated, such that each secure search result corresponds to one of the index entries and comprises the content reference associated with the corresponding index entry. The secure search results may be sent to the requesting client system.

公开(公告)号：US11244077B2

公开(公告)日：2022-02-08

申请号：US16779331

申请日：2020-01-31

Applicant: Fortanix, Inc.

Inventor： Nehal Bandi ,  Andrew Leiserson

IPC: G06F21/64 ,  H04L9/32 ,  H04L9/06

Abstract: A request to provide an application at a secure enclave of a server may be received. A hash value of the application may be generated. Application data that is to be used with the application at the secure enclave of the server may be identified. Another hash value of the application data that is to be used with the application at the secure enclave of the server may be generated. The hash value of the application and the other hash value of the application data may be signed where the signed hash value and other hash are being used to execute the application with the application data at the secure enclave of the server.

公开(公告)号：US20220014456A1

公开(公告)日：2022-01-13

申请号：US16925979

申请日：2020-07-10

Applicant: Fortanix, Inc.

Inventor： Nehal Bandi ,  Andrew Leiserson

IPC: H04L12/26 ,  H04L9/32 ,  H04L9/08

Abstract: An application may perform operations within a first secure enclave of a processing device. The application may provide secure monitoring data, such as secure heartbeat information. The monitoring data and an application identity may be verified at a second secure enclave of the processing device using local attestation operations. A remote attestation signature may be generated at the second secure enclave based on the monitoring data, the application identity, and a node private key. A monitoring message signature may be generated at the first secure enclave based on an application private key and a message payload that includes the monitoring data, the application identity, and the remote attestation signature. A monitoring message that includes the payload and monitoring message signature may be sent from the first secure enclave to a monitoring system, which may verify the message to detect unauthorized changes to the monitoring data or the application identity.

公开(公告)号：US20210328971A1

公开(公告)日：2021-10-21

申请号：US16853590

申请日：2020-04-20

Applicant: Fortanix, Inc.

Inventor： Nehal Bandi ,  Anand Kashyap

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/57 ,  H04L29/12

Abstract: A request to perform an operation associated with a service instance may be received by a processing device. The service instance may have an associated service instance identifier. A proxy instance associated with the service instance may be identified. The proxy instance may perform operations within a secure enclave associated with the processing device. The proxy instance within the secure enclave associated with the processing device may be used to verify that the secure enclave associated with the processing device contains the service instance associated with the service instance identifier. When the verification is successful, the proxy instance within the secure enclave associated with the processing device may be used to send a request to the service instance to perform the operation.

公开(公告)号：US11606279B2

公开(公告)日：2023-03-14

申请号：US16925979

申请日：2020-07-10

Applicant: Fortanix, Inc.

Inventor： Nehal Bandi ,  Andrew Leiserson

IPC: H04L43/10 ,  H04L9/08 ,  H04L9/32

Abstract: An application may perform operations within a first secure enclave of a processing device. The application may provide secure monitoring data, such as secure heartbeat information. The monitoring data and an application identity may be verified at a second secure enclave of the processing device using local attestation operations. A remote attestation signature may be generated at the second secure enclave based on the monitoring data, the application identity, and a node private key. A monitoring message signature may be generated at the first secure enclave based on an application private key and a message payload that includes the monitoring data, the application identity, and the remote attestation signature. A monitoring message that includes the payload and monitoring message signature may be sent from the first secure enclave to a monitoring system, which may verify the message to detect unauthorized changes to the monitoring data or the application identity.

公开(公告)号：US20220060451A1

公开(公告)日：2022-02-24

申请号：US16996691

申请日：2020-08-18

Applicant: Fortanix, Inc.

Inventor： Anand Kashyap ,  Ambuj Kumar ,  Nehal Bandi

IPC: H04L29/06 ,  G06F16/245 ,  G06F21/60 ,  G06F16/22 ,  H04L9/08 ,  G06F16/953

Abstract: An encrypted search query may be received from a requesting client system at a secure enclave of a processing device. The encrypted search query may be decrypted to form a decrypted search query. One or more index entries of a metadata index that correspond to the decrypted search query may be identified, such that each identified index entry is associated with a content reference that identifies a content item located outside the secure enclave. The index entries that correspond to the decrypted search query may include one or more index entries having one or more associated index metadata items that correspond to the decrypted search query. One or more secure search results may be generated, such that each secure search result corresponds to one of the index entries and comprises the content reference associated with the corresponding index entry. The secure search results may be sent to the requesting client system.

公开(公告)号：US20210273921A1

公开(公告)日：2021-09-02

申请号：US16806685

申请日：2020-03-02

Applicant: Fortanix, Inc.

Inventor： Ambuj Kumar ,  Anand Kashyap ,  Nehal Bandi

IPC: H04L29/06 ,  G06F21/53 ,  G06F21/57 ,  H04L9/32 ,  G06F21/60 ,  G06F21/10

Abstract: Encrypted first data and encrypted second data may be received, where each data is from different client servers. A request to perform an operation with the first data and the second data may be received. Whether the operation is authorized to be performed with the first data and the second data at an enclave may be verified. In response to verifying that the operation is authorized to be performed with the first data and the second data at the enclave, the encrypted first data and the encrypted second data may be decrypted to the first data and the second data, respectively. Furthermore, the operation may be performed with the first data and the second data at the enclave.

公开(公告)号：US20210240857A1

公开(公告)日：2021-08-05

申请号：US16779331

申请日：2020-01-31

Applicant: Fortanix, Inc.

Inventor： Nehal Bandi ,  Andrew Leiserson

IPC: G06F21/64 ,  H04L9/32

Abstract: A request to provide an application at a secure enclave of a server may be received. A hash value of the application may be generated. Application data that is to be used with the application at the secure enclave of the server may be identified. Another hash value of the application data that is to be used with the application at the secure enclave of the server may be generated. The hash value of the application and the other hash value of the application data may be signed where the signed hash value and other hash are being used to execute the application with the application data at the secure enclave of the server.