公开(公告)号：US20240291650A1

公开(公告)日：2024-08-29

申请号：US18573384

申请日：2023-02-15

Applicant: GOOGLE LLC

Inventor： Carlos Cela ,  John Tobler ,  Brian Burdick ,  Branton Horsley ,  Mayank Patel ,  Chanda Patel ,  Asela Gunawardana

IPC: H04L9/08 ,  G06F21/53 ,  H04L9/30 ,  H04L9/32

CPC classification number: H04L9/088 ,  G06F21/53 ,  H04L9/30 ,  H04L9/3236 ,  G06F2221/034

Abstract: The techniques disclosed herein provide a secure control plane (SCP), which in turn provides an isolated secure execution environment for a data plane (DP). Any arbitrary business logic can execute within the DP, and all sensitive data traversing the SCP and entering the DP is encrypted. Split keys generated outside the DP are assembled within, and only within, the DP, where they are used to decrypt sensitive data, enabling the business logic to perform computations using the sensitive data within the secure execution environment. The DP also provides attestation for the business logic executing within the DP, enabling outside parties to verify that the deployed business logic matches published logic. In the event of proprietary logic that is not published, techniques are also disclosed herein that enable verification that proprietary business logic deployed on the DP adheres to security policies.