SECURE ENVIRONMENT FOR OPERATIONS ON PRIVATE DATA

Organization Name

google llc

Inventor(s)

Carlos Cela of Mountain View CA (US)

John Tobler of Mountain View CA (US)

Brian Burdick of Mountain View CA (US)

Branton Horsley of Mountain View CA (US)

Mayank Patel of Mountain View CA (US)

Chanda Patel of Mountain View CA (US)

Asela Gunawardana of Mountain View CA (US)

SECURE ENVIRONMENT FOR OPERATIONS ON PRIVATE DATA - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240291650 titled 'SECURE ENVIRONMENT FOR OPERATIONS ON PRIVATE DATA

The techniques disclosed in this patent application introduce a Secure Control Plane (SCP) that creates an isolated secure execution environment for a Data Plane (DP). This allows any arbitrary business logic to run within the DP, with all sensitive data encrypted as it moves through the SCP into the DP. Split keys generated externally are combined within the DP to decrypt sensitive data, enabling computations using this data within a secure environment. The DP also offers attestation for the business logic running inside, allowing external parties to verify the deployed logic matches the published version. Additionally, methods are provided to verify proprietary business logic on the DP adheres to security policies.

• Secure Control Plane (SCP) for isolated secure execution environment
• Data Plane (DP) allows arbitrary business logic execution with encrypted sensitive data
• Split keys generated externally combined within DP for decryption
• Attestation within DP verifies deployed business logic matches published version
• Techniques to verify proprietary business logic adherence to security policies

Potential Applications: - Secure data processing environments - Secure computation for sensitive data - Verification of deployed business logic - Compliance with security policies

Problems Solved: - Ensuring secure execution environment for sensitive data - Verification of deployed business logic - Compliance with security policies

Benefits: - Enhanced data security - Secure execution environment for business logic - Verification of deployed logic - Compliance with security policies

Commercial Applications: Secure Data Processing Solutions: Enhancing data security and compliance in industries handling sensitive information.

Questions about Secure Control Plane (SCP): 1. How does the SCP ensure the security of sensitive data within the Data Plane? 2. What are the key benefits of using split keys for decryption within the DP?

Original Abstract Submitted

the techniques disclosed herein provide a secure control plane (scp), which in turn provides an isolated secure execution environment for a data plane (dp). any arbitrary business logic can execute within the dp, and all sensitive data traversing the scp and entering the dp is encrypted. split keys generated outside the dp are assembled within, and only within, the dp, where they are used to decrypt sensitive data, enabling the business logic to perform computations using the sensitive data within the secure execution environment. the dp also provides attestation for the business logic executing within the dp, enabling outside parties to verify that the deployed business logic matches published logic. in the event of proprietary logic that is not published, techniques are also disclosed herein that enable verification that proprietary business logic deployed on the dp adheres to security policies.