Sealed distributed ledger system
Abstract
A system for ensuring privacy of transactions is provided. The system may be performed by a computing system during execution of trusted code within a secure enclave of the computing system. The system receives an indication of a transaction. The system validates the transaction. The system encrypts the validated transaction using an encryption key of the trusted code. The system requests untrusted code of the computing system to store the encrypted validated transaction in a portion of a data store. The untrusted code cannot decrypt the encrypted validated transaction that is stored in the data store. Rather, only the trusted code can decrypt the encrypted validated transaction.
Claims
exact text as granted — not AI-modified1 . A method performed by a computing system for obscuring a memory access pattern of target code of a secure enclave of the computing system, the method comprising:
executing the target code of the secure enclave that accesses data stored at locations in memory of the computing system, each memory access for data including a reference to the location at which the data is stored; and when an obscure criterion is satisfied, executing obscuring code of the secure enclave that:
rearranges data that is stored in memory so that the rearranged data is stored at new locations that are different from the locations before rearranging; and
adjusts references to the rearranged data to refer to the new locations so that the target code accesses the rearranged data based on the adjusted references.
2 . The method of claim 1 wherein the obscuring code executes during garbage collection of the data.
3 . The method of claim 1 wherein the obscuring code executes at randomized times.
4 . The method of claim 1 wherein the rearranging is based on a randomization.
5 . The method of claim 1 wherein a virtual machine of the secure enclave executes the target code.
6 . The method of claim 5 wherein the obscuring code is executed by a garbage collector of the virtual machine.
7 . The method of claim 5 wherein the virtual machine is a Java virtual machine.
8 . The method of claim 5 wherein the virtual machine maintains translation information to translate target references used by the target code and virtual machine references used by the virtual machine to access the locations in memory.
9 . The method of claim 8 wherein the virtual machine references are virtual addresses that are mapped to physical addresses when accessing data.
10 . The method of claim 8 wherein the adjusting adjusts the virtual machine references.
11 . A method performed by a computing system for obscuring message sizes of messages of target code of a secure enclave of the computing system, the method comprising:
executing the target code, wherein the target code requests to send messages having original message sizes; and when the target code requests to send a message, executing obscuring code of the secure enclave that:
adjusts the original message size of the message to an adjusted message size; and
sends the message as part of a message having the adjusted message size.
12 . The method of claim 11 wherein the adjusted message size is larger than the original message size.
13 . The method of claim 12 wherein the adjusted message size is larger by an amount that is based on a randomization.
14 . The method of claim 13 wherein the amount is based on a maximum message size.
15 . The method of claim 14 wherein the maximum message size is reduced based on the original message sizes of previously sent messages.
16 . The method of claim 14 wherein the amount is based on a maximum message size of messages previously sent.
17 . The method of claim 11 wherein the adjusting of the original message size splits the message into multiple messages with each of the multiple messages having a split message size and the sending sends the multiple messages.
18 . The method of claim 11 further comprising executing code that, when a message with an adjusted message size is received from a secure enclave of another computing system, sets a message size of the received message to an original message size.
19 . The method of claim 18 wherein the message includes the original message size.
20 . The method of claim 11 further comprising executing code that, when multiple split messages of a sent message are received from a secure enclave of another computing system, combines the split messages into the sent message having an original message size of the sent message.
21 . A computing system that obscures a memory access pattern of target code of a secure enclave of the computing system, the computing system comprising:
one or more computer-readable storage mediums for storing computer-executable instructions for controlling the computing system to:
access data stored in memory, each access for the data including a reference to a location in memory at which the data is stored; and
rearrange the data so that the rearranged data is stored at new locations; and
adjust references to the rearranged data to refer to the new locations so that the rearranged data is accessible based on the adjusted references; and
one or more processors for executing the computer-executable instructions stored in the one or more computer-readable storage mediums.
22 . The computing system of claim 21 wherein the instructions that rearrange and adjust are executed during garbage collection of the data.
23 . The computing system of claim 21 wherein the instructions that rearrange and adjust are executed at randomized times.
24 . The computing system of claim 21 wherein the rearranging is based on a randomization.
25 . The computing system of claim 21 wherein a virtual machine of the secure enclave executes the instructions to access the data.
26 . The computing system of claim 25 wherein the instructions that rearrange and adjust are executed by a garbage collector of the virtual machine.
27 . The computing system of claim 25 wherein the virtual machine is a Java virtual machine.
28 . The computing system of claim 25 wherein the virtual machine maintains translation information to translate target references used by the target code and virtual machine references used by the virtual machine to access the locations in memory.
29 . The computing system of claim 28 wherein the virtual machine references are virtual addresses that are mapped to physical addresses when accessing data.
30 . The computing system of claim 28 wherein the adjusting adjusts the virtual machine references.
31 . A computing system that obscures message sizes of messages of target code of a secure enclave of the computing system, the computing system comprising:
one or more computer-readable storage mediums for storing computer-executable instructions for controlling the computing system to:
receive a request to send a message having an original message size;
split the message into multiple messages each having a message size adjusted from the original message size of the message; and
send the multiple messages to code of a secure enclave of another computing system;
wherein when the multiple messages are received by the code of the secure enclave of the other computing system, the secure enclave of the other computing system combines the multiple messages into the message having the original message size; and
one or more processors for executing the computer-executable instructions stored in the one or more computer-readable storage mediums.
32 . The computing system of claim 31 wherein the adjusted message size is larger than the original message size.
33 . The computing system of claim 32 wherein the adjusted message size is larger by an amount that is based on a randomization.
34 . The computing system of claim 33 wherein the amount is based on a maximum message size.
35 . The computing system of claim 34 wherein the maximum message size is reduced based on the original message sizes of previously sent messages.
36 . The computing system of claim 34 wherein the amount is based on a maximum message size of messages previously sent.
37 . The computing system of claim 31 wherein the computer-executable instructions further include instructions to, when a message with an adjusted message size is received from code of secure enclave of another computing system, set a message size of the received message to an original message size of the received message.
38 . The computing system of claim 37 wherein the message includes the original message size.
39 . The computing system of claim 31 wherein the combined multiple messages into the sent message has the original message size of the sent message.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.