Untrusted multi-party compute system

Assignee

• Google LLC · US

Inventors

• Keith Moyer · Kirkland, US
• Alex Wu · Fremont, US
• Jiankun Lu · Mountain View, US
• Joseph B. Richey, II · Shaker Heights, US
• Catalin D. Sandu · Kirkland, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/46
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method includes obtaining a container associated with a first entity, the container executing a workload, the workload requiring access to private resources associated with a second entity. The method also includes obtaining encrypted resources including the private resources associated with the second entity. The method further includes generating a verifiable attestation. The method includes transmitting the verifiable attestation to an attestation service and, after transmitting the verifiable attestation, receiving, from an access policy verifier, a federated identity token. The method further includes generating a decrypt request including the federated identity token. The method includes transmitting, to a key management service, the decrypt request, and, after transmitting the decrypt request, receiving, from the key management service, a data encryption key. The method includes decrypting, using the data encryption key, the encrypted resources to access the private resources and providing the workload access to the private resources.