Search

US-12625977-B2 - Systems and methods of performing machine learning operations using secure enclaves

US12625977B2US 12625977 B2US12625977 B2US 12625977B2US-12625977-B2

Abstract

Methods and systems for performing a machine learning operation on a server host using a secure enclave are provided. Exemplary methods include: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the machine learning operation; decrypting, in a secure enclave that is established by a secure environment, the encrypted service request using the shared secret to produce a decrypted service request; performing the machine learning operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result using the shared secret.

Inventors

  • Ellison Anne Williams
  • Ryan Carr

Assignees

  • Enveil, Inc.

Dates

Publication Date
20260512
Application Date
20240531

Claims (20)

  1. 1 . A method for performing a machine learning operation on a server host, the method comprising: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request comprising a machine learning operation; decrypting, in a secure enclave that is established by a secure environment, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in the secure enclave, the secure enclave being protected from processes running at higher privilege levels; performing the machine learning operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result using the shared secret.
  2. 2 . The method of claim 1 , wherein the machine learning operation comprises a machine learning training process of a machine learning model.
  3. 3 . The method of claim 1 , wherein the machine learning training operation comprises training a machine learning model using one or more data sets, the one or more data sets residing on the server host, the client host, or a combination of the server host and the client host.
  4. 4 . The method of claim 1 , wherein the machine learning operation comprises a machine learning model evaluation of a trained machine learning model against a data set, the data set residing on the server host, the client host, or a combination of the server host and the client host.
  5. 5 . The method of claim 1 , wherein the secure enclave encrypts data written to a mass storage device by the performing the machine learning operation.
  6. 6 . The method of claim 1 , wherein a memory space is established using special-purpose instructions of a processor of the server host.
  7. 7 . The method of claim 1 , further comprising providing examples to train or update a database in the secure enclave.
  8. 8 . The method of claim 1 , further comprising providing examples to train or update a machine learning model in the secure enclave, thereby producing a trained machine learning model.
  9. 9 . The method of claim 8 , further comprising evaluating the trained machine learning model against a data set.
  10. 10 . The method of claim 1 , further comprising disambiguating the decrypted service request utilizing machine learning.
  11. 11 . The method of claim 1 , wherein the secure environment establishes the secure enclave using special-purpose instructions.
  12. 12 . The method of claim 1 , wherein data over which the service request is processed is one of encrypted data, unencrypted data, and a combination of encrypted and unencrypted data.
  13. 13 . A system for performing a machine learning operation on a server host, the system comprising: a processor; and a memory coupled to the processor and storing a program executable by the processor to perform a method comprising: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request comprising the machine learning operation; decrypting, in a secure enclave that is established by a secure environment, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in the secure enclave, the secure enclave being protected from processes running at higher privilege levels; performing the machine learning operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result using the shared secret.
  14. 14 . The system of claim 13 , wherein the machine learning operation comprises a machine learning training process of a machine learning model.
  15. 15 . The system of claim 13 , wherein the machine learning training operation comprises training a machine learning model using one or more data sets, the one or more data sets residing on the server host, the client host, or a combination of the server host and the client host.
  16. 16 . The system of claim 13 , wherein the machine learning operation comprises a machine learning model evaluation of a trained machine learning model against a data set, the data set residing on the server host, the client host, or a combination of the server host and the client host.
  17. 17 . The system of claim 13 , wherein the secure enclave encrypts data written to a mass storage device by the performing the machine learning operation.
  18. 18 . The system of claim 13 , wherein a memory space is established using special-purpose instructions of a processor of the server host.
  19. 19 . The system of claim 13 , wherein the method further comprises providing examples to train or update a database in the secure enclave.
  20. 20 . The system of claim 13 , wherein the method further comprises providing examples to train or update a machine learning model in the secure enclave, thereby producing a trained machine learning model.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS The present application is a continuation-in-part application of U.S. patent application Ser. No. 18/133,452, filed on Apr. 11, 2023,now U.S. Pat. No. 12,039,058 issued on Jul. 16, 2024, and titled “Systems and Methods of Performing Computation Operations Using Secure Enclaves,” which is a continuation of U.S. patent application Ser. No. 17/074,217, filed on Oct. 19, 2020, now U.S. Pat. No. 11,704,416 issued on Jul. 18, 2023, and titled “Computational Operations in Enclave Computing Environments,” which is a continuation of U.S. patent application Ser. No. 16/170,032, filed on Oct. 25, 2018, now U.S. Pat. No. 10,902,133 issued on Jan. 26, 2021, and titled “Computational Operations in Enclave Computing Environments,” all of which are incorporated by reference herein in their entireties. FIELD OF THE INVENTION The present technology pertains to distributed computing systems and more specifically to security in distributed computing systems. BACKGROUND ART The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section. Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not by itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm, referred to as a cipher, generating ciphertext that can only be read if decrypted. A cryptosystem is a pair (encryption and decryption) of algorithms that take a key and convert plaintext to ciphertext and back. Encryption is used by militaries and governments to facilitate secret communication. It is also used to protect information within civilian systems. Encryption can be used to protect data “at rest,” such as information stored on computers and storage devices. Encryption is also used to protect data in transit, for example, data being transferred via networks (e.g., the Internet, e-commerce), mobile telephones, Bluetooth devices and bank automatic teller machines (ATMs). SUMMARY OF THE INVENTION This summary is provided to introduce a selection of concepts in a simplified form that are further described in the Detailed Description below. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. The present disclosure is related to various systems and methods using enclave computing environments. Specifically, a method for performing computational operations on a server host may comprise: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request specifying the computational operation; decrypting, in a secure enclave that is established by a secure environment, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in the secure enclave; performing the computational operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service result to the client host, the client host decrypting the encrypted service result using the shared secret. In some embodiments, systems and methods of performing machine learning operations using secure enclaves are provided. Specifically, a method for performing machine learning operations on a server host may comprise: receiving an encrypted service request from a client host, the client host encrypting a service request to produce the encrypted service request using a shared secret, the service request comprising the machine learning operation; decrypting, in a secure enclave that is established by a secure environment, the encrypted service request using the shared secret to produce a decrypted service request, the secure enclave preventing other software running on the server host from accessing the shared secret and other data stored in the secure enclave; performing the machine learning operation, in the secure enclave, using the decrypted service request to generate a service result; encrypting, in the secure enclave, the service result using the shared secret to create an encrypted service result; and providing the encrypted service res