Accessing protected data by a high-performance computing cluster

Barnes, Peter; Fedor-Thurman, Daniel; Halliday, Kyle D.

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Accessing protected data by a high-performance computing cluster

Abstract

A data protection system is provided that allows applications to access protected data in a way that restricts applications from outputting to unauthorized targets any unprotected data derived from the protected data and that ensures that the applications do not have access to a key that allows access to the unprotected data. The data protection system provides a policy server that may execute on a service node of a high performance computing system and a data encryption process that may execute on each compute node that is allocated to an application or batch job. The policy server maintains policies of entities specifying access control for protected data. The data encryption process generates a secure execution environment for an application process and interfaces with the policy server to retrieve keys for decrypting protected data in accordance with a policy, and it decrypts and provides the decrypted data to the application process.

Inventors:: Barnes, Peter; Fedor-Thurman, Daniel; Halliday, Kyle D.

Issue Date:: Tue Apr 06 00:00:00 EDT 2021

Research Org.:: Lawrence Livermore National Laboratory (LLNL), Livermore, CA (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1823817

Patent Number(s):: 10970410

Application Number:: 15/795,040

Assignee:: Lawrence Livermore National Security, LLC (Livermore, CA)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F12/1408 - {by using cryptography
G06F21/53 - by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F21/602 - {Providing cryptographic facilities or services}
G06F21/6218 - {to a system of files or objects, e.g. local or distributed file system or database}

Show less

DOE Contract Number:: AC52-07NA27344

Resource Type:: Patent

Resource Relation:: Patent File Date: 10/26/2017

Country of Publication:: United States

Language:: English

Citation Formats


                    Barnes, Peter, Fedor-Thurman, Daniel, and Halliday, Kyle D. Accessing protected data by a high-performance computing cluster.  United States: N. p., 2021. 
        Web.

Copy to clipboard


                    Barnes, Peter, Fedor-Thurman, Daniel, & Halliday, Kyle D. Accessing protected data by a high-performance computing cluster.  United States.

Copy to clipboard


                    Barnes, Peter, Fedor-Thurman, Daniel, and Halliday, Kyle D. Tue .  
        "Accessing protected data by a high-performance computing cluster".  United States.  https://www.osti.gov/servlets/purl/1823817.

Copy to clipboard


                    
@article{osti_1823817,

  title        = {Accessing protected data by a high-performance computing cluster},

  author       = {Barnes, Peter and Fedor-Thurman, Daniel and Halliday, Kyle D.},

  abstractNote = {A data protection system is provided that allows applications to access protected data in a way that restricts applications from outputting to unauthorized targets any unprotected data derived from the protected data and that ensures that the applications do not have access to a key that allows access to the unprotected data. The data protection system provides a policy server that may execute on a service node of a high performance computing system and a data encryption process that may execute on each compute node that is allocated to an application or batch job. The policy server maintains policies of entities specifying access control for protected data. The data encryption process generates a secure execution environment for an application process and interfaces with the policy server to retrieve keys for decrypting protected data in accordance with a policy, and it decrypts and provides the decrypted data to the application process.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue Apr 06 00:00:00 EDT 2021},

  month        = {Tue Apr 06 00:00:00 EDT 2021}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Format-preserving cryptographic systems
patent-application, July 2008

Spies, Terence; Pauker, Matthew J.
US Patent Application 11/654054; 20080170693
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20080170693

Policy enforcement for compute nodes
patent-application, June 2017

Arumugam, Dilli Dorai Minnal; Mujumdar, Prasad
US Patent Application 14/965055; 20170171246
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170171246

Method of forming virtual computer cluster within shared computing environment
patent-application, April 2006

Kallahalla, Mahesh; Uysal, Mustafa; Swaminathan, Ram
US Patent Application 10/959536; 20060075278
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20060075278

Encryption load balancing and distributed policy enforcement
patent-application, January 2008

Mattsson, Ulf; Rozenberg, Yigal
US Patent Application 11/644106; 20080022136
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20080022136

Graphics processing unit resource sharing
patent-application, September 2017

Gandhi, Anshul; Lei, Hui; Radhakrishnan, Jayaram Kallapalayam
US Patent Application 15/059822; 20170256018
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170256018

Method and system for facilitating isolated workspace for applications
patent-application, February 2014

Deasy, Stephen; Newell, Craig
US Patent Application 13/595881; 20140059642
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20140059642

System and method for cluster management based on HPC architecture
patent-application, November 2005

Ballew, James D.; Early, Gary R.; Davidson, Shannon V.
US Patent Application 10/825539; 20050251567
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20050251567

Executable identity based file access
patent-application, December 2012

Mittal, Hemant; Raman, Shankar
US Patent Application 13/577174; 20120310983
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20120310983

Secure Virtual File Management System
patent-application, August 2013

Akella, Venkata Sastry; Sharma, Rahul; Krishnan, Sanjeev
US Patent Application 13/734545; 20130219176
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20130219176

Non-invasive whitelisting
patent-application, March 2016

Johri, Amritanshu; Singh, Balbir; Khurana, Jaskaran
US Patent Application 14/495692; 20160088011
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160088011

Memory system with versatile content control
patent-application, July 2007

Jogand-Coulomb, Fabrice; Holtzman, Michael; Qawami, Bahman
US Patent Application 11/314410; 20070168292
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20070168292

Job assigning device, job assigning method, and computer product
patent-application, October 2007

Imai, Yuji
US Patent Application 11/480444; 20070233837
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20070233837

Similar Records in DOE Patents and OSTI.GOV collections:

Failure detection in high-performance clusters and computers using chaotic map computations

Patent Rao, Nageswara S.

A programmable media includes a processing unit capable of independent operation in a machine that is capable of executing 10.sup.18 floating point operations per second. The processing unit is in communication with a memory element and an interconnect that couples computing nodes. The programmable media includes a logical unit configured to execute arithmetic functions, comparative functions, and/or logical functions. The processing unit is configured to detect computing component failures, memory element failures and/or interconnect failures by executing programming threads that generate one or more chaotic map trajectories. The central processing unit or graphical processing unit is configured to detect amore » « less
Full Text Available
Chaining direct memory access data transfer operations for compute nodes in a parallel computer

Patent Archer, Charles J [Rochester, MN]; Blocksome, Michael A [Rochester, MN]

Methods, systems, and products are disclosed for chaining DMA data transfer operations for compute nodes in a parallel computer that include: receiving, by an origin DMA engine on an origin node in an origin injection FIFO buffer for the origin DMA engine, a RGET data descriptor specifying a DMA transfer operation data descriptor on the origin node and a second RGET data descriptor on the origin node, the second RGET data descriptor specifying a target RGET data descriptor on the target node, the target RGET data descriptor specifying an additional DMA transfer operation data descriptor on the origin node; creating,more » « less
Full Text Available
Self-pacing direct memory access data transfer operations for compute nodes in a parallel computer

Patent Blocksome, Michael A

Methods, apparatus, and products are disclosed for self-pacing DMA data transfer operations for nodes in a parallel computer that include: transferring, by an origin DMA on an origin node, a RTS message to a target node, the RTS message specifying an message on the origin node for transfer to the target node; receiving, in an origin injection FIFO for the origin DMA from a target DMA on the target node in response to transferring the RTS message, a target RGET descriptor followed by a DMA transfer operation descriptor, the DMA descriptor for transmitting a message portion to the target node,more » « less
Full Text Available
Cloud object store for archive storage of high performance computing data using decoupling middleware

Patent Bent, John M.; Faibish, Sorin; Grider, Gary

Cloud object storage is enabled for archived data, such as checkpoints and results, of high performance computing applications using a middleware process. A plurality of archived files, such as checkpoint files and results, generated by a plurality of processes in a parallel computing system are stored by obtaining the plurality of archived files from the parallel computing system; converting the plurality of archived files to objects using a log structured file system middleware process; and providing the objects for storage in a cloud object storage system. The plurality of processes may run, for example, on a plurality of compute nodes.more » « less
Full Text Available
Complex matrix multiplication operations with data pre-conditioning in a high performance computing architecture

Patent Eichenberger, Alexandre E; Gschwind, Michael K; Gunnels, John A

Mechanisms for performing a complex matrix multiplication operation are provided. A vector load operation is performed to load a first vector operand of the complex matrix multiplication operation to a first target vector register. The first vector operand comprises a real and imaginary part of a first complex vector value. A complex load and splat operation is performed to load a second complex vector value of a second vector operand and replicate the second complex vector value within a second target vector register. The second complex vector value has a real and imaginary part. A cross multiply add operation ismore » « less
Full Text Available

Similar Records

Title: Accessing protected data by a high-performance computing cluster

Abstract

Citation Formats

Format-preserving cryptographic systems patent-application, July 2008

Policy enforcement for compute nodes patent-application, June 2017

Method of forming virtual computer cluster within shared computing environment patent-application, April 2006

Encryption load balancing and distributed policy enforcement patent-application, January 2008

Graphics processing unit resource sharing patent-application, September 2017

Method and system for facilitating isolated workspace for applications patent-application, February 2014

System and method for cluster management based on HPC architecture patent-application, November 2005

Executable identity based file access patent-application, December 2012

Secure Virtual File Management System patent-application, August 2013

Non-invasive whitelisting patent-application, March 2016

Memory system with versatile content control patent-application, July 2007

Job assigning device, job assigning method, and computer product patent-application, October 2007

Format-preserving cryptographic systems
patent-application, July 2008

Policy enforcement for compute nodes
patent-application, June 2017

Method of forming virtual computer cluster within shared computing environment
patent-application, April 2006

Encryption load balancing and distributed policy enforcement
patent-application, January 2008

Graphics processing unit resource sharing
patent-application, September 2017

Method and system for facilitating isolated workspace for applications
patent-application, February 2014

System and method for cluster management based on HPC architecture
patent-application, November 2005

Executable identity based file access
patent-application, December 2012

Secure Virtual File Management System
patent-application, August 2013

Non-invasive whitelisting
patent-application, March 2016

Memory system with versatile content control
patent-application, July 2007

Job assigning device, job assigning method, and computer product
patent-application, October 2007