	US 12,244,582 B2
	Enclave interactions
Anna Sapek, Kirkland, WA (US); Uday Ramesh Savagaonkar, Redmond, WA (US); Jeffrey Thomas Andersen, Kirkland, WA (US); and Thomas Michael Roeder, Kirkland, WA (US)
Assigned to Google LLC, Mountain View, CA (US)
Filed by Google LLC, Mountain View, CA (US)
Filed on Jan. 31, 2024, as Appl. No. 18/428,700.
Application 18/428,700 is a continuation of application No. 17/973,664, filed on Oct. 26, 2022, granted, now 11,962,576.
Application 17/973,664 is a continuation of application No. 17/046,547, granted, now 11,509,643, issued on Nov. 22, 2022, previously published as PCT/US2018/042684, filed on Jul. 18, 2018.
Claims priority of provisional application 62/664,463, filed on Apr. 30, 2018.
Prior Publication US 2024/0171560 A1, May 23, 2024
Int. Cl. H04L 9/40 (2022.01); G06Q 30/018 (2023.01); H04L 9/08 (2006.01)

CPC H04L 63/08 (2013.01) [H04L 9/0844 (2013.01); H04L 63/0428 (2013.01); H04L 63/101 (2013.01); G06Q 30/0185 (2013.01)]

20 Claims

1. A method for sealing secrets in a first enclave entity of a host computing device, the method comprising:

inputting, by one or more processors of the host computing device, a header and a secret to a sealing library of the first enclave entity, the header comprising an identity access control list for the secret;

generating, by the one or more processors, a key using the sealing library;

sending, by the one or more processors, the key and the identity access control list to a second enclave entity;

receiving, by the one or more processors, a sealed version of the key from the second enclave entity;

sealing, by the one or more processors, the secret using sealing library; and

appending, by the one or more processors, the sealed version of the key and the identity access control list to the sealed secret.