US 12,425,380 B2
Secure key management for service mesh deployments
Kapil Sood, Portland, OR (US); Srinivasa Addepalli, San Jose, CA (US); Dong Guo, Kunshan (CN); Sakari Poussa, Espoo (FI); Kailun Qin, Shanghai (CN); Ismo Puustinen, Helsinki (FI); and Veronika Karpenko, New Ross (IE)
Assigned to Intel Corporation, Santa Clara, CA (US)
Appl. No. 18/288,955
Filed by Intel Corporation, Santa Clara, CA (US)
PCT Filed Mar. 25, 2022, PCT No. PCT/US2022/021970
§ 371(c)(1), (2) Date Oct. 30, 2023,
PCT Pub. No. WO2023/075828, PCT Pub. Date May 4, 2023.
Claims priority of application No. PCT/CN2021/127196 (WO), filed on Oct. 28, 2021.
Prior Publication US 2024/0205198 A1, Jun. 20, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/0428 (2013.01) [H04L 63/0823 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A device providing a service host of a service mesh, the service host comprising:
network communication circuitry;
secure storage to provide a secure enclave;
processing circuitry; and
a storage medium including instructions embodied thereon, wherein the instructions, which when executed by the processing circuitry, cause the processing circuitry to:
receive a private key at the service host, via the network communication circuitry, the private key generated according to a confidential computing technology;
store the private key in the secure enclave, the secure enclave operated according to the confidential computing technology;
access the private key within the secure enclave of the secure storage, for use in establishing a secure transport session within the service mesh; and
perform communications between the service host and another entity within the service mesh, in the secure transport session via the network communication circuitry, based on use of the private key in the secure enclave to sign one or more keys for the secure transport session.