| CPC G06Q 40/04 (2013.01) [G06F 21/51 (2013.01); G06F 21/57 (2013.01); G06Q 30/0609 (2013.01); H04L 9/085 (2013.01); H04L 9/3236 (2013.01); H04L 9/3247 (2013.01); G06Q 2220/00 (2013.01)] | 29 Claims |
|
1. A system for providing an exchange in a trusted execution environment, the system comprising:
an exchange program that is configured to provide a digital exchange for digital assets; and
one or more computer servers, each computer server comprising one or more computer processors and memory, wherein the one or more computer processors and memory provide a secure enclave that is configured to provide i) the trusted execution environment within which execution of the exchange program is secure from observation and manipulation by other operations outside of the secure enclave and ii) a trustless storage system that provides persistent storage of data that is accessible for observation and manipulation by other operations outside the trustless storage system, wherein execution of the exchange program in the secure enclave comprises:
loading the exchange program into secure memory within the secure enclave;
performing an attestation operation on the exchange program loaded into the secure memory within the secure enclave, the attestation operation configured to validate the exchange program;
outputting results of the attestation operation to identify whether the exchange program loaded in the secure enclave is valid; and
running the exchange program within the secure enclave, comprising:
in response to receiving a client request, generating a cleartext data object in secure memory of the secure enclave, wherein the cleartext data object includes information that is associated with the client request;
generating an encrypted data object in the secure memory of the secure enclave by encrypting the cleartext data object, using an encryption key that is maintained in read only memory of the secure enclave, such that the encryption key is secure from observation and manipulation by other operations outside of the secure enclave;
after generating the encrypted data object, (i) deleting the cleartext data object from the secure memory of the secure enclave, (ii) generating a signature for the encrypted data object using a signature function, and (iii) storing the generated signature in the secure memory of the secure enclave;
transferring the encrypted data object out of the secure memory of the secure enclave for persistent storage in the trustless storage system of the secure enclave; and
in response to a request for return of the encrypted data object from to the secure memory of the secure enclave, (i) receiving a candidate encrypted data object from the trustless storage system of the secure enclave, (ii) determining whether the candidate encrypted data object is the encrypted data object that was transferred for persistent storage in the trustless storage system of the secure enclave, by generating a candidate signature for the candidate encrypted data object using the signature function and determining whether the candidate signature matches the previously generated signature for the encrypted data object, and (iii) in response to determining that the candidate encrypted data object is the encrypted data object, decrypting the candidate encrypted data object using the encryption key that is maintained in read only memory of the secure enclave, such that the cleartext of the candidate encrypted data object is accessible to the trusted execution environment, in the secure memory of the secure enclave.
|