Realms: An on-chip solution for data protection through secure environments
This technology is a confidential computing architecture for private data protection from untrusted system software.
The use of sensitive private data in many applications, ranging from healthcare to advertising, has resulted in a growing concern over data privacy in computing. These applications may store data and computation on virtual machines (VMs) running on shared hardware in a cloud server, requiring ‘supervisor’ systems like hypervisors to manage and isolate VMs to protect applications and their data. However, these systems often still have access to private data within the applications or VMs, rendering them susceptible to hacking.
This technology, called Realms, is a confidential computing architecture (CCA) that enables the isolation of private data from privileged management systems. This technology protects in-use data by running VMs or applications in a protected execution environment, which stores the data in separate ‘realms’ that can be managed by ‘supervisor’ systems but cannot be accessed by them. Hardware is used to provide a physical address space for realms, while firmware secures realms and manages requests from untrusted system software. Realms can thus be used in various computer-based technologies to improve the security and confidentiality of sensitive application data.
Patent Pending
IR CU22325
Licensing Contact: Greg Maskel