US Patent 11165565 Secure distribution private keys for use by untrusted code

A secure key system is described that distributes a private key of a key server to an edge server for encryption on behalf of an owner of the private key when establishing a session with a client. To distribute the private key, the key server receives from the edge server a quote generated by a secure enclave of the edge server. The quote attests to code of the secure enclave. The key server verifies the quote to ensure that the code of the secure enclave is trusted code. The key server encrypts the private key using a key of the edge server and sends the encrypted private key to the code of the secure enclave. The code of the secure enclave decrypts the private key using its key. Untrusted code of the edge server then requests the code of the secure enclave to perform cryptographic actions using the private key.