VIRTUAL MACHINE IMAGES ENCRYPTION USING TRUSTED COMPUTING GROUP SEALING
First Claim
1. A computer implemented method for encrypting a private key, the method comprising:
- configuring host machine to a desired state, wherein the host machine has a trusted platform module;
recording a platform configuration register state based on the desired state;
forming a sealed blob from a private key and a platform configuration register state; and
storing the sealed blob in a data structure.
2 Assignments
0 Petitions
Accused Products
Abstract
A host machine provisions a virtual machine from a catalog of stock virtual machines. The host machine instantiates the virtual machine. The host machine configures the virtual machine, based on customer inputs, to form a customer'"'"'s configured virtual machine. The host machine creates an image from the customer'"'"'s configured virtual machine. The host machine unwraps a sealed customer'"'"'s symmetric key to form a customer'"'"'s symmetric key. The host machine encrypts the customer'"'"'s configured virtual machine with the customer'"'"'s symmetric key to form an encrypted configured virtual machine. The host machine stores the encrypted configured virtual machine to non-volatile storage.
65 Citations
22 Claims
-
1. A computer implemented method for encrypting a private key, the method comprising:
-
configuring host machine to a desired state, wherein the host machine has a trusted platform module; recording a platform configuration register state based on the desired state; forming a sealed blob from a private key and a platform configuration register state; and storing the sealed blob in a data structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer implemented method for securely storing a customer'"'"'s symmetric key, the method comprising:
-
receiving the customer'"'"'s symmetric key at a data center; encrypting the customer'"'"'s symmetric key with a public key of the data center to form a wrapped customer'"'"'s symmetric key; and storing the wrapped customer'"'"'s symmetric key. - View Dependent Claims (10, 11, 12)
-
-
13. A computer implemented method for storing a customized virtual machine, the method comprising:
-
provisioning a virtual machine on a host machine from a catalog of stock virtual machines; instantiating the virtual machine on the host machine; configuring the virtual machine, based on customer inputs, to form a customer'"'"'s configured virtual machine; creating an image from the customer'"'"'s configured virtual machine; unwrapping a customer'"'"'s encrypted symmetric key to form a customer'"'"'s symmetric key; encrypting the customer'"'"'s configured virtual machine with the customer'"'"'s symmetric key to form an encrypted configured virtual machine; and storing the encrypted configured virtual machine to non-volatile storage. - View Dependent Claims (14, 15)
-
-
16. A computer implemented method for executing a customer'"'"'s configured virtual machine, the method comprising:
-
receiving a customer selection of an encrypted configured virtual machine image; obtaining a sealed blob from a data structure controlled by a data center; unsealing the sealed blob to form a data center private key; decrypting a customer'"'"'s symmetric key with the data center private key; decrypting the customer'"'"'s configured virtual machine from the encrypted configured virtual machine; and executing the customer'"'"'s configured virtual machine on a host processor of a host machine. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification