SYSTEM AND METHOD FOR CONFIDENTIAL REMOTE COMPUTING
First Claim
1. A system enabling trustworthy hosting of workloads on remote compute-server, ensuring that first party agents have no access to the workload computation and data regardless of the agents'"'"' privileges;
- where first party agents includes the hosting facility administrators.
0 Assignments
0 Petitions
Accused Products
Abstract
A system, method, device and protocols are disclosed. Each and combined they protect computation and data hosted on remote computing resources from first party attacks.
First party attacks refer to attacks that are launched by agents (employees, contractors, etc.) of the hosting facility. Such attacks can be launched by the first patty agents, or some other adversary exploiting the privileges of the first party agent.
This invention allows customers to submit workloads to a remote computing facility, e.g. a datacenter or cloud computing, with the assurance that the administrators of the remote computers cannot access the workload computation and data.
The invention scales effectively from a single compute-server device to a whole datacenter with numerous compute-servers. It interoperates and may utilize VMM and VM deployment architectures. The invention allows varying degrees of datacenter operations access to the workload ranging from virtually none in the most strict case, to limited access to enable monitoring and maintenance of the workload.
This invention can be applied to existing cloud computing and other datacenters with off the self computing components. Further it can be applied to existing computing resource commonly in use in such facilities. Further, the invention is applicable to a wide variety of settings including single computers, computer labs, datacenters and public and private cloud computing services.
19 Citations
20 Claims
-
1. A system enabling trustworthy hosting of workloads on remote compute-server, ensuring that first party agents have no access to the workload computation and data regardless of the agents'"'"' privileges;
- where first party agents includes the hosting facility administrators.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 19)
-
8. A device, called compute-server, which follows a regulated boot and vetting protocol;
- the protocol enabling the compute-server to pass a trustworthiness vetting with a control server or customer computer
- View Dependent Claims (9, 10, 11, 12, 13, 14, 20)
- 15. A method enabling trustworthy hosting, protecting the hosted workload from the hosting party reading or tampering with it.
Specification