Secure Management of Operations on Protected Virtual Machines
First Claim
1. In a computing environment, a method of establishing trust for a host, the method comprising:
- a host attestation service receiving from a host deployed on a physical machine, a verifiable indication of certain characteristics that the host meets;
attempting to determine from the indication of the certain characteristics that the host meets certain requirements; and
if the host meets the certain requirements, including at least meeting a requirement that the host contains a trusted execution environment (TEE), the host attestation service issuing a certificate to the host that the host can use to authenticate to one or more entities having a trust relationship with the host attestation service.
6 Assignments
0 Petitions
Accused Products
Abstract
Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity.
213 Citations
27 Claims
-
1. In a computing environment, a method of establishing trust for a host, the method comprising:
-
a host attestation service receiving from a host deployed on a physical machine, a verifiable indication of certain characteristics that the host meets; attempting to determine from the indication of the certain characteristics that the host meets certain requirements; and if the host meets the certain requirements, including at least meeting a requirement that the host contains a trusted execution environment (TEE), the host attestation service issuing a certificate to the host that the host can use to authenticate to one or more entities having a trust relationship with the host attestation service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. In a computing environment, a method of establishing trust for a host, the method comprising:
-
a host implemented using a physical machine sending a verifiable indication of certain characteristics of the host to a host attestation service; and as a result of the host meeting certain requirements, as determined by the host attestation service evaluating the indication of certain characteristics, including at least meeting a requirement that the host contains a trusted execution environment (TEE), the host receiving from the host attestation service a certificate that the host can use to authenticate to one or more entities having a trust relationship to the host attestation service. - View Dependent Claims (14, 15, 16, 17)
-
-
18. In a computing environment, a method of deploying an encrypted entity on a trusted entity, the method comprising:
-
at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity, where the untrusted entity is not trusted by the authority; at the trusted entity, using a trust credential from the authority to obtain a key from a key distribution service, where the key distribution service is trusted by the authority; and using the key, decrypting the encrypted entity to allow the encrypted entity to be deployed at the trusted entity. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification