TECHNIQUES FOR SECURE DATA EXTRACTION IN A VIRTUAL OR CLOUD ENVIRONMENT
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data.
-
Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A method, comprising:
-
securely maintaining a delta between a running instance of a virtual environment on a first machine and a base image for the virtual environment; transferring the base image to a second machine; separately providing the delta to the second machine; and applying the delta to the base image on the second machine and initiating the base image with the integrated delta as a second running instance of the virtual environment on the second machine. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A method, comprising:
-
establishing secure keys between a group of machines; identifying delta data in a base image of a virtual environment, wherein the delta data is maintained separately from the base image in an encrypted format using the secure keys; transferring the base image to a first machine of the group of machines; providing the delta data in the encrypted format to the first machine; and initiating, by the first machine, a first running instance of the virtual environment by decrypting the delta data in the encrypted format with one of the keys available from the first machine, integrating the decrypted delta data into the base image, and initiating the first running instance. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system, comprising:
-
a first machine; a delta data manager configured to;
i) execute on one or more processors of the first machine, ii) extract selective data from a base image of a virtual environment, iii) maintain the selective data separately from the base image in an encrypted format for which access requires keys and each key specific to a particular machine defined in a group of machines, and iv) provide the base image separate from the selective data to machines in the group of machines, wherein each machine in the group of machines;
decrypts the selective data using that machine'"'"'s specific key from the keys, integrates the decrypted selective data into the base image, and initiates a running instance of the virtual environment. - View Dependent Claims (39, 40)
-
Specification