ZERO-KNOWLEDGE VERIFIABLY ATTESTABLE TRANSACTION CONTAINERS USING SECURE PROCESSORS
First Claim
1. A method for providing attestation of an operating system environment, the method comprising:
- booting, with a secure boot process with attestation, at least one processor with secure processor technology that allows user-level code to allocate private regions of memory which are protected from processes running at higher privilege levels;
loading one or more operating system containers in a server or a virtual machine, where each of the one or more operating system containers use each of their own process space and network space in order to operate on a single operating system kernel without creating separate virtual machines;
determining if a set of one or more conditions of booting and loading has been satisfied using zero-knowledge verifiable computing; and
in response to the set of one or more conditions having been satisfied, sending an attestation calculated using a zero-knowledge verifiable computing technique to a second processor-based device that the set of one or more conditions have been satisfied.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and computer program product for providing an attestation of an operating environment. The method begins with booting, with a secure boot process with attestation, at least one processor with secure processor technology that allows user-level code to allocate private regions of memory which are protected from processes running at higher privilege levels. Next, one or more operating system containers are loaded in a server or a virtual machine. Each of the one or more operating system containers use each of their own process space and network space in order to operate on a single operating system kernel without creating separate virtual machines. If a set of one or more conditions of booting and loading has been satisfied using zero-knowledge verifiable computing then an attestation is sent calculated using a zero-knowledge verifiable computing technique to a second processor-based device.
-
Citations
20 Claims
-
1. A method for providing attestation of an operating system environment, the method comprising:
-
booting, with a secure boot process with attestation, at least one processor with secure processor technology that allows user-level code to allocate private regions of memory which are protected from processes running at higher privilege levels; loading one or more operating system containers in a server or a virtual machine, where each of the one or more operating system containers use each of their own process space and network space in order to operate on a single operating system kernel without creating separate virtual machines; determining if a set of one or more conditions of booting and loading has been satisfied using zero-knowledge verifiable computing; and in response to the set of one or more conditions having been satisfied, sending an attestation calculated using a zero-knowledge verifiable computing technique to a second processor-based device that the set of one or more conditions have been satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for providing attestation of an operating system environment, the system comprising:
-
a memory; a processor communicatively coupled to the memory, where the processor is configured to perform booting, with a secure boot process with attestation, at least one processor with secure processor technology that allows user-level code to allocate private regions of memory which are protected from processes running at higher privilege levels; loading one or more operating system containers in a server or a virtual machine, where each of the one or more operating system containers use each of their own process space and network space in order to operate on a single operating system kernel without creating separate virtual machines; determining if a set of one or more conditions of booting and loading has been satisfied using zero-knowledge verifiable computing; and in response to the set of one or more conditions having been satisfied, sending an attestation calculated using a zero-knowledge verifiable computing technique to a second processor-based device that the set of one or more conditions have been satisfied. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer program product for providing attestation of an operating system environment comprising a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code configured to perform:
-
booting, with a secure boot process with attestation, at least one processor with secure processor technology that allows user-level code to allocate private regions of memory which are protected from processes running at higher privilege levels; loading one or more operating system containers in a server or a virtual machine, where each of the one or more operating system containers use each of their own process space and network space in order to operate on a single operating system kernel without creating separate virtual machines; determining if a set of one or more conditions of booting and loading has been satisfied using zero-knowledge verifiable computing; and in response to the set of one or more conditions having been satisfied, sending an attestation calculated using a zero-knowledge verifiable computing technique to a second processor-based device that the set of one or more conditions have been satisfied. - View Dependent Claims (20)
-
Specification