Protection of customer data in cloud virtual machines using a central management server
First Claim
1. A method to be performed by a computer programmed to protect data in a cloud computer system, the method comprising:
- getting virtual machine identity information identifying a virtual machine hosted and running on a computer system providing a cloud computing service;
performing an integrity check on the virtual machine to determine a security posture of the virtual machine;
sending a key request over the Internet from a program module running under an operating system that is operating in the virtual machine to a key management server, the key request being for a key to unlock an encrypted file system in the virtual machine, the key management server being remotely located from the computer system and configured to provide keys to file systems in other computer systems providing cloud computing services;
receiving the key from the key management server when the key management server deems the key request to be valid, the key being received in the virtual machine; and
using the key to unlock the encrypted file system.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud computing environment includes a key management server and a cloud computer system running several virtual machines. A virtual machine hosted by the cloud computer system includes an integrity check module for checking the integrity of the virtual machine and getting identity information of the virtual machine. The integrity check module sends a key request to a key management server, which provides key service to different cloud computer systems. The key management server validates the request and, if the request is valid, provides the key to the virtual machine. The key is used to unlock an encrypted file system in the virtual machine.
79 Citations
20 Claims
-
1. A method to be performed by a computer programmed to protect data in a cloud computer system, the method comprising:
-
getting virtual machine identity information identifying a virtual machine hosted and running on a computer system providing a cloud computing service; performing an integrity check on the virtual machine to determine a security posture of the virtual machine; sending a key request over the Internet from a program module running under an operating system that is operating in the virtual machine to a key management server, the key request being for a key to unlock an encrypted file system in the virtual machine, the key management server being remotely located from the computer system and configured to provide keys to file systems in other computer systems providing cloud computing services; receiving the key from the key management server when the key management server deems the key request to be valid, the key being received in the virtual machine; and using the key to unlock the encrypted file system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for protecting confidential data in a cloud computing environment, the system comprising:
-
a cloud computer system programmed to run an integrity check module in a virtual machine in a plurality of virtual machines, the integrity check module being configured to perform an integrity check on the virtual machine and to request a key for unlocking an encrypted file system in the virtual machine after the virtual machine passes the integrity check, the integrity check module running under an operating system that operates in the virtual machine; and a key management server programmed to receive the request for the key and to provide the key to the virtual machine when the key management server validates the request for the key, the key management server being configured to receive key requests for unlocking encrypted file systems on different virtual machines hosted by different cloud computer systems. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method to be performed by a computer programmed to protect data in a cloud computer system, the method comprising:
-
receiving over a computer network a key request from a program module running under an operating system that operates in a virtual machine hosted by a remotely located computer, the key request including identity information identifying the virtual machine and a result of an integrity check performed on the virtual machine; checking the identity information and the result of the integrity check to validate the request; and providing the virtual machine access information for accessing data in the virtual machine when the request is valid. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification