Verifying a geographic location of a virtual disk image executing at a data center server within a data center
First Claim
1. A method to verify a geographic location of a virtual disk image executing at a data center server within a data center, the method comprising:
- receiving the virtual disk image from a data center tenant for execution at the data center;
sending a disk image hash value of the virtual disk image signed by an endorsement key unique to a cryptoprocessor within the data center server to the data center tenant, a public half of the endorsement key, and a digital certificate certifying the public half of the endorsement key to the data center tenant, private half of the endorsement key is stored in the cryptoprocessor and is unique to the cryptoprocessor; and
sending the geographic location of the cryptoprocessor matching the public half of the endorsement key to the data center tenant by a location provider within the data center.
3 Assignments
0 Petitions
Accused Products
Abstract
A method to verify a geographic location of a virtual disk image executing at a data center server within a data center. One embodiment includes a cryptoprocessor proximate the data center server, a hypervisor configured to send a disk image hash value of the virtual disk image, a digital certificate issued to the cryptoprocessor, an endorsement key to a data center tenant and a location provider. The method includes sending a disk image hash value of the virtual disk image, an endorsement key unique to a cryptoprocessor proximate the data center server to a data center tenant, and a digital certificate to a data center tenant. Next, the location provider sends the geographic location of the cryptoprocessor matching the endorsement key to the data center tenant.
33 Citations
12 Claims
-
1. A method to verify a geographic location of a virtual disk image executing at a data center server within a data center, the method comprising:
-
receiving the virtual disk image from a data center tenant for execution at the data center; sending a disk image hash value of the virtual disk image signed by an endorsement key unique to a cryptoprocessor within the data center server to the data center tenant, a public half of the endorsement key, and a digital certificate certifying the public half of the endorsement key to the data center tenant, private half of the endorsement key is stored in the cryptoprocessor and is unique to the cryptoprocessor; and sending the geographic location of the cryptoprocessor matching the public half of the endorsement key to the data center tenant by a location provider within the data center. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
Specification