Systems and methods for securely provisioning the geographic location of physical infrastructure elements in cloud computing environments
First Claim
1. A method for provisioning physical geographic location of a physical infrastructure device associated with a hypervisor host, the method comprising:
- performing processing to obtain initial geo location data of the device, including;
invoking one or more attestation service component(s) to issue a unique geo acquisition code that is only valid for a predefined time;
sending a request for the initial geo location data including the acquisition code to a geographic data acquisition component; and
receiving the initial geo location data from the geographic data acquisition component in response to the request, the initial geo location data comprising location, date, time data, and the acquisition code, and being signed by a key of the geo data acquisition component;
determining verified geo location data of the device by performing validation, via the attestation service component(s), of the initial geo location data to provide the verified geo location data upon successful validation;
writing, via the attestation service component(s), the verified geo location data into a Hardware Security Module of the hypervisor host.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods relating to improved security in cloud computing environments are disclosed. According to one illustrative implementation, a method for provisioning physical geographic location of a physical infrastructure device associated with a hypervisor host is provided. Further, the method may include performing processing to obtain initial geo location data of the device, determining verified geo location data of the device by performing validation, via an attestation service component, of the initial geo location data to provide verified geo location data, and writing the verified geo location data into HSM or TPM space of the hypervisor host.
22 Citations
46 Claims
-
1. A method for provisioning physical geographic location of a physical infrastructure device associated with a hypervisor host, the method comprising:
-
performing processing to obtain initial geo location data of the device, including; invoking one or more attestation service component(s) to issue a unique geo acquisition code that is only valid for a predefined time; sending a request for the initial geo location data including the acquisition code to a geographic data acquisition component; and receiving the initial geo location data from the geographic data acquisition component in response to the request, the initial geo location data comprising location, date, time data, and the acquisition code, and being signed by a key of the geo data acquisition component; determining verified geo location data of the device by performing validation, via the attestation service component(s), of the initial geo location data to provide the verified geo location data upon successful validation; writing, via the attestation service component(s), the verified geo location data into a Hardware Security Module of the hypervisor host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 39, 40, 41, 42, 43, 44)
-
-
30. A method for provisioning physical geographic location of a physical infrastructure device associated with a hypervisor host, the method comprising:
-
invoking one or more attestation service component(s) to issue a unique geo acquisition code that is only valid for a predefined time; sending a request for initial geo location data including the acquisition code to a geographic data acquisition component; processing the initial geo location data from the geographic data acquisition component in response to the request, the initial geo location data comprising location, date, time data, and the acquisition code, and being signed by a key of the geo data acquisition component; performing validation, via the attestation service component(s), of the initial geo location data to provide the verified geo location data upon successful validation; writing, via the attestation service component(s), the verified geo location data into the hypervisor host. - View Dependent Claims (31, 32, 33)
-
-
34. A method for provisioning physical geographic location of a physical infrastructure device associated with a hypervisor host, the method comprising:
-
invoking one or more attestation service component(s) to issue a unique geo acquisition code that is only valid for a predefined time; performing processing regarding utilization of the unique geo acquisition code and secure signature from the attestation service component(s) to obtain initial geo location data from a geographic data acquisition component; transmitting the initial geo location data and the signature to the attestation service component(s); performing validation, via the attestation service component(s), of the initial geo location data to provide the verified geo location data upon successful validation; writing, via the attestation service component(s), the verified geo location data into the hypervisor host. - View Dependent Claims (35, 36, 37, 38)
-
-
45. A system comprising:
-
at least one hypervisor host with one or more physical infrastructure devices; and one or more processing devices and/or computer readable media containing computer readable instructions executable by one or more processors to provision the hypervisor host with actual geographic location information of a physical infrastructure device, the instructions executable for; performing processing to obtain initial geo location data of the device, including; invoking one or more attestation service component(s) to issue a unique geo acquisition code that is only valid for a predefined time; sending a request for the initial geo location data including the acquisition code to a geographic data acquisition component; and receiving the initial geo location data from the geographic data acquisition component in response to the request, the initial geo location data comprising location, date, time data, and the acquisition code, and being signed by a key of the geo data acquisition component; determining verified geo location data of the device by performing validation, via the attestation service component(s), of the initial geo location data to provide the verified geo location data upon successful validation; writing, via the attestation service component(s), the verified geo location data into a Hardware Security Module of the hypervisor host.
-
-
46. One or more computer readable media containing computer readable instructions executable by one or more processors to provision a hypervisor host with actual geographic location information of a physical infrastructure device associated with the hypervisor host, the instructions executable for:
-
performing processing to obtain initial geo location data of the device, including; invoking one or more attestation service component(s) to issue a unique geo acquisition code that is only valid for a predefined time; sending a request for the initial geo location data including the acquisition code to a geographic data acquisition component; and receiving the initial geo location data from the geographic data acquisition component in response to the request, the initial geo location data comprising latitude, longitude, date, time data, and the acquisition code, and being signed by a key of the geo data acquisition component; determining verified geo location data of the device by performing validation, via the attestation service component(s), of the initial geo location data to provide the verified geo location data upon successful validation; and writing, via the attestation service component(s), the verified geo location data into a Hardware Security Module of the hypervisor host.
-
Specification