Systems and methods for securely provisioning the geographic location of physical infrastructure elements in cloud computing environments
First Claim
Patent Images
1. A method comprising:
- obtaining a geographic acquisition code, the geographic acquisition code being valid for a predefined period of time;
sending a request for initial geographic location data of a physical infrastructure device to a geographic data acquisition component, the request comprising the geographic acquisition code;
receiving initial geographic location data of the physical infrastructure device from the geographic data acquisition component, the initial geographic location data being signed utilizing a key of the geographic data acquisition component;
verifying geographic location data of the physical infrastructure device by validating the signature of the initial geographic location data;
writing the verified geographic location data to a hardware security module of a hypervisor host implemented by the physical infrastructure device; and
managing a virtual environment associated with the hypervisor host in accordance with a geofencing policy utilizing the verified geographic location data written to the hardware security module of the hypervisor host, the geofencing policy specifying one or more approved geographic locations where different virtual machines are permitted to at least one of launch and perform computing operations.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods relating to improved security in cloud computing environments are disclosed. According to one illustrative implementation, a method for provisioning physical geographic location of a physical infrastructure device associated with a hypervisor host is provided. Further, the method may include performing processing to obtain initial geo location data of the device, determining verified geo location data of the device by performing validation, via an attestation service component, of the initial geo location data to provide verified geo location data, and writing the verified geo location data into HSM or TPM space of the hypervisor host.
-
Citations
20 Claims
-
1. A method comprising:
-
obtaining a geographic acquisition code, the geographic acquisition code being valid for a predefined period of time; sending a request for initial geographic location data of a physical infrastructure device to a geographic data acquisition component, the request comprising the geographic acquisition code; receiving initial geographic location data of the physical infrastructure device from the geographic data acquisition component, the initial geographic location data being signed utilizing a key of the geographic data acquisition component; verifying geographic location data of the physical infrastructure device by validating the signature of the initial geographic location data; writing the verified geographic location data to a hardware security module of a hypervisor host implemented by the physical infrastructure device; and managing a virtual environment associated with the hypervisor host in accordance with a geofencing policy utilizing the verified geographic location data written to the hardware security module of the hypervisor host, the geofencing policy specifying one or more approved geographic locations where different virtual machines are permitted to at least one of launch and perform computing operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a physical infrastructure device implementing a hypervisor host; the physical infrastructure device being configured; to obtain a geographic acquisition code, the geographic acquisition code being valid for a predefined period of time; to send a request for initial geographic location data of the physical infrastructure device to a geographic data acquisition component, the request comprising the geographic acquisition code; to receive initial geographic location data of the physical infrastructure device from the geographic data acquisition component, the initial geographic location data being signed utilizing a key of the geographic data acquisition component; to verify geographic location data of the physical infrastructure device by validating the signature of the initial geographic location data; to write the verified geographic location data to a hardware security module of the hypervisor host; and to manage a virtual environment associated with the hypervisor host in accordance with a geofencing policy utilizing the verified geographic location data written to the hardware security module of the hypervisor host, the geofencing policy specifying one or more approved geographic locations where different virtual machines are permitted to at least one of launch and perform computing operations. - View Dependent Claims (10, 11, 12, 13, 14, 15, 20)
-
-
16. A computer program product comprises a non-transitory computer readable storage medium having stored therein program code of one or more software programs, wherein the program code when executed causes a physical infrastructure device:
-
to obtain a geographic acquisition code, the geographic acquisition code being valid for a predefined period of time; to send a request for initial geographic location data of the physical infrastructure device to a geographic data acquisition component, the request comprising the geographic acquisition code; to receive initial geographic location data of the physical infrastructure device from the geographic data acquisition component, the initial geographic location data being signed utilizing a key of the geographic data acquisition component; to verify geographic location data of the physical infrastructure device by validating the signature of the initial geographic location data; to write the verified geographic location data to a hardware security module of a hypervisor host implemented by the physical infrastructure device; and to manage a virtual environment associated with the hypervisor host in accordance with a geofencing policy utilizing the verified geographic location data written to the hardware security module of the hypervisor host, the geofencing policy specifying one or more approved geographic locations where different virtual machines are permitted to at least one of launch and perform computing operations. - View Dependent Claims (17, 18, 19)
-
Specification