Provisioning identity certificates using hardware-based secure attestation in a virtualized and clustered computer system
US11709700B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 13, 2021 |
| Grant date | Jul 25, 2023 |
| Priority date | — |
| Expiry date | Jun 27, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2009/45587
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.