Patent · US Active

Leveraging hardware-based attestation to grant workloads access to confidential data

US11886223B2 · kind B2 · utility

0Cited by

0References

21Claims

0Family size

Assignee

VMware LLC · US

Inventors

Abhishek Srivastava · Bengaluru, IN
David Dunn · Sammamish, US
Jesse Pool · Mountain View, US
Adrian Drzewiecki · Cupertino, US

Key dates

Filing date	Dec 11, 2020
Grant date	Jan 30, 2024
Priority date	—
Expiry date	Jun 9, 2042

Classification

Technology area (CPC H)Electricity
CPC primaryH04L9/3247
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

In one set of embodiments, confidential data needed by a workload component running within a worker VM can be placed on an encrypted virtual disk that is attached to the worker VM and hardware-based attestation can be used to validate the worker VM's software and isolate its guest memory from its hypervisor. Upon successful completion of this attestation process, a data decryption key can be delivered to the worker VM via a secure channel established via the attestation, such that the hypervisor cannot read or alter the key. The worker VM can then decrypt the contents of the encrypted virtual disk using the data decryption key, thereby granting the workload component access to the confidential data.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.