公开(公告)号：EP3218839A2

公开(公告)日：2017-09-20

申请号：EP15860036.1

申请日：2015-11-03

申请人： Microsoft Technology Licensing, LLC

发明人： NOVAK, Mark Fishel ,  BEN-ZVI, Nir ,  MESSEC, John Anthony ,  KINSHUMANN, Kinshuman ,  MCCARRON, Christopher

IPC分类号： G06F21/57

CPC分类号： G06F21/575 ,  G06F9/4416 ,  G06F9/45558 ,  G06F2009/45562 ,  G06F2009/4557 ,  G06F2221/034 ,  H04L63/0428

摘要： Booting a machine in a secure fashion in a potentially unsecure environment. The method includes a target machine beginning a boot process. The method further includes the target machine determining that it needs provisioning data to continue booting. The target machine contacts a secure infrastructure to obtain the provisioning data. The target machine provides an identity claim that can be verified by the secure infrastructure. As a result of the secure infrastructure verifying the identity claim, the target machine receives a request from the secure infrastructure to establish a key sealed to the target machine. The target machine provides the established key to the secure infrastructure. The target machine receives the provisioning data from the secure infrastructure. The provisioning data is encrypted to the established key. The target machine decrypts the encrypted provisioning data, and uses the provisioning data to finish booting.

摘要翻译： 在可能不安全的环境中以安全的方式引导机器。 该方法包括目标机器开始启动过程。 该方法还包括目标机器确定它需要供应数据以继续引导。 目标机器联系安全基础设施以获取供应数据。 目标机器提供可以由安全基础结构验证的身份声明。 由于安全基础设施验证身份声明，目标机器收到来自安全基础设施的请求以建立密封到目标机器的密钥。 目标机器将建立的密钥提供给安全基础设施。 目标机器从安全基础架构接收配置数据。 配置数据被加密到已建立的密钥。 目标机器解密加密的供应数据，并使用供应数据完成引导。

公开(公告)号：EP3140770B1

公开(公告)日：2020-02-12

申请号：EP15722864.4

申请日：2015-05-04

申请人： Microsoft Technology Licensing, LLC

发明人： FERGUSON, Niels T. ,  SAMSONOV, Yevgeniy Anatolievich ,  KINSHUMANN ,  CHANDRASHEKAR, Samartha ,  MESSEC, John Anthony ,  NOVAK, Mark Fishel ,  MCCARRON, Christopher ,  TAMHANE, Amitabh Prakash ,  WANG, Qiang ,  KRUSE, David Matthew ,  BEN-ZVI, Nir ,  VINBERG, Anders Bertil

IPC分类号： G06F21/57 ,  H04W12/10 ,  G06F21/62 ,  G06F12/08 ,  H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G06F9/455

公开(公告)号：EP3140770A1

公开(公告)日：2017-03-15

申请号：EP15722864.4

申请日：2015-05-04

申请人： Microsoft Technology Licensing, LLC

发明人： FERGUSON, Niels T. ,  SAMSONOV, Yevgeniy Anatolievich ,  KINSHUMANN, Kinshuman ,  CHANDRASHEKAR, Samartha ,  MESSEC, John Anthony ,  NOVAK, Mark Fishel ,  MCCARRON, Christopher ,  TAMHANE, Amitabh Prakash ,  WANG, Qiang ,  KRUSE, David Matthew ,  BEN-ZVI, Nir ,  VINBERG, Anders Bertil

IPC分类号： G06F21/57 ,  G06F9/455 ,  H04W12/10

摘要： Managing encrypted datasets is illustrated. A method includes obtaining a first decryption key. The first decryption key is configured to be used to decrypt an encrypted dataset that has been encrypted using a first encryption mechanism. The first encryption mechanism is associated with the first decryption key that can be used to decrypt the dataset. The method further includes encrypting the first decryption key with a second encryption mechanism. The method further includes encrypting the first decryption key with a third encryption mechanism. The method further includes creating a package including at least the first decryption key encrypted with the second encryption method and the first decryption key encrypted with the third encryption method. The method further includes signing the package with a guardian signature and signing the package with a signature created from the first decryption key.

摘要翻译： 说明管理加密数据集。 一种方法包括获得第一解密密钥。 第一解密密钥被配置为用于解密已经使用第一加密机制加密的加密数据集。 第一加密机制与可用于解密数据集的第一解密密钥相关联。 该方法还包括用第二加密机制来加密第一解密密钥。 该方法还包括用第三加密机制加密第一解密密钥。 该方法还包括创建包括至少包括利用第二加密方法加密的第一解密密钥和用第三加密方法加密的第一解密密钥的包。 该方法还包括用保护签名对该包进行签名，并使用从该第一解密密钥创建的签名对该包进行签名。

公开(公告)号：EP3005113A1

公开(公告)日：2016-04-13

申请号：EP14736086.1

申请日：2014-05-28

申请人： Microsoft Technology Licensing, LLC

发明人： MESSEC, John Anthony ,  SIVA DASAN, Sumit ,  SUN, Yi ,  WU, Bo ,  GIBSON, Robert S.T.

IPC分类号： G06F9/50

CPC分类号： G06F3/0665 ,  G06F3/0619 ,  G06F3/0641 ,  G06F3/0689 ,  G06F9/45558 ,  G06F9/5077

摘要： Determining host machines on which to place a virtual machine. The method includes determining that a virtual machine to be deployed to a host will use a differencing disk chain based off of one or more base disks. One or more hosts are identified having the one or more base disks already available to the one or more hosts. One of the one or more hosts is selected at which to place the virtual machine based on the one or more hosts having the one or more base disks already available to the one or more hosts. The virtual machine is placed at the selected host.

摘要翻译： 确定放置虚拟机的主机。 该方法包括确定要部署到主机的虚拟机将使用基于一个或多个基本磁盘的差分磁盘链。 一个或多个主机被识别为具有一个或多个基本磁盘已经可用于一个或多个主机。 选择一个或多个主机之一，其中基于具有一个或多个基本磁盘的一个或多个基本磁盘可用于一个或多个主机的虚拟机放置虚拟机。 虚拟机放置在选定的主机上。