公开(公告)号：US08990562B2

公开(公告)日：2015-03-24

申请号：US12901445

申请日：2010-10-08

申请人： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

发明人： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

IPC分类号： H04L9/32 ,  G06F21/00 ,  G06F7/04 ,  G06F21/33 ,  H04L29/06 ,  G06F21/57

CPC分类号： H04L9/3228 ,  G06F9/45558 ,  G06F21/33 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45595 ,  H04L63/0823

摘要： An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have.

摘要翻译： 描述了用于在动态环境中安全地部署用于虚拟机（VM）的可证明身份的发明。 在一个实施例中，结构控制器指示VM主机创建VM并将该VM发送给机密。 结构控制器向安全令牌服务器发送相同的秘密（或第二个密钥，例如公共/私人密钥对的私有密钥）以及为VM进行帐户的指令。 VM提供证明它拥有安全令牌服务的秘密，并且返回接收到完整的令牌。 当客户端连接到部署时，它从安全令牌服务（它信任的）接收公钥，并从VM接收完整的令牌。 它使用公钥验证完整的令牌，以确定虚拟机具有其所声称的身份。

公开(公告)号：US20120089833A1

公开(公告)日：2012-04-12

申请号：US12901445

申请日：2010-10-08

申请人： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

发明人： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

IPC分类号： H04L9/32

CPC分类号： H04L9/3228 ,  G06F9/45558 ,  G06F21/33 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45595 ,  H04L63/0823

摘要： An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have.

摘要翻译： 描述了用于在动态环境中安全地部署用于虚拟机（VM）的可证明身份的发明。 在一个实施例中，结构控制器指示VM主机创建VM并将该VM发送给机密。 结构控制器向安全令牌服务器发送相同的秘密（或第二个密钥，例如公共/私人密钥对的私钥）以及为VM建立帐户的指令。 VM提供证明它拥有安全令牌服务的秘密，并且返回接收到完整的令牌。 当客户端连接到部署时，它从安全令牌服务（它信任的）接收公钥，并从VM接收完整的令牌。 它使用公钥验证完整的令牌，以确定虚拟机具有其所声称的身份。