公开(公告)号：US12021846B2

公开(公告)日：2024-06-25

申请号：US17561431

申请日：2021-12-23

Applicant: Intel Corporation

Inventor： Johan Van de Groenendaal ,  Alberto J. Munoz

IPC: H04L9/40 ,  G06F8/65 ,  G06Q20/38 ,  G06F16/23 ,  G06F16/27 ,  G06F21/64 ,  H04L9/00 ,  H04L9/32

CPC classification number: H04L63/0428 ,  G06F8/65 ,  G06Q20/389 ,  G06F16/2379 ,  G06F16/27 ,  G06F21/64 ,  G06Q2220/00 ,  H04L9/3239 ,  H04L9/50

Abstract: Technologies for attesting a deployment of a workload using a blockchain includes a compute engine that receives a request from a remote device to validate one or more parameters of a managed node composed of one or more sleds. The compute engine retrieves a blockchain associated with the managed node. The blockchain includes one or more blocks, each block including information about the parameters of the managed node. The compute engine validates the blockchain and sends an indication that the blockchain is valid to the requesting device.

公开(公告)号：US20180150372A1

公开(公告)日：2018-05-31

申请号：US15826051

申请日：2017-11-29

Applicant: Intel Corporation

Inventor： Murugasamy K. Nachimuthu ,  Mohan J. Kumar ,  Alberto J. Munoz

IPC: G06F11/30 ,  G06F3/06

CPC classification number: G06F3/0641 ,  G06F3/0604 ,  G06F3/0608 ,  G06F3/0611 ,  G06F3/0613 ,  G06F3/0617 ,  G06F3/0647 ,  G06F3/065 ,  G06F3/0653 ,  G06F3/067 ,  G06F7/06 ,  G06F8/65 ,  G06F8/654 ,  G06F8/656 ,  G06F8/658 ,  G06F9/3851 ,  G06F9/3891 ,  G06F9/4401 ,  G06F9/4881 ,  G06F9/5038 ,  G06F9/505 ,  G06F9/544 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/079 ,  G06F11/1453 ,  G06F11/3006 ,  G06F11/3034 ,  G06F11/3055 ,  G06F11/3409 ,  G06F12/023 ,  G06F12/0284 ,  G06F12/0692 ,  G06F13/1652 ,  G06F15/80 ,  G06F16/1744 ,  G06F21/57 ,  G06F21/6218 ,  G06F21/73 ,  G06F21/76 ,  G06F2212/401 ,  G06F2212/402 ,  G06F2221/2107 ,  G06T1/20 ,  G06T1/60 ,  G06T9/005 ,  H01R13/4538 ,  H01R13/631 ,  H03K19/1731 ,  H03M7/3084 ,  H03M7/40 ,  H03M7/42 ,  H03M7/60 ,  H03M7/6011 ,  H03M7/6017 ,  H03M7/6029 ,  H04L9/0822 ,  H04L12/2881 ,  H04L12/4633 ,  H04L41/044 ,  H04L41/046 ,  H04L41/0816 ,  H04L41/0853 ,  H04L41/0896 ,  H04L41/12 ,  H04L41/142 ,  H04L43/04 ,  H04L43/06 ,  H04L43/08 ,  H04L43/0894 ,  H04L47/20 ,  H04L47/2441 ,  H04L47/78 ,  H04L49/104 ,  H04L61/2007 ,  H04L63/1425 ,  H04L67/10 ,  H04L67/1014 ,  H04L67/327 ,  H04L67/36 ,  H05K7/1452 ,  H05K7/1487

Abstract: Technologies for generating manifest data for a sled include a sled to generate manifest data indicative of one or more characteristics of the sled (e.g., hardware resources, firmware resources, a configuration of the sled, or a health of sled components). The sled is also to associate an identifier with the manifest data. The identifier uniquely identifies the sled from other sleds. Additionally, the sled is to send the manifest data and the associated identifier to a server. The sled may also detect a change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also generate an update of the manifest data based on the detected change, where the update specifies the detected change in the hardware resources, firmware resources, the configuration, or component health of the sled. The sled may also send the update of the manifest data to the server.

公开(公告)号：US20170252170A1

公开(公告)日：2017-09-07

申请号：US15432832

申请日：2017-02-14

Applicant: Intel Corporation

Inventor： Shamanna M. Datta ,  Alberto J. Munoz ,  Mahesh S. Natu ,  Scott T. Durrant

IPC: G06F21/12 ,  G06F21/53

CPC classification number: G06F9/45558 ,  G06F21/52 ,  G06F21/53 ,  G06F2009/45583 ,  G06F2009/45587 ,  G06F2221/2149

Abstract: An apparatus and method for hardware protection of a virtual machine monitor (VMM) runtime integrity watcher is described. A set of one or more hardware range registers that protect a contiguous memory space that is to store the VMM runtime integrity watcher. The set of hardware range registers are to protect the VMM runtime integrity watcher from being modified when loaded into the contiguous memory space. The VMM runtime integrity watcher, when executed, performs an integrity check on a VMM during runtime of the VMM.

公开(公告)号：US09252946B2

公开(公告)日：2016-02-02

申请号：US14550295

申请日：2014-11-21

Applicant: Intel Corporation

Inventor： Yeluri Ranghuram ,  Steve Orrin ,  Alberto J. Munoz

IPC: H04L9/08 ,  H04L9/32 ,  H04L29/06 ,  G06F9/455

CPC classification number: H04L9/0825 ,  G06F9/45533 ,  H04L9/083 ,  H04L9/3234 ,  H04L63/0442 ,  H04L63/062 ,  H04L2463/062

Abstract: A method, device, and system for securely migrating and provisioning a virtual machine image to a host device of a cloud service provider environment (CSPE) is disclosed. A customer device encrypts a virtual machine image (VMI) and stores the VMI in the CSPE. The host device retrieves the encrypted VMI from the object store and sends host trust data (including a symmetric key extracted from the encrypted VMI, the symmetric key being encrypted with the customer public key) to a key management server for trust attestation. If the key management server successfully attests the host device, the key management server decrypts the encrypted symmetric key using the customer private key and re-encrypts the symmetric key using the host public key. The host device receives the re-encrypted symmetric key from the key management server, decrypts it using the host private key, and decrypts the encrypted VMI using the symmetric key.

Abstract translation: 公开了一种用于将虚拟机映像安全迁移并提供给云服务提供商环境（CSPE）的主机设备的方法，设备和系统。 客户设备加密虚拟机映像（VMI）并将VMI存储在CSPE中。 主机设备从对象存储中检索加密的VMI，并向密钥管理服务器发送主机信任数据（包括从加密的VMI提取的对称密钥，用客户公钥加密的对称密钥）到信任认证的密钥管理服务器。 如果密钥管理服务器成功验证主机设备，则密钥管理服务器使用客户私钥解密加密对称密钥，并使用主机公钥对对称密钥进行重新加密。 主机设备从密钥管理服务器接收重新加密的对称密钥，使用主机私钥对其进行解密，并使用对称密钥解密加密的VMI。