-
公开(公告)号:US20240380595A1
公开(公告)日:2024-11-14
申请号:US18314933
申请日:2023-05-10
Applicant: Google LLC
Inventor: Keith Moyer , Alex Wu , Jiankun Lu , Joe Richey , Catalin Daniel Sandu
Abstract: A method includes obtaining a container associated with a first entity, the container executing a workload, the workload requiring access to private resources associated with a second entity. The method also includes obtaining encrypted resources including the private resources associated with the second entity. The method further includes generating a verifiable attestation. The method includes transmitting the verifiable attestation to an attestation service and, after transmitting the verifiable attestation, receiving, from an access policy verifier, a federated identity token. The method further includes generating a decrypt request including the federated identity token. The method includes transmitting, to a key management service, the decrypt request, and, after transmitting the decrypt request, receiving, from the key management service, a data encryption key. The method includes decrypting, using the data encryption key, the encrypted resources to access the private resources and providing the workload access to the private resources.