公开(公告)号：US20240380595A1

公开(公告)日：2024-11-14

申请号：US18314933

申请日：2023-05-10

Applicant: Google LLC

Inventor： Keith Moyer ,  Alex Wu ,  Jiankun Lu ,  Joe Richey ,  Catalin Daniel Sandu

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/40

Abstract: A method includes obtaining a container associated with a first entity, the container executing a workload, the workload requiring access to private resources associated with a second entity. The method also includes obtaining encrypted resources including the private resources associated with the second entity. The method further includes generating a verifiable attestation. The method includes transmitting the verifiable attestation to an attestation service and, after transmitting the verifiable attestation, receiving, from an access policy verifier, a federated identity token. The method further includes generating a decrypt request including the federated identity token. The method includes transmitting, to a key management service, the decrypt request, and, after transmitting the decrypt request, receiving, from the key management service, a data encryption key. The method includes decrypting, using the data encryption key, the encrypted resources to access the private resources and providing the workload access to the private resources.