-
公开(公告)号:US20160196415A1
公开(公告)日:2016-07-07
申请号:US15071430
申请日:2016-03-16
Applicant: Huawei Technologies Co., Ltd.
Inventor: Jianfeng Liu , Xun Shi , Huanguo Zhang , Fei Yan
CPC classification number: G06F21/30 , G06F9/45558 , G06F21/57 , G06F2009/45587 , G06F2221/034 , G06F2221/2101
Abstract: A measurement method, an electronic device, and a measurement system where the electronic device reads, from a hardware storage device, running code and running data that are in a running process of a virtual machine manager (VMM), and generates first verification information according to the running code and the running data, and the electronic device stores the first verification information, and transmits, to a trusted data center, log information generated in a process that is from reading, by the electronic device, the running code and the running data to storing, by the electronic device, the first verification information such that the trusted data center measures the electronic device using the first verification information acquired from the electronic device and second verification information generated according to the log information.
Abstract translation: 一种测量方法,电子设备和测量系统,其中电子设备从硬件存储设备读取运行中的虚拟机管理器(VMM)的运行过程中的代码和运行的数据,并且根据虚拟机管理器 并且电子设备存储第一验证信息,并且向可信数据中心发送在由电子设备读取的处理中生成的日志信息,运行代码和正在运行的代码 用于通过电子设备存储第一验证信息的数据,使得可信数据中心使用从电子设备获取的第一验证信息和根据日志信息生成的第二验证信息来测量电子设备。
-
公开(公告)号:US10922117B2
公开(公告)日:2021-02-16
申请号:US15892594
申请日:2018-02-09
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
IPC: G06F9/455 , G06F21/53 , H04L12/24 , H04L29/08 , G06F21/57 , H04L9/08 , H04L9/14 , H04L9/30 , H04L29/06
Abstract: The present application discloses a virtual trusted platform module (vTPM)-based virtual machine security protection method and system. The method, executed by a physical host, includes: receiving a primary seed acquisition request sent by a virtual machine, where the primary seed acquisition request carries a UUID; sending the UUID to a KMC, so that the KMC generates a primary seed according to the UUID; and receiving the primary seed fed back by the KMC, and sending the primary seed to the virtual machine, so that the virtual machine creates a root key of a vTPM according to the primary seed, where the root key is used by the vTPM to create a key for the virtual machine to protect security of the virtual machine. As such, the same root key can be created by using the primary seed.
-
Patent Agency Ranking
公开(公告)号:US09698988B2
公开(公告)日:2017-07-04
申请号:US14720245
申请日:2015-05-22
Applicant: Huawei Technologies Co., Ltd.
CPC classification number: H04L9/321 , G06F9/45533 , G06F21/31 , G06F21/53 , G06F21/57 , H04L9/30 , H04L9/3234 , H04L41/0803 , H04L63/00 , H04L63/0442 , H04L63/08
Abstract: A security control platform receives a virtual machine starting request message that is from user equipment and forwarded by a management platform, where the virtual machine starting request message includes an identifier of a virtual machine that needs to be enabled and user information; invokes a third-party trusted platform to determine that the virtual machine starting request message is initiated by the user equipment according to an instruction of an authorized user; and performs authentication on the user information, and based on successful authentication, invokes the third-party trusted platform to decapsulate the virtual machine that needs to be enabled. It is ensured that other user equipment (including the management platform) cannot obtain a key of the third-party trusted platform, which enhances security of management control on the virtual machine, and thereby enhances security of a cloud computing platform.
-
公开(公告)号:US10339284B2
公开(公告)日:2019-07-02
申请号:US15071430
申请日:2016-03-16
Applicant: Huawei Technologies Co., Ltd.
Inventor: Jianfeng Liu , Xun Shi , Huanguo Zhang , Fei Yan
Abstract: A measurement method, an electronic device, and a measurement system where the electronic device reads, from a hardware storage device, running code and running data that are in a running process of a virtual machine manager (VMM), and generates first verification information according to the running code and the running data, and the electronic device stores the first verification information, and transmits, to a trusted data center, log information generated in a process that is from reading, by the electronic device, the running code and the running data to storing, by the electronic device, the first verification information such that the trusted data center measures the electronic device using the first verification information acquired from the electronic device and second verification information generated according to the log information.
-
公开(公告)号:US11017095B2
公开(公告)日:2021-05-25
申请号:US16111230
申请日:2018-08-24
Applicant: HUAWEI TECHNOLOGIES CO., LTD.
Abstract: A method for trusted measurement of a cloud computing platform includes: generating, by a third-party management and audit system, an audit report based on a current running indicator, signed by using a digital certificate, of a software and a running security indicator of the software, where the audit report indicates trustworthiness of a cloud computing platform. In this way, a process of trusted measurement of the cloud computing platform is open and transparent, so that authenticity of trusted measurement of the cloud computing platform is improved, thereby increasing a user's trust in the cloud computing platform.
-
公开(公告)号:US20150256341A1
公开(公告)日:2015-09-10
申请号:US14720245
申请日:2015-05-22
Applicant: Huawei Technologies Co., Ltd.
CPC classification number: H04L9/321 , G06F9/45533 , G06F21/31 , G06F21/53 , G06F21/57 , H04L9/30 , H04L9/3234 , H04L41/0803 , H04L63/00 , H04L63/0442 , H04L63/08
Abstract: A security control platform receives a virtual machine starting request message that is from user equipment and forwarded by a management platform, where the virtual machine starting request message includes an identifier of a virtual machine that needs to be enabled and user information; invokes a third-party trusted platform to determine that the virtual machine starting request message is initiated by the user equipment according to an instruction of an authorized user; and performs authentication on the user information, and based on successful authentication, invokes the third-party trusted platform to decapsulate the virtual machine that needs to be enabled. It is ensured that other user equipment (including the management platform) cannot obtain a key of the third-party trusted platform, which enhances security of management control on the virtual machine, and thereby enhances security of a cloud computing platform.
Abstract translation: 安全控制平台从用户设备接收虚拟机启动请求消息并由管理平台转发,其中虚拟机启动请求消息包括需要启用的虚拟机的标识符和用户信息; 调用第三方可信平台,以确定虚拟机启动请求消息是由用户设备根据授权用户的指令发起的; 并对用户信息执行认证,并且基于成功认证,调用第三方可信平台来解封装需要启用的虚拟机。 确保其他用户设备(包括管理平台)无法获取第三方可信平台的密钥,从而增强了虚拟机管理控制的安全性,从而提高了云计算平台的安全性。
-
公开(公告)号:US20140380057A1
公开(公告)日:2014-12-25
申请号:US14484355
申请日:2014-09-12
Applicant: Huawei Technologies Co., Ltd.
CPC classification number: H04L63/062 , G06F21/57 , H04L9/0877 , H04L63/0428 , H04L63/083 , H04L2463/062
Abstract: A method, a server, a host, and a system for protecting data security. A server generates a cloud feature value that uniquely corresponds to the server, binds a data encryption key required by the host to generate data encryption key ciphertext, and then transmits the data encryption key ciphertext and the cloud feature value to the host; and the host decrypts the ciphertext using the cloud feature value to obtain a data encryption key to be allocated to a user, so that security protection on user data is performed based on the cloud feature value, thereby improving data security.
Abstract translation: 用于保护数据安全性的方法,服务器,主机和系统。 服务器生成与服务器唯一对应的云特征值,绑定主机所需的数据加密密钥,生成数据加密密钥密文,然后将数据加密密钥密文和云特征值发送给主机; 并且主机使用云特征值解密密文以获得要分配给用户的数据加密密钥,从而基于云特征值执行对用户数据的安全保护,从而提高数据安全性。
-
-
-
-
-
-
Search Results
7
records
(took 0.015 seconds)
