CN118414806B - 用于云基础设施系统中计算节点授权的边缘证明的方法、系统和非暂态计算机可读介质 - Google Patents

用于云基础设施系统中计算节点授权的边缘证明的方法、系统和非暂态计算机可读介质 Download PDF

Info

Publication number
CN118414806B
CN118414806B CN202280083482.4A CN202280083482A CN118414806B CN 118414806 B CN118414806 B CN 118414806B CN 202280083482 A CN202280083482 A CN 202280083482A CN 118414806 B CN118414806 B CN 118414806B
Authority
CN
China
Prior art keywords
host node
request
node
endorsement key
state data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202280083482.4A
Other languages
English (en)
Chinese (zh)
Other versions
CN118414806A (zh
Inventor
B·S·佩恩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oracle International Corp
Original Assignee
Oracle International Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oracle International Corp filed Critical Oracle International Corp
Publication of CN118414806A publication Critical patent/CN118414806A/zh
Application granted granted Critical
Publication of CN118414806B publication Critical patent/CN118414806B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4416Network booting; Remote initial program loading [RIPL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)
CN202280083482.4A 2021-11-10 2022-10-05 用于云基础设施系统中计算节点授权的边缘证明的方法、系统和非暂态计算机可读介质 Active CN118414806B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US17/523,789 2021-11-10
US17/523,789 US11863561B2 (en) 2021-11-10 2021-11-10 Edge attestation for authorization of a computing node in a cloud infrastructure system
PCT/US2022/077605 WO2023086712A1 (en) 2021-11-10 2022-10-05 Edge attestation for authorization of a computing node in a cloud infrastructure system

Publications (2)

Publication Number Publication Date
CN118414806A CN118414806A (zh) 2024-07-30
CN118414806B true CN118414806B (zh) 2025-04-25

Family

ID=84329493

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202280083482.4A Active CN118414806B (zh) 2021-11-10 2022-10-05 用于云基础设施系统中计算节点授权的边缘证明的方法、系统和非暂态计算机可读介质

Country Status (5)

Country Link
US (1) US11863561B2 (https=)
EP (1) EP4430803B1 (https=)
JP (1) JP2024546424A (https=)
CN (1) CN118414806B (https=)
WO (1) WO2023086712A1 (https=)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023104305A1 (en) * 2021-12-08 2023-06-15 Telefonaktiebolaget Lm Ericsson (Publ) Single to multiple device resource negotiation
US11917083B2 (en) * 2021-12-15 2024-02-27 VMware LLC Automated methods and systems for performing host attestation using a smart network interface controller

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108781227A (zh) * 2016-03-07 2018-11-09 思杰系统有限公司 在不可信云网络上的加密口令传输

Family Cites Families (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4677588A (en) * 1983-11-14 1987-06-30 International Business Machines Corp. Network interconnection without integration
JPS6373388A (ja) * 1986-09-16 1988-04-02 Fujitsu Ltd 複数サ−ビス用icカ−ドの領域獲得方式
US6263446B1 (en) * 1997-12-23 2001-07-17 Arcot Systems, Inc. Method and apparatus for secure distribution of authentication credentials to roaming users
FI105753B (fi) * 1997-12-31 2000-09-29 Ssh Comm Security Oy Pakettien autentisointimenetelmä verkko-osoitemuutosten ja protokollamuunnosten läsnäollessa
US6823454B1 (en) * 1999-11-08 2004-11-23 International Business Machines Corporation Using device certificates to authenticate servers before automatic address assignment
US7200863B2 (en) * 2000-05-16 2007-04-03 Hoshiko Llc System and method for serving content over a wide area network
US20020194483A1 (en) * 2001-02-25 2002-12-19 Storymail, Inc. System and method for authorization of access to a resource
WO2002014991A2 (en) * 2000-08-11 2002-02-21 Incanta, Inc. Resource distribution in network environment
EP1283464A1 (en) * 2001-08-06 2003-02-12 Hewlett-Packard Company A boot process for a computer, a boot ROM and a computer having a boot ROM
US20030097553A1 (en) * 2001-09-29 2003-05-22 Frye James F. PXE server appliance
US7210169B2 (en) 2002-08-20 2007-04-24 Intel Corporation Originator authentication using platform attestation
US7340508B1 (en) * 2002-09-18 2008-03-04 Open Invention Network, Llc Exposing process flows and choreography controllers as web services
US20040053602A1 (en) * 2002-09-18 2004-03-18 Wurzburg Francis L. Low-cost interoperable wireless multi-application and messaging service
US7519834B1 (en) * 2003-01-24 2009-04-14 Nortel Networks Limited Scalable method and apparatus for transforming packets to enable secure communication between two stations
KR101254209B1 (ko) * 2004-03-22 2013-04-23 삼성전자주식회사 디바이스와 휴대용 저장장치간에 권리 객체를 이동,복사하는 방법 및 장치
JP3897041B2 (ja) * 2004-11-18 2007-03-22 コニカミノルタビジネステクノロジーズ株式会社 画像形成システムおよび画像形成装置
US20060212407A1 (en) * 2005-03-17 2006-09-21 Lyon Dennis B User authentication and secure transaction system
US7788484B2 (en) * 2005-11-30 2010-08-31 Microsoft Corporation Using hierarchical identity based cryptography for authenticating outbound mail
WO2008004525A1 (en) * 2006-07-03 2008-01-10 Panasonic Corporation Information processing device, information recording device, information processing system, program update method, program, and integrated circuit
US8613103B2 (en) * 2006-07-07 2013-12-17 Sandisk Technologies Inc. Content control method using versatile control structure
GB2458157B (en) * 2008-03-07 2012-04-25 Hewlett Packard Development Co Virtual machine liveness check
US9342835B2 (en) * 2009-10-09 2016-05-17 Visa U.S.A Systems and methods to deliver targeted advertisements to audience
US8910278B2 (en) * 2010-05-18 2014-12-09 Cloudnexa Managing services in a cloud computing environment
US9699158B2 (en) * 2011-09-22 2017-07-04 Russell S. Goodwin Network user identification and authentication
US8800024B2 (en) * 2011-10-17 2014-08-05 Mcafee, Inc. System and method for host-initiated firewall discovery in a network environment
US9130970B2 (en) * 2012-11-26 2015-09-08 Go Daddy Operating Company, LLC Systems for accelerating content delivery via DNS overriding
US9866391B1 (en) * 2013-01-30 2018-01-09 Amazon Technologies, Inc. Permissions based communication
US10963570B2 (en) 2018-12-11 2021-03-30 Verizon Media Inc. Secure boot of remote servers
CN110162992B (zh) * 2019-05-31 2022-06-28 联想(北京)有限公司 数据处理方法、数据处理装置和计算机系统
US11533316B2 (en) * 2019-06-27 2022-12-20 Intel Corporation Information-centric network namespace policy-based content delivery
US11748133B2 (en) 2020-04-23 2023-09-05 Netapp, Inc. Methods and systems for booting virtual machines in the cloud

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108781227A (zh) * 2016-03-07 2018-11-09 思杰系统有限公司 在不可信云网络上的加密口令传输

Also Published As

Publication number Publication date
CN118414806A (zh) 2024-07-30
JP2024546424A (ja) 2024-12-24
US20230144341A1 (en) 2023-05-11
EP4430803B1 (en) 2026-03-04
WO2023086712A1 (en) 2023-05-19
US11863561B2 (en) 2024-01-02
EP4430803A1 (en) 2024-09-18

Similar Documents

Publication Publication Date Title
JP2024509739A (ja) コンテナアプリケーションの最小クラウドサービスアクセス権を自動的に設定する技術
US20240372710A1 (en) Quorum-based authorization
JP7806055B2 (ja) 計算インスタンスの局面を修正するための技術
US20250097223A1 (en) Secure resource access management using stacked resource principal identities
US12526160B2 (en) KMS dedicated HSM design (claiming ownership)
US20240296230A1 (en) Secure Boot Partition For Cloud Compute Nodes
US12470387B2 (en) Workload identity resource principle
CN118414806B (zh) 用于云基础设施系统中计算节点授权的边缘证明的方法、系统和非暂态计算机可读介质
US12137145B1 (en) Nested resource identity management for cloud resources
US20240187232A1 (en) Secured bootstrap with dynamic authorization
CN120981794A (zh) 平台无关的计算实例启动
CN118043787A (zh) 用于域内实体的组合授权
US20260046132A1 (en) Workload identity resource principle
US12375460B2 (en) Secure instance metadata as cryptographic identity
US20250030542A1 (en) Replication of customer keys stored in a virtual vault
US12210400B2 (en) Techniques for performing fault tolerance validation for a data center
US20240346129A1 (en) Authorization brokering
WO2025058663A1 (en) Nested resource identity management for cloud resources
CN119173856A (zh) 远程云函数调用服务
CN118202615A (zh) 多区域登录

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant