Verifying a geographic location of a virtual disk image executing at a data center server within a data center

摘要

A method to verify a geographic location of a virtual disk image executing at a data center server within a data center. One embodiment includes a cryptoprocessor proximate the data center server, a hypervisor configured to send a disk image hash value of the virtual disk image, a digital certificate issued to the cryptoprocessor, an endorsement key to a data center tenant and a location provider. The method includes sending a disk image hash value of the virtual disk image, an endorsement key unique to a cryptoprocessor proximate the data center server to a data center tenant, and a digital certificate to a data center tenant. Next, the location provider sends the geographic location of the cryptoprocessor matching the endorsement key to the data center tenant.

主权项

1. A method to verify a geographic location of a virtual disk image executing at a data center server within a data center, the method comprising:
receiving the virtual disk image from a data center tenant for execution at the data center; sending a disk image hash value of the virtual disk image signed by an endorsement key unique to a cryptoprocessor within the data center server to the data center tenant, a public half of the endorsement key, and a digital certificate certifying the public half of the endorsement key to the data center tenant, private half of the endorsement key is stored in the cryptoprocessor and is unique to the cryptoprocessor; and sending the geographic location of the cryptoprocessor matching the public half of the endorsement key to the data center tenant by a location provider within the data center.