| CPC H04L 9/3242 (2013.01) [G06F 9/45533 (2013.01); H04L 9/088 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
retrieving, at a first virtual machine, a first composite encrypted value comprising a first encrypted secret (Aα_enc) and a first secure hash value of a first secret (Aα);
decrypting the first encrypted secret (Aα_enc) using a cryptographic key (kα) to determine a second secret (Aα′) to be used for initiating a first process (pα) on the first virtual machine, wherein the cryptographic key (kα) is determined based on a set of properties of the first virtual machine that are mutatable during cloning of the first virtual machine;
generating a second secure hash value of the second secret (Aα′);
comparing the second secure hash value with the first secure hash value to determine whether to authorize execution of the first process on the first virtual machine using the first secret (Aα); and
in response to determining that the second secure hash value and the first secure hash value match, initiating the first process (pα) at the first virtual machine by providing the first secret (Aα) for processing through the first process (pα).
|