US 12,437,118 B2
Provisioning secure/encrypted virtual machines in a cloud infrastructure
Guerney D. H. Hunt, Yorktown Heights, NY (US); Dimitrios Pendarakis, Westport, CT (US); Kenneth Alan Goldman, Norwalk, CT (US); Elaine R. Palmer, Hanover, NH (US); and Ramachandra Pai, Beaverton, OR (US)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Dec. 22, 2020, as Appl. No. 17/130,269.
Prior Publication US 2022/0198070 A1, Jun. 23, 2022
Int. Cl. G06F 21/00 (2013.01); G06F 21/31 (2013.01); G06F 21/44 (2013.01); G06F 21/60 (2013.01); G06F 21/74 (2013.01)
CPC G06F 21/74 (2013.01) [G06F 21/31 (2013.01); G06F 21/44 (2013.01); G06F 21/602 (2013.01)] 10 Claims
OG exemplary drawing
 
1. A method for generating a computation such that it will execute in a target trusted execution environment (TEE), comprising:
selecting the target TEE, wherein the target TEE is in a cloud or local infrastructure;
generating, using a Security Module (SM), an authorization that is satisfied by the target TEE, wherein the SM stores a list of previously generated authorizations, wherein the SM is used as part of the cloud or local infrastructure, wherein detailed information about the target TEE is revealed only to the SM, and wherein the SM does not regenerate when an authorization has been previously generated for the target TEE;
associating the authorization with the computation that executes in the target TEE that is authorized, wherein at least a part of the computation is encrypted and encrypting part of the computation includes encrypting information needed to check an integrity of the computation, wherein the authorization restricts the computation to a specific TEE from among a plurality of TEEs;
generating the computation with the associated authorization executable in the target TEE; and
provisioning the computation that is generated.