US 11,783,081 B2
Secure public cloud
David M. Durham, Beaverton, OR (US); Ravi L. Sahita, Beaverton, OR (US); Barry E. Huntley, Hillsboro, OR (US); and Nikhil M. Deshpande, Beaverton, OR (US)
Assigned to Intel Corporation, Santa Clara, CA (US)
Filed by Intel Corporation, Santa Clara, CA (US)
Filed on Sep. 16, 2020, as Appl. No. 17/22,177.
Application 17/022,177 is a division of application No. 15/293,967, filed on Oct. 14, 2016, granted, now 10,810,321.
Claims priority of provisional application 62/373,627, filed on Aug. 11, 2016.
Prior Publication US 2021/0004483 A1, Jan. 7, 2021
Int. Cl. G06F 21/62 (2013.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01); G06F 21/53 (2013.01); H04L 29/06 (2006.01); H04L 9/40 (2022.01)
CPC G06F 21/6245 (2013.01) [G06F 21/53 (2013.01); H04L 9/08 (2013.01); H04L 9/0894 (2013.01); H04L 9/3236 (2013.01); H04L 63/06 (2013.01)] 20 Claims
OG exemplary drawing
 
1. At least one non-transitory computer-readable medium comprising instructions that, if executed by a processor, enable a computer to:
receive a domain manager image and memory position-dependent address information in response to requesting a service from a cloud services provider, wherein the domain manager image comprises computer code to provide virtual machine monitor (VMM) functionality;
verify the domain manager image;
identify a key domain key to be used to encrypt data stored in a key domain of a key domain-capable server, wherein the key domain comprises a plurality of memory locations of a memory of the key domain-capable server;
use the key domain key and the memory-position dependent address information to encrypt a domain launch image such that the encrypted domain launch image is cryptographically bound to at least one memory location of the key domain;
encrypt the key domain key; and
send the encrypted domain launch image and the encrypted key domain key to the key domain-capable server, to cause a processor of the key domain-capable server to execute an instruction to create the key domain.