Secure Public Cloud
US-2018046823-A1 · Feb 15, 2018 · US
Secure domain manager
US10152350B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10152350-B2 |
| Application number | US-201615200820-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 1, 2016 |
| Priority date | Jul 1, 2016 |
| Publication date | Dec 11, 2018 |
| Grant date | Dec 11, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure domain can decrypt the encrypted keys and the device is a virtual machine.
First claim
Opening claim text (preview).
What is claimed is: 1. At least one non-transitory machine readable medium comprising one or more instructions that when executed by at least one processor, causes the at least one processor to: determine that a secure domain has been created on a device in a cloud network, wherein keys are required to access the secure domain, wherein the device is a virtual machine; obtain the keys that are required to access the secure domain from a network element; encrypt the keys and store the encrypted keys on the device; and migrate the secure domain to a target device, wherein copies of unmodified evolved packet core pages are sent to the target device before suspension of the secure domain on the device. 2. The at least one non-transitory machine readable medium of claim 1 , further comprising one or more instructions that when executed by the at least one processor, cause the at least one processor to: ensure that only the secure domain can decrypt the encrypted keys. 3. The at least one non-transitory machine readable medium of claim 1 , further comprising one or more instructions that when executed by the at least one processor, cause the at least one processor to: migrate the secure domain to a target device. 4. The at least one non-transitory machine readable medium of claim 3 , wherein the target device is verified by a platform manager before it can receive the secure domain. 5. The at least one non-transitory machine readable medium of claim 3 , further comprising one or more instructions that when executed by the at least one processor, cause the at least one processor to: create a secure channel of communication between the device and the target device. 6. The at least one non-transitory machine readable medium of claim 1 , further comprising one or more instructions that when executed by the at least one processor, cause the at least one processor to: suspend and migrate the virtual machine that includes the secure domain to the target device, along with the keys to access the secure domain. 7. An apparatus comprising: a secure domain manager; and at least one hardware processor, wherein the secure domain manager is configured to cause the at least one hardware processor to: determine that a secure domain has been created on a device, wherein keys are required to access the secure domain, wherein the device is a virtual machine; obtain the keys that are required to access the secure domain from a network element; encrypt the keys and store the encrypted keys on the device; and migrate the secure domain to a target device, wherein copies of unmodified evolved packet core pages are sent to the target device before suspension of the secure domain on the device. 8. The apparatus of claim 7 , wherein the secure domain manager is further configured to cause the at least one hardware processor to ensure that only the secure domain can decrypt the encrypted keys. 9. The apparatus of claim 7 , wherein the secure domain manager is further configured to cause the at least one hardware processor to verify the target device before it can receive the secure domain. 10. The apparatus of claim 7 , wherein the secure domain manager is further configured to cause the at least one hardware processor to create a secure channel of communication between the device and the target device. 11. A method comprising: determining that a secure domain has been created on a device, wherein keys are required to access the secure domain, wherein the device is a virtual machine; obtaining the keys that are required to access the secure domain from a network element; encrypting the keys; storing the encrypted keys on the device; and migrating the secure domain to a target device, wherein copies of unmodified evolved packet core pages are sent to the target device before suspension of the secure domain on the device. 12. The method of claim 11 , wherein only the secure domain can decrypt the encrypted keys. 13. The method of claim 11 , further comprising: verifying the target device before it can receive the secure domain. 14. The method of claim 11 , further comprising: creating a secure channel of communication between the device and the target device. 15. A system for migrating a secure domain, the system comprising: at least one hardware processor; and a secure domain manager, wherein the secure domain manager is configured to cause the at least one hardware processor to: determine that a secure domain has been created on a device, wherein keys are required to access the secure domain, wherein the device is a virtual machine; obtain the keys that are required to access the secure domain from a network element; encrypt the keys and store the encrypted keys on the device; and migrate the secure domain to a target device, wherein copies of unmodified evolved packet core pages are sent to the target device before suspension of the secure domain on the device. 16. The system of claim 15 , further comprising: a platform manager, wherein the platform manager is configured to cause the at least one hardware processor to verify the target device before it can receive the secure domain. 17. The system of claim 15 , wherein the secure domain manager is further configured to cause at least one hardware processor to: create a secure channel of communication between the device and the target device.
Assignees
Inventors
Classifications
applying encryption of the keys · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) (network architectures or network communication protocols for key distribution in a packet data network H04L63/062) · CPC title
- H04L9/0894Primary
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
for controlling access to devices or network resources · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10152350B2 cover?
- Particular embodiments described herein provide for an electronic device that can be configured to determine that a secure domain has been created on a device, where keys are required to access the secure domain, obtain the keys that are required to access the secure domain from a network element, and encrypt the keys and store the encrypted keys on the device. In an example, only the secure do…
- Who is the assignee on this patent?
- Intel Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0894. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 11 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 9 related publications on this page (citations in our corpus or others sharing the same primary CPC).