Automatic pairing of personal devices with peripheral devices
US-2024414789-A1 · Dec 12, 2024 · US
Secure provisioning of operating systems
US12003638B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12003638-B2 |
| Application number | US-202217830575-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 1, 2022 |
| Priority date | Feb 12, 2016 |
| Publication date | Jun 4, 2024 |
| Grant date | Jun 4, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, media, and systems for secure provisioning of servers within a cloud computing environment are provided for herein. In some embodiments, a management service can delegate provisioning of a server of the cloud computing environment to an imaging service. In response, the imaging service can generate an operating system image for the server and can utilize disk encryption to protect to operating system image. In embodiments, a volume encryption key of the disk encryption can be encrypted utilizing a public key of a trusted platform manager of the server, to produce an encrypted volume encryption key that is protected by the trusted platform module of the server. The encrypted operating system image and the encrypted volume encryption key can then be transmitted to the server to cause the server to be provisioned with the operating system image. Other embodiments may be described and/or claimed herein.
First claim
Opening claim text (preview).
What is claimed is: 1. A computerized system comprising: one or more computer processors; and computer memory storing computer-useable instructions that, when used by the one or more computer processors, cause the one or more computer processors to perform operations comprising: communicating, from a server in a current physical location, a request to securely provision an operating system for the server, the server having a hardware encryption module associated with a public key that is stored in a key database prior to deployment of the server to the current physical location, the public key is associated with authenticating the server in establishing a secure remote communication session, the server is configured to perform provisioning operations using a delegated imaging service, the key database and the delegated imaging service are remote from the current physical location associated with the server, wherein the request causes authentication of the server using the public key associated with the hardware encryption module and identification of the delegated imaging service to provision the server with an updated operating system image; based on authentication of the server, receiving, at the server, an indication from a datacenter manager that the server is to provision itself with the updated operating system image via the provisioning operations associated with the delegated imaging service that encrypts the updated operating system image utilizing an encryption key; and causing the server to be provisioned using the updated operating system. 2. The system of claim 1 , wherein causing the server to be provisioned is based on: creating a partition on a local disk for an updated operating system volume; applying disk encryption to the updated operating system volume; generating an updated operating system image into the updated operating system volume; and moving the updated operating system image to an operating system volume in which a current operating system of the server resides, to cause the server to be provisioned with the updated operating system. 3. The system of claim 2 , wherein moving the updated operating system image to the operating system volume is based on performing a bitwise copy of the operating system image into the operating system volume in which the current operating system of the server resides. 4. The system of claim 2 , wherein moving the updated operating system image to the operating system volume is based on: setting a marker file indicating a location of the updated operating system image on local storage of the server; rebooting the server to cause the server to transfer control to a maintenance operating system of the server; upon rebooting, initiating a maintenance operating system of the server; and causing the maintenance operating system to copy the contents of the location indicated by the marker file into the operating system volume in which the current operating system resides. 5. The system of claim 2 , the operations further comprising: determining whether the partition for the updated operating system image is equal in size to the operating system volume in which the current operating system resides; and in response to determining that the updated operating system image is different in size to the operating system volume in which the current operating system resides, reformatting the local storage to create an operating system volume on the local storage that is equal in size to the partition for the updated operating system image. 6. The system of claim 2 , the operations further comprising: sealing a volume encryption key associated with the disk encryption based on selected platform control register values for a current state of the server. 7. The system of claim 1 , wherein the public key is retrievable from the key database in which the public key was stored prior to deployment of the server to the current physical location; and wherein the server is associated with the delegated imaging service that is delegated for provisioning the server. 8. One or more computer-storage media having computer-executable instructions embodied thereon that, when executed by a computing system having a processor and memory, cause the processor to perform operations comprising: communicating, from a server in a current physical location, a request to securely provision an operating system for the server, the server having a hardware encryption module associated with a public key that is stored in a key database prior to deployment of the server to the current physical location, the public key is associated with authenticating the server in establishing a secure remote communication session, the server is configured to perform provisioning operations using a delegated imaging service, the key database and the delegated imaging service are remote from the current physical location associated with the server, wherein the request causes authentication of the server using the public key associated with the hardware encryption module and identification of the delegated imaging service to provision the server with an updated operating system image; based on authentication of the server, receiving, at the server, an indication from a datacenter manager that the server is to provision itself with an updated operating system image via the provisioning operations associated with the delegated imaging service that encrypts the updated operating system image utilizing an encryption key; and causing the server to be provisioned using the updated operating system. 9. The media of claim 8 , wherein causing the server to be provisioned is based on: creating a partition on a local disk for an updated operating system volume; applying disk encryption to the updated operating system volume; generating an updated operating system image into the updated operating system volume; and moving the updated operating system image to an operating system volume in which a current operating system of the server resides, to cause the server to be provisioned with the updated operating system. 10. The media of claim 9 , wherein moving the updated operating system image to the operating system volume is based on performing a bitwise copy of the operating system image into the operating system volume in which the current operating system of the server resides. 11. The media of claim 9 , wherein moving the updated operating system image to the operating system volume is based on: setting a marker file indicating a location of the updated operating system image on local storage of the server; rebooting the server to cause the server to transfer control to a maintenance operating system of the server; upon rebooting, initiating a maintenance operating system of the server; and causing the maintenance operating system to copy the contents of the location indicated by the marker file into the operating system volume in which the current operating system resides. 12. The media of claim 9 , the operations further comprising: determining whether the partition for the updated operating system image is equal in size to the operating system volume in which the current operating system resides; and in response to determining that the updated operating system image is different in size to the operating system volume in which the current operating system resides, reformatting the local storage to create an operating system volume on the local storage that is equal in size to the partition for the updated operating system image. 13. The media of claim 9 , the operations further comprising: sealing a volume encryption key associated
Assignees
Inventors
Classifications
- H04L9/30Primary
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
- G06F8/63Primary
Image based installation; Cloning; Build to order · CPC title
Program or device authentication · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
in cryptographic circuits · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12003638B2 cover?
- Methods, media, and systems for secure provisioning of servers within a cloud computing environment are provided for herein. In some embodiments, a management service can delegate provisioning of a server of the cloud computing environment to an imaging service. In response, the imaging service can generate an operating system image for the server and can utilize disk encryption to protect to o…
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/30. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 04 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).