The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 24, 2018
Filed:
Jun. 26, 2017
Bracket Computing, Inc., Mountain View, CA (US);
Jason A. Lango, Mountain View, CA (US);
Adam Cain, Eugene, OR (US);
Nitin Bahadur, Santa Clara, CA (US);
John K. Edwards, Sunnyvale, CA (US);
Kevin George, San Jose, CA (US);
William McGovern, San Jose, CA (US);
Andrew G. Tucker, Portola Valley, CA (US);
Bracket Computing, Inc., Mountain View, CA (US);
Abstract
In an approach, a secure boot process includes two phases. In the first phase an on premises device generates a data encryption key (DEK) with which to encrypt an operating system image and a key encryption key (KEK) with which to wrap the DEK. The on-premises device then utilizes a key management service to wrap the KEK with an account root key and writes the wrapped DEK and wrapped KEK onto a label of the encrypted operating system image. The encrypted operating system image is then uploaded to a virtual data center and merged with an intermediary guest manager image. When the encrypted machine image is used to generate a virtual machine instance, the intermediary guest manager utilizes the key management service to unwrap the KEK. The unwrapped KEK is then used to unwrap the wrapped DEK which is then used to launch the encrypted guest operating system.