公开(公告)号：GB2531770A

公开(公告)日：2016-05-04

申请号：GB201419282

申请日：2014-10-30

Applicant: IBM

Inventor： CEDRIC LICHTENAU ,  ANDREAS KOENIG ,  THOMAS PFLUEGER ,  WILLIAM E HALL ,  ELAINE R PALMER ,  PETER A SANDON

IPC: G06F21/62 ,  G06F11/07 ,  G06F11/14 ,  H04L29/06

Abstract: A public encryption key, associated with a private decryption key, is provided 102 to a security engine of a computer system. The security engine may be separate from the computer systems processor. An extraction key, not accessible outside the security engine, is generated 104. The extraction key is encrypted 106 with the public encryption key, thereby obtaining an encrypted extraction key. State information of the computer system is collected 108, encrypted 110 with the extraction key and stored 112, preferably at a remote storage system. Access is requested 114 by a server to the stored, encrypted, collected state information by requesting the extraction key. In response to the server receiving 116 the extraction key, the stored, encrypted, collected state information is decrypted 118 with the extraction key. Multiple sets of encrypted state information, each having its own extraction key, may be collected and stored, the information perhaps originating from multiple or multi-tenant computer systems. The computer system may be a virtual machine (VM) having an identifier, the collected state information perhaps referring to the hardware system underlying the VM and with each of multiple sets of information comprising information relating only to one VM identifier.