公开(公告)号：MY177609A

公开(公告)日：2020-09-22

申请号：MYPI2013004370

申请日：2013-12-04

Applicant: MIMOS BERHAD

Inventor： AAKULA BHAGYALAXMI ,  NORAZAH ABD AZIZ

Abstract: The system (100) of the present invention to secure Virtual Machine images in cloud computing comprising at least one hypervisor with Integrity Measurement Architecture (IMA) (122) embedded with at least one Trusted Platform Module (TPM) Key Manager (TkM) module (150) associated with at least one Trusted Platform Module (160); at least one Cloud Manager (CM) module (120) configured with serial communication function; at least one trusted storage server (170) storing modified Virtual Machine images with sealed key indexed by Virtual Machine Universally Unique Identifier (UUID); and at least one Serial Guest Control interface (130) embedded in kernel module configured with serial communication function and interface to said Cloud Manager (CM) module (120). The general methodology of the present invention comprises steps of configuring a server with at least one Cloud Manager (CM) module and at least one Trusted Platform Module (TPM) Key Manager (TkM) module (150) associated with at least one Trusted Platform Module (160) by creating new Virtual Machines in the cloud (202); generating Trusted Platform Module (TPM) Key for Virtual Machine (206); installing and compiling Virtual Machines with new module containing encrypted static object of kernel module with said symmetric key (208); sealing said symmetric key of the Virtual Machine associated with Trusted Platform Module (TPM) with Virtual Machine Universally Unique Identifier (UUID) (210, 212); storing said sealed key and modified Virtual Machine images indexed with Virtual Machine Universally Unique Identifier (UUID) into a trusted storage server (214); and accessing said Virtual Machines by decrypting said static object of kernel module using stored unseal symmetric key during booting process (216). The distinctiveness lies in the utilization of embedded new module comprising static object encryption module and built-in serial communication in the kernel of Virtual Machine (VM) images to provide a system and method to protect Virtual Machine (VM) images from running in different cloud providers.

公开(公告)号：MY166563A

公开(公告)日：2018-07-16

申请号：MYPI2012003999

申请日：2012-09-07

Applicant: MIMOS BERHAD

Inventor： NORAZAH ABD AZIZ ,  AAKULA BHAGYALAXMI ,  KILAUSURIA ABDULLAH

IPC: G06F21/57 ,  H04L9/30

Abstract: MUTUAL TRUSTED AUTHENTICATION AND IDENTITY ENCRYPTION IS PROVIDED BY UTILIZING TRANSPORT LAYER SECURITY EXTENSION WITH PROPERTIES BASED ATTESTATION MECHANISM. THE SYSTEM OF THE PRESENT INVENTION COMPRISING A SERVER PLATFORM (104) INSTALLED WITH AN INTEGRITY MEASUREMENT ARCHITECTURE (IMA) MODULE (104B); A TRUSTED AUTHORITY MODULE (TA) (104D) ASSOCIATED WITH A SERVER PLATFORM)104); AN INTEGRITY PROPERTIES COLLECTION MODULE (IPCM) (104E) IN COMMUNICATION WITH THE TRUSTED AUTHORITY MODULE (TA) (104D); A CLIENT PLATFORM (102) THAT IS IN COMMUNICATION WITH AND REGISTRABLE TO THE SERVER PLATFORM (104); A TRANSPORT LAYER SECURITY EXTENSION MODULE (TLS EXTENSION MODULE) (104A, 102C) ASSOCIATED WITH THE SERVER PLATFORM (104) AND THE CLIENT PLATFORM (102); AND A TRUSTED PLATFORM MODULE (TPM) (102B, 104C) ASSOCIATED WITH THE SERVER PLATFORM (104) AND SAID CLIENT PLATFORM (102). THE GENERAL PROCESS OF THE PRESENT INVENTION COMPRISES THREE MAIN COMPONENTS, WHEREIN THE FIRST STAGE (402) ESTABLISHES THE SECURITY AND INTEGRITY OF THE SERVER PLATFORM. AFTER THE ESTABLISHMENT OF PROCESS (402), THE NEXT STEP IS TO ESTABLISH IDENTITY ENCRYPTION IN THE SSL/TLS EXTENSION AND ESTABLISH PROPERTY-BASED ATTESTATION INTEGRATED WITH THE TRUSTED AUTHORITY (TA) IN THE SERVER PLATFORM (404). UPON COMPLETION OF THE PROCESSES OF ESTABLISHMENT, COMMUNICATION IS PERFORMED WITH SECURE DATA TRANSMISSION USING MUTUAL TRUSTED IDENTITY ENCRYPTION BETWEEN CLIENT AND SERVER (406) WHEREIN A HANDSHAKE PROTOCOL IS ESTABLISHED TO PRIORITISE EXCHANGE OF THE CERTIFICATES AND KEYS TO ENSURE THE AUTHENTICATION AND ENCRYPTION OF DATA (704). THE MOST ILLUSTRATIVE DRAWING IS