Microsoft Corporation
ATTESTATION SERVICE FOR ENFORCING PAYLOAD SECURITY POLICIES IN A DATA CENTER

Abstract:

Systems and methods for an attestation service associated with a data center are provided. A method includes validating: (1) a first set of measurement logs against a first policy associated with a first cluster of nodes in a data center, and (2) a second set of measurement logs against a second policy, different from the first policy, associated with a second cluster of nodes in the data center. The method further includes upon successful validation: (1) sending a first encrypted package including a first encrypted machine certificate to a certificate authority associated with the data center and (2) sending a second encrypted package including a second encrypted machine certificate to the certificate authority associated with the data center. The method further includes the certificate authority: (1) sending the first encrypted package to the first attestation client and (2) sending the second encrypted package to the second attestation client.