vHSM CLI System

If you want to be sure a computer program is the correct one and hasn't been secretly changed. You would require a special lock and key to do this check. But today, each company that makes computer parts or cloud service providers such as Amazon, Microsoft, and Google use a unique method for this check. These methods are called attestation protocols. So, there are many different ways that these checks can be done. Because there isn't one standard way that works everywhere, if you move your program to a different cloud provider, it will need a completely different way to prove that it is safe and real.

vHSM CLI system is a special helper program. It acts like a translator or adapter between your program and the specific security system of the computer or cloud it is running on. It handles all these different types of locks and keys so your program doesn't have to worry about which one it's dealing with. Irrespective of the underlying platform and attestation technology, it implements the protocol variants and issues a certificate is in JSON format. For more information, see attestation examples. Workload certificate is essentially a digital identity card issued to a computer program after it has successfully proven its authenticity and integrity through the attestation process. It provides the following:

1. Proof of Identity: It confirms that the program is indeed the one it claims to be.

2. Proof of Integrity: It verifies that the program hasn't been tampered with or modified since it was launched.

3. Issued after Attestation: You get this certificate after the attestation process of checking the digital health and verifying the identity is successfully completed.

4. Contains verified information: The JSON format contains key information about the verified workload, such as its unique ID, name, associated policy, and perhaps other details confirming its state.

It is a temporary access badge you get after passing a security check. It tells other parts of the system that this specific workload has been verified and is trustworthy enough to proceed or access certain resources according to its policy.

Components of vHSM CLI System

The vHSM CLI System consists of the following:

• Platform Libraries: These are like the hands and fingers that interact directly with the computer's built-in security chip.

• Attestation Providers: These are the "translators" for each specific cloud or computer type. They know the unique steps and formats for each one. So, there's one provider for Microsoft's system, one for AMD's system, and others.

• Service Providers: These parts help your program get important secrets it needs to run such as login details or secret keys, but only after vHSM CLI has verified that your program is legitimate.

Architecture of vHSM CLI System

In short vHSM CLI is a helpful tool that understands all these different methods and provides a simple, standard identity card or workload certificate for your program, no matter where it runs. It also helps securely give secrets to your verified program.

This architecture ensures that sensitive operations are performed securely while maintaining flexibility and compatibility across different environments.