Online trusted platform module
First Claim
1. A system for remote performance of network security functions, comprising:
- an online trusted platform module (TPM) located at a client machine;
at least one application that sends commands to said online TPM; and
a security module in communication with said online TPM and located at a server machine, such that at least one command received by said online TPM from said application is proxied out to said security module for execution.
7 Assignments
0 Petitions
Accused Products
Abstract
An online trusted platform module (TPM) in communication with a security module that can be located elsewhere in the network in a server machine. In an embodiment, the online TPM is connected directly to a network interface card (NIC) that is also resident at the client. This allows the online TPM to communicate directly to the network, and therefore to the security module (without having to deal with the TCP/IP stack at the client machine in some circumstances, e.g., the boot process). In an embodiment, the communications channel between the online TPM and the security module is implemented using the transport layer security (TLS) protocol. A secure boot process is performed in advance of security processing. Typical security processing includes receipt, by the online TPM, of one or more commands from an application. The online TPM then proxies out the commands to the security module. After the security module has completed its processing of the commands, results of the processing and any related status information is returned to the online TPM.
-
Citations
23 Claims
-
1. A system for remote performance of network security functions, comprising:
-
an online trusted platform module (TPM) located at a client machine;
at least one application that sends commands to said online TPM; and
a security module in communication with said online TPM and located at a server machine, such that at least one command received by said online TPM from said application is proxied out to said security module for execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of proxying a command in a network security system, from an online trusted platform module (TPM) in a client machine to a security module at a server machine, comprising the steps of:
-
(a) receiving the command from an application;
(b) sending the command to the security module; and
(c) receiving result and status data from the security module. - View Dependent Claims (19, 20)
-
-
21. The method of step 20, wherein step (d) comprises:
-
(i) executing a block of basic input output system (BIOS) code; and
(ii) performing integrity measurements.
-
- 22. The method of step 21, wherein step (i) comprises retrieval of cryptographic state information from the security module.
Specification