Dynamic creation and hierarchical organization of trusted platform modules

US 20070079120A1
Filed: 10/03/2005
Published: 04/05/2007
Est. Priority Date: 10/03/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer implemented method for the dynamic creation and hierarchical organization of trusted platform modules, the computer implemented method comprising:

creating a trusted platform module domain, wherein a privileged trusted platform module may dynamically create one or more virtual trusted platform modules in the trusted platform module domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

123 Citations

19 Claims

1. A computer implemented method for the dynamic creation and hierarchical organization of trusted platform modules, the computer implemented method comprising:
- creating a trusted platform module domain, wherein a privileged trusted platform module may dynamically create one or more virtual trusted platform modules in the trusted platform module domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer implemented method of claim 1, wherein each virtual trusted platform module is associated with a specific partition of a plurality of partitions, wherein each partition of the plurality of partitions is associated with an individual operating system.
  - 3. The computer implemented method of claim 1, wherein the trusted platform module domain is a dedicated domain.
  - 4. The computer implemented method of claim 3, wherein creating virtual trusted platform modules is implemented as software in the trusted platform module domain.
  - 5. The computer implemented method of claim 1, further comprising:
    - creating an endorsement key associated with each virtual trusted platform module.
  - 6. The computer implemented method of claim 2, wherein virtual machine configuration files determine which virtual trusted platform module is associated with a particular partition.
  - 7. The computer implemented method of claim 1, wherein at least one virtual trusted platform module comprises a privileged trusted platform module which may create other virtual trusted platforms modules;
    - and wherein a virtual trusted platform module comprises a child trusted platform module and wherein either a privileged trusted platform module or a virtual trusted platform module may comprise a parent trusted platform module that may create child trusted platform modules.
  - 8. The computer implemented method of claim 7, wherein a child trusted platform module inherits permissions of a parent trusted platform module.
  - 9. The computer implemented method of claim 7, wherein only an immediately preceding parent trusted platform module may communicate with, delete, set up, or create a child trusted platform module.
  - 10. The computer implemented method of claim 1, further comprising:
    - deleting a virtual trusted platform module.
  - 11. The computer implemented method of claim 10, wherein a virtual trusted platform module may only be deleted if the virtual trusted platform module does not have any child trusted platform modules.
  - 12. The computer implemented method of claim 1, further comprising:
    - setting up a virtual trusted platform module for use.
  - 13. The computer implemented method of claim 12, wherein setting up a virtual trusted platform module for use comprises:
    - sending an array of PCR register indices and hash values of the virtual trusted platform module to a creating trusted platform module, which may either be a virtual trusted platform module or a trusted platform module; and
      
      wherein each hash value of the hash values is used to extend the PCR registers that are referenced through the indices.
  - 14. The computer implemented method of claim 13, further comprising:
    - storing string identifiers and the array of PCR register indices and hash values in the virtual trusted platform module to form stored information, wherein the stored information is made available to an operating system associated with the virtual trusted platform module.
  - 15. The computer implemented method of claim 1, further comprising:
    - routing embedded commands to a virtual trusted platform module.
  - 16. The computer implemented method of claim 1, wherein the trusted platform module certifies a public key part of an endorsement key of a virtual trusted platform module by signing over the endorsement key of the virtual trusted platform module using the trusted platform module'"'"'s own endorsement key, attestation identity key or a general signing key.
  - 17. The computer implemented method of claim 1, further comprising:
    - creating a plurality of threads, wherein the plurality of threads allow concurrent processing of multiple requests received by the trusted platform module.

18. A computer program product comprising a computer usable medium including computer usable program code for the dynamic creation and hierarchical organization of trusted platform modules, said computer program product comprising:
- computer usable program code for creating a trusted platform module domain, wherein a privileged trusted platform module may dynamically create one or more virtual trusted platform modules in the trusted platform module domain.

19. A data processing system for the dynamic creation and hierarchical organization of trusted platform modules, said data processing system comprising:
- a storage device, wherein the storage device stores computer usable program code; and
  
  a processor, wherein the processor executes the computer usable program code to create a trusted platform module domain, wherein a privileged trusted platform module may dynamically create one or more virtual trusted platform modules in the trusted platform module domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Berger, Stefan, Sailer, Reiner, Perez, Ronald, Goldman, Kenneth, Bade, Steven, Van Doorn, Leendert

Application Number

US11/242,673
Publication Number

US 20070079120A1
Time in Patent Office

Days
Field of Search
US Class Current

713/166
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Dynamic creation and hierarchical organization of trusted platform modules

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

123 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic creation and hierarchical organization of trusted platform modules

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links