Associating a multi-context trusted platform module with distributed platforms

US 20070300069A1
Filed: 06/26/2006
Published: 12/27/2007
Est. Priority Date: 06/26/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

creating an instance of a virtual trusted platform module (TPM) in a manager platform; and

associating the instance of the virtual TPM with a managed platform coupled to the manager platform.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the present invention includes a method for creating an instance of a virtual trusted platform module (TPM) in a central platform and associating the instance with a managed platform coupled to the central platform. Multiple such vTPM'"'"'s may be instantiated, each associated with a different managed platform coupled to the central platform. The instances may all be maintained on the central platform, improving security. Other embodiments are described and claimed.

122 Citations

View as Search Results

28 Claims

1. A method comprising:
- creating an instance of a virtual trusted platform module (TPM) in a manager platform; and
  
  associating the instance of the virtual TPM with a managed platform coupled to the manager platform.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising authenticating the managed platform before associating the instance of the virtual TPM with the managed platform.
  - 3. The method of claim 2, wherein authenticating the managed platform comprises establishing a secure channel between the managed platform and the manager platform.
  - 4. The method of claim 1, further comprising maintaining an instance of the virtual TPM on the manager platform for each of a plurality of managed platforms.
  - 5. The method of claim 1, further comprising receiving a request for a secure operation destined to the instance of the virtual TPM from the managed platform.
  - 6. The method of claim 5, further comprising handling the request on the manager platform.
  - 7. The method of claim 5, further comprising handling the request on the instance of the virtual TPM on the manager platform.

8. An apparatus comprising:
- a manager device to create instances of a virtual trusted platform module (TPM) and associate each of the instances with corresponding managed platforms coupled to the manager device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The apparatus of claim 8, wherein the manager device comprises a server including at least one hardware TPM.
  - 10. The apparatus of claim 9, wherein the manager device is to maintain the instances of the virtual TPM on the manager device.
  - 11. The apparatus of claim 9, wherein the managed platforms comprise servers of a server center.
  - 12. The apparatus of claim 8, further comprising secure channels to couple the managed platforms to the manager device.
  - 13. The apparatus of claim 8, further comprising a platform center manager coupled to the manager device to manage the managed platforms.
  - 14. The apparatus of claim 13, wherein the platform center manager is to instruct the manager device to migrate an instance of the virtual TPM from a first managed platform to a second managed platform based on load information.
  - 15. The apparatus of claim 8, wherein the corresponding instance of the virtual TPM is to process a request for a secure operation from a managed platform.
  - 16. The apparatus of claim 15, wherein the corresponding instance of the virtual TPM is to transmit the request to the manager device for processing.
  - 17. The apparatus of claim 8, wherein the manager device is to migrate association of an instance of the virtual TPM from a first managed platform to a second managed platform, wherein the instance is maintained on the manager device.

18. An article comprising a machine-accessible medium including instructions that when executed cause a system to:
- instantiate a first virtual security coprocessor in a central location; and
  
  associate the first virtual security coprocessor with a first managed platform coupled to the central location responsive to a request from the first managed platform, wherein the first virtual security coprocessor is to remain in the central location.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The article of claim 18, further comprising instructions that when executed cause the system to migrate the first virtual security coprocessor to a second managed platform coupled to the central location responsive to a management command from a platform manager.
  - 20. The article of claim 19, further comprising instructions that when executed cause the system to migrate the first virtual security coprocessor via modification of a logical binding to associate the first virtual security coprocessor with the second managed platform.
  - 21. The article of claim 19, further comprising instructions that when executed cause the system to migrate the first virtual security coprocessor without re-authentication of the first virtual security coprocessor.
  - 22. The article of claim 18, further comprising instructions that when executed cause the system to receive a request for a secure operation from the first managed platform and perform the secure operation using the first virtual security coprocessor in the central location.
  - 23. The article of claim 22, further comprising instructions that when executed cause the system to perform the secure operation using the central location responsive to a request from the first virtual security coprocessor.
  - 24. The article of claim 18, further comprising instructions that when executed cause the system to instantiate a plurality of virtual security coprocessors in the central location and to associate each of the plurality of virtual security coprocessors with a corresponding one of a plurality of managed platforms coupled to the central location.

25. A system comprising:
- a plurality of managed platforms each having at least one hardware resource to be used in a virtualized environment; and
  
  a management platform coupled to the plurality of managed platforms to create instances of a virtual security module and associate each of the instances with a corresponding one of the plurality of managed platforms.
- View Dependent Claims (26, 27, 28)
- - 26. The system of claim 25, wherein the management platform is to maintain the instances of the virtual security module on the management platform.
  - 27. The system of claim 25, further comprising a platform manager coupled to the management platform, when the platform manager is to instruct the management platform to migrate an instance of the virtual security module from a first managed platform to a second managed platform based on load information, wherein the instance is maintained on the management platform.
  - 28. The system of claim 25, wherein the management platform is to transmit a request for a secure operation received from one of the plurality of managed platforms to the corresponding instance of the virtual security module for processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Rozas, Carlos V.

Granted Patent

US 8,108,668 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2129   Authenticate client device ...

G06F 2221/2145   Inheriting rights or proper...

Associating a multi-context trusted platform module with distributed platforms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

122 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Associating a multi-context trusted platform module with distributed platforms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

122 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links