METHOD FOR ENABLING SIMULTANEOUS CONTROL OF A PLURALITY OF TPMs AND RELATED COMPONENTS

US 20170249464A1
Filed: 05/28/2015
Published: 08/31/2017
Est. Priority Date: 05/28/2015
Status: Abandoned Application

First Claim

Patent Images

1. A method, performed in a trusted computing component, for enabling simultaneous control of a plurality of trusted platform, modules (TPMs), the plurality of TPMs comprising a first TPM and a second TPM, the method comprising:

obtaining from an application program an interface instance reference to an interface instance associated with the first TPM;

obtaining from the application program an application request, the application request comprising application request parameters and/or a function to be requested to the first TPM, the application request parameters comprising setup parameters indicative of the first TPM;

determining (S3) a type of the obtained application request, the type comprising a context initialization request or a function request;

when it is determined that the type of the obtained application request corresponds to a context initialization request,obtaining (S4) an instance context of the interface instance indicated by the interface instance reference and a trusted computing component context associated with the application program; and

transmitting (S5) the instance context and the trusted computing component context to the application program;

when it is determined that the type of the obtained application request corresponds to a function request,requesting (S6), via the interface instance, the first TPM to perform the function, and/or computing an application response based on the application request parameters; and

transmitting (S7) the application response to the application program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure provides a method for enabling or supporting simultaneous control of a plurality of TPMs. The plurality of TPMs comprises a first TPM and a second TPM. The method comprises obtaining from an application program an interface instance reference to an interface instance associated with the first TPM. The method comprises obtaining from the application program an application request. The application request comprises application request parameters and/or a function to be requested to the first TPM. The application request parameters comprise setup parameters indicative of the first TPM. The method comprises determining a type of the obtained application request. The type comprises a context initialization request or a function request. When it is determined that the type of the obtained application request corresponds to a context initialization request, the method comprises obtaining an instance context of the interface instance indicated by the interface instance reference and a trusted computing component, TCC, context associated with the application program; and transmitting the instance context and the trusted computing component context to the application program. When it is determined that the type of the obtained application request corresponds to a function request, the method comprises requesting, via the interface instance, the first TPM to perform the function, and/or computing an application response based on the application request parameters. The method comprises transmitting the application response to the application program.

35 Citations

View as Search Results

32 Claims

1. A method, performed in a trusted computing component, for enabling simultaneous control of a plurality of trusted platform, modules (TPMs), the plurality of TPMs comprising a first TPM and a second TPM, the method comprising:
- obtaining from an application program an interface instance reference to an interface instance associated with the first TPM;
  
  obtaining from the application program an application request, the application request comprising application request parameters and/or a function to be requested to the first TPM, the application request parameters comprising setup parameters indicative of the first TPM;
  
  determining (S3) a type of the obtained application request, the type comprising a context initialization request or a function request;
  
  when it is determined that the type of the obtained application request corresponds to a context initialization request,obtaining (S4) an instance context of the interface instance indicated by the interface instance reference and a trusted computing component context associated with the application program; and
  
  transmitting (S5) the instance context and the trusted computing component context to the application program;
  
  when it is determined that the type of the obtained application request corresponds to a function request,requesting (S6), via the interface instance, the first TPM to perform the function, and/or computing an application response based on the application request parameters; and
  
  transmitting (S7) the application response to the application program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method according to claim 1, wherein obtaining the instance context comprises requesting an instance context from the interface instance using the setup parameters, and obtaining the requested instance context from the interface instance.
  - 3. The method according to claim 1, wherein the application request parameters further comprise initialization parameters, and wherein obtaining a trusted computing component context comprises generating the trusted computing component (TCC) context based on the initialization parameters.
  - 4. The method according to claim 1, wherein the context initialization request comprises a first context initialization request for the TCC initialization and a second context initialization request for the interface instance initialization, and wherein the first context initialization request comprises the initialization parameters and the second context initialization request comprises the setup parameters, and wherein obtaining the application request comprises obtaining the first context initialization request from the application program, and then obtaining the second context initialization request from the application program.
  - 5. The method according to claim 4, wherein obtaining a trusted computing device context comprises generating the trusted computing device context based on the first context initialization request.
  - 6. The method according to claim 4, wherein obtaining the instance context comprises requesting an instance context from the interface instance based on the second context initialization request, and obtaining the instance context from the interface instance.
  - 7. The method according to claim 1, wherein requesting, via the interface instance, the first TPM to perform the function comprises sending one or more commands to the first TPM via the component interface operatively connected to the interface instance indicated by the obtained interface instance reference;
    - obtaining a command response; and
      
      computing the application response based on the command response, the instance context, and/or on the TCC context.
  - 8. The method according to claim 7, wherein sending one or more commands to the first TPM comprises sending to the interface instance the corresponding interface instance context when it is determined that the obtained application request is the function request.
  - 9. The method according claim 1, wherein when it is determined that the obtained application request is the function request, the application request further comprises an instance context indicative of the corresponding first TPM and the trusted computing component context associated with the application program.
  - 10. The method according to claim 1, the method further comprising combining the instance context, the trusted computing component context and the interface instance reference into one single application context.
  - 11. The method according to claim 1, wherein the application response comprises the instance context, and/or the trusted computing component context.
  - 12. The method according to claim 1, the method further comprising communicating a function request to the first TPM via a driver module associated to each one of the plurality TPMs, associated to a selected type of TPMs, and/or associated to a group comprising various types of TPMs.
  - 13. The method according to claim 1, the method further comprising obtaining from an application program an additional interface instance reference to an additional interface instance associated with the second TPM;
    - and obtaining from the application program an additional application request, the additional application request comprising parameters indicative of the second TPM and/or a function to be performed on the second TPM; and
      
      performing the steps to towards the second TPM.
  - 14. The method according to claim 1, wherein the second TPM is accessed by the application program and/or by a plurality of application programs at the same time as the first TPM.
  - 15. The method according to claim 1, wherein the plurality of TPMs comprises one or more types of TPMs.
  - 16. The method according to claim 1, wherein the type of TPMs comprises a physical TPM, a remote TPM, an emulated TPM, and/or a virtual TPM.

17. A method, performed in an interfacing component, for enabling simultaneous access to a plurality of trusted platform modules (TPMs), the plurality of TPMs comprising a first TPM and a second TPM, the method comprising:
- receiving from a trusted computing component a request to connect to the first TPM;
  
  invoking an interface instance associated with the first TPM;
  
  obtaining an instance context corresponding to the invoked interface instance;
  
  receiving a command from a trusted computing component, the command comprising a function;
  
  requesting the first TPM to execute the function by transmitting the command to the first TPM;
  
  receiving a command response from the first TPM; and
  
  transmitting the command response to the trusted computing component.
- View Dependent Claims (18, 19)
- - 18. The method according to claim 17, the method further comprising receiving a context initialization request for the interface instance initialization;
    - and initializing the invoked interface instance according to parameters comprised in the context initialization request.
  - 19. The method according to claim 17, wherein requesting comprises requesting via a driver module the first TPM to execute the function.

20. A trusted computing component comprising:
- a processor;
  
  a memory; and
  
  a component interface operatively connected to an application program and to at least one of a plurality trusted platform modules (TPMs) using an interface instance, the plurality of TPMs comprising a first TPM and a second TPM;
  
  wherein the trusted computing component is configured to;
  
  obtain from the application program an interface instance reference to the interface instance associated with the first TPM;
  
  obtain an application request from the application program, the application request comprising application request parameters and/or a function to be requested to the first TPM, the application request parameters comprising setup parameters indicative of the first TPM;
  
  determine whether the obtained application request is a context initialization request or a function request;
  
  when it is determined that the obtained application request is the context initialization request,obtain an instance context of the interface instance indicated by the interface instance reference and a trusted computing component context associated with the application program; and
  
  transmit the instance context and the trusted computing component context to the application program;
  
  when it is determined that the obtained application request is the function request,request, via the interface instance, the first TPM to perform the function, and/or compute an application response based on the application request parameters; and
  
  transmit the application response to the application program.
- View Dependent Claims (21, 22, 23, 27, 28)
- - 21. The trusted computing component according to claim 20, wherein the trusted computing component is configured to obtain the instance context by requesting an instance context from the interface instance using the setup parameters, and obtaining the requested instance context from the interface instance.
  - 22. The trusted computing component according to claim 20, wherein the application request parameters comprise initialization parameters, and wherein the trusted computing component is configured to obtain the trusted computing component context by generating the trusted computing component context based on the initialization parameters.
  - 23. The trusted computing component according to claim 20, wherein the context initialization request comprise a first context initialization request for the interface instance initialization and a second context initialization request for the trusted computing component initialization, and wherein the first context initialization request comprises the setup parameters and the second context initialization request comprises the initialization parameters, and wherein the trusted computing component is configured to obtain the application request by obtaining the first context initialization request from the application program, and then obtaining the second context initialization request from the application program.
  - 27. A network node comprising a trusted computing component according to claim 20.
  - 28. A user equipment comprising a trusted computing component according to claim 20.

24. An interfacing component comprising:
- a processor;
  
  a memory;
  
  an interface operatively connected to a trusted computing component and to at least one of a plurality of trusted platform modules (TPMs), wherein the interfacing component is configured to;
  
  receive from the trusted computing component a request to connect to the first TPM;
  
  invoke an interface instance associated with the first TPM;
  
  obtain an instance context corresponding to the invoked interface instance;
  
  receive a command from the trusted computing component, the command comprising a function;
  
  request the first TPMs to execute the function, and/or compute a command response; and
  
  transmit the command response to the trusted computing component.
- View Dependent Claims (25, 26, 29, 30)
- - 25. The interface component according to claim 24, wherein the interfacing component is configured to initialize the invoked interface instance according to the setup parameters.
  - 26. The interface component according to claim 24, wherein the interfacing component is configured to request via a driver module the first TPM to execute the function.
  - 29. A network node comprising an interfacing component according to claim 25.
  - 30. A user equipment comprising an interfacing component according to claim 25.

31. A nontransitory computer readable storage medium comprising a computer program product for supporting simultaneous access to a plurality of TPMs, the computer program product comprising program code, that, when executed on a trusted computing component, cause the trusted computing component to perform a method for enabling simultaneous control of a plurality of trusted platform modules (TPMs), the plurality of TPMs comprising a first TPM and a second TPM, the method comprising:
- obtaining from an application program an interface instance reference to an interface instance associated with the first TPM;
  
  obtaining from the application program an application request, the application request comprising application request parameters and/or a function to be requested to the first TPM, the application request parameters comprising setup parameters indicative of the first TPM;
  
  determining a type of the obtained application request, the type comprising a context initialization request or a function request;
  
  when it is determined that the type of the obtained application request corresponds to a context initialization request,obtaining (an instance context of the interface instance indicated by the interface instance reference and a trusted computing component context associated with the application program; and
  
  transmitting the instance context and the trusted computing component context to the application program;
  
  when it is determined that the type of the obtained application request corresponds to a function request,requesting, via the interface instance, the first TPM to perform the function, and/or computing an application response based on the application request parameters; and
  
  transmitting the application response to the application program.

32. A nontransitory computer readable storage medium comprising a computer program product for supporting simultaneous access to a plurality of trusted platform modules (TPMs), the computer program product comprising program code that, when executed on an interfacing component, cause the interfacing component to perform a method for enabling simultaneous access to a plurality of trusted platform modules (TPMs), the plurality of TPMs comprising a first TPM and a second TPM, the method comprising:
- receiving from a trusted computing component a request to connect to the first TPM;
  
  invoking an interface instance associated with the first TPM;
  
  obtaining an instance context corresponding to the invoked interface instance;
  
  receiving a command from a trusted computing component, the command comprising a function;
  
  requesting the first TPM to execute the function by transmitting the command to the first TPM;
  
  receiving a command response from the first TPM; and
  
  transmitting the command response to the trusted computing component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Maximov, Alexander

Application Number

US14/653,259
Publication Number

US 20170249464A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44 Program or device authentic...

G06F 21/57 Certifying or maintaining t...

METHOD FOR ENABLING SIMULTANEOUS CONTROL OF A PLURALITY OF TPMs AND RELATED COMPONENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR ENABLING SIMULTANEOUS CONTROL OF A PLURALITY OF TPMs AND RELATED COMPONENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links