Validation of inclusion of a platform within a data center
First Claim
Patent Images
1. A platform comprising:
- a private key to validate inclusion of the platform within a data center; and
at least one token to seal the private key to the platform.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a method comprises generating a cryptographic key pair associated with a data center. The method also includes storing a private key of the cryptographic key pair within a platform. The private key is used to sign a value stored in the platform for validation of inclusion of the platform into the data center. In an embodiment, the private key is revoked upon determining that the platform has been compromised. In one embodiment, the private key may be revoked in each of the platforms of the data center.
244 Citations
53 Claims
-
1. A platform comprising:
-
a private key to validate inclusion of the platform within a data center; and at least one token to seal the private key to the platform. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A data center comprising:
-
an administrative unit to generate a cryptographic key pair that includes a private key; and a platform coupled to the administrative unit, the platform comprising a token, wherein the token comprises a private key to validate inclusion of the platform within the data center; a register to store a metric of the platform; and a processing unit to seal the private key based on the metric. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A data center comprising:
a platform comprising a token that includes a processing unit and a register, the register to store a value, wherein the value represents a policy of the platform, the processing unit to generate a cryptographic key pair that includes a private key; a memory to store the private key of the cryptographic key pair; and an administrative unit coupled to the platform, the administrative unit to generate a root key for the data center, to generate a signing key for the data center based on a certification of the root key, to sign the private key of the platform with the signing key of the data center. - View Dependent Claims (15, 16, 17)
-
18. A method comprising:
-
generating a cryptographic key pair associated with a data center; and storing a private key of the cryptographic key pair within a platform, the private key used to sign a value stored in the platform for validation of inclusion of the platform into the data center. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A method comprising:
-
receiving a quote request to validate inclusion of a platform within a data center; retrieving a value associated with a policy of the platform, the value stored in the platform; signing the value using a private key of a cryptographic key pair stored in the platform; and outputting the signed value in response to the quote request. - View Dependent Claims (26, 27, 28, 29)
-
-
30. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
-
generating a quote request to validate inclusion of a platform within a data center; transmitting the quote request to the platform; receiving a response to the quote request, the response including a value stored in the platform that is signed by a private key stored in the platform, wherein the value is associated with a policy of the platform; and validating the inclusion of the platform within the data center based on decryption of the value using a public key that corresponds to the private key. - View Dependent Claims (31, 32, 33, 34, 35)
-
-
36. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
-
generating a root key associated with a data center; generating a signing key based on the root key using a certification of the root key; receiving a request from a platform for inclusion into the data center, the request to include a private key associated with the platform; certifying the private key based on a signature from the signing key associated with the data center; and storing the certification of the private key within the platform, the private key to sign a value stored in the platform for validation of inclusion of the platform within the data center. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
-
43. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
performing the following, upon determining that a platform of a number of platforms of a data center has been compromised, revoking a current cryptographic key pair stored in the number of platforms of the data center; generating a new cryptographic key pair associated with the data center; and storing a new private key of the new cryptographic key pair into the number of platforms that had been compromised. - View Dependent Claims (44, 45, 46, 47, 48)
-
49. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
performing the following, upon determining that a platform of a number of platforms of a data center has been compromised and that a current private key stored in the platform is different from private keys stored in other platforms of the data center, revoking a current cryptographic key pair that includes the current private key; certifying a new private key based on a signature from a signing key associated with the data center; and storing the certification of the new private key within the platform, wherein the new private key is to sign a value stored in the platform for validation of the platform within the data center. - View Dependent Claims (50, 51, 52, 53)
Specification