Systems, methods and computer program products for high availability enhancements of virtual security module servers
First Claim
Patent Images
1. In a virtual security appliance system, a command processing method, comprising:
- receiving a command from a Virtual Machine Monitor in an I/O controller of a recipient Virtual Security Appliance in the virtual security appliance system;
determining a load of a crypto engine of the recipient virtual security appliance to assign a master/slave flag, the crypto engine having a master virtual Trusted Platform Module and a slave virtual Trusted Platform Module;
assigning a master/slave flag to the command to identify a command type;
determining the command type in the I/O controller;
in response to a random command type;
sending the command to the master virtual Trusted Platform Module and to the slave virtual Trusted Platform Module;
generating a random number in the master virtual Trusted Platform Module;
sending the random number to the slave virtual Trusted Platform Module;
processing the command in the master virtual Trusted Platform Module and in the slave virtual Trusted Platform Module;
sending the processed command to the I/O controller as output;
in response to a write command type;
sending the command to the master virtual Trusted Platform Module and to the slave virtual Trusted Platform Module;
processing the command in the master virtual Trusted Platform Module and in the slave virtual Trusted Platform Module;
sending the processed command to the I/O controller as outputin response to a read command type;
sending the command to the master virtual Trusted Platform Modulesending the command to the I/O controller as output;
receiving output from the crypto engine; and
returning the output to the Virtual Machine Monitor.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and computer program products for high availability enhancements of virtual security module servers. Exemplary embodiments include a command processing method, including receiving a command from a virtual machine monitor in an I/O controller of a recipient virtual security appliance, determining a load of a crypto engine of the recipient virtual security appliance to assign a master/slave flag, the crypto engine having a master virtual trusted platform module and a slave trusted platform module, assigning a master/slave flag to the command to identify a command type, determining the command type in the I/O controller, receiving output from the crypto engine and returning the output to the virtual machine monitor.
52 Citations
3 Claims
-
1. In a virtual security appliance system, a command processing method, comprising:
-
receiving a command from a Virtual Machine Monitor in an I/O controller of a recipient Virtual Security Appliance in the virtual security appliance system; determining a load of a crypto engine of the recipient virtual security appliance to assign a master/slave flag, the crypto engine having a master virtual Trusted Platform Module and a slave virtual Trusted Platform Module; assigning a master/slave flag to the command to identify a command type; determining the command type in the I/O controller; in response to a random command type; sending the command to the master virtual Trusted Platform Module and to the slave virtual Trusted Platform Module; generating a random number in the master virtual Trusted Platform Module; sending the random number to the slave virtual Trusted Platform Module; processing the command in the master virtual Trusted Platform Module and in the slave virtual Trusted Platform Module; sending the processed command to the I/O controller as output; in response to a write command type; sending the command to the master virtual Trusted Platform Module and to the slave virtual Trusted Platform Module; processing the command in the master virtual Trusted Platform Module and in the slave virtual Trusted Platform Module; sending the processed command to the I/O controller as output in response to a read command type; sending the command to the master virtual Trusted Platform Module sending the command to the I/O controller as output; receiving output from the crypto engine; and returning the output to the Virtual Machine Monitor.
-
-
2. The method as claimed in claim 1 wherein the crypto engine includes an appliance endorsement key configured to provide an identification and to pair with an additional recipient virtual security appliance in the virtual security appliance system, the additional recipient virtual security appliance including an additional crypto engine having an additional appliance endorsement key.
-
3. The method as claimed in claim 2 further comprising:
-
establishing a pair credential between the recipient virtual security appliance and the additional recipient virtual security appliance; and establishing a secure channel between the recipient virtual security appliance and the additional recipient virtual security appliance through an exchange of the appliance endorsement key and the additional appliance endorsement key through the pair credential.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMeta Platforms, Inc. (f/k/a Facebook, Inc.)
-
Original AssigneeInternational Business Machines Corporation
-
InventorsMunetoh, Seiji
-
Primary Examiner(s)Moise; Emmanuel L
-
Assistant Examiner(s)PYZOCHA, MICHAEL J
-
Application NumberUS11/960,167Time in Patent Office188 DaysField of Search713/171, 713/193, 380/28US Class Current713/193CPC Class CodesG06F 21/602 Providing cryptographic fac...G06F 21/72 in cryptographic circuitsH04L 2209/127 Trusted platform modules [TPM]H04L 9/0844 with user authentication or...
