System and method of a trusted computing operation mode
First Claim
1. A method of establishing hardware assisted trust to a communication server that does not utilize hardware assisted trust, comprising:
- checking, by a secure application of a first server, for a message that requests for establishment of a secure communication link between the first server and a different server, wherein the secure application is executed on a first processor of a plurality of processors of the first server, and wherein the message is directed from the different server to the secure application of the first server;
finding, by the secure application, the message that requests establishment of the secure communication link;
responsive to finding the message, sending, by the secure application, a request to an operating system to suspend each of the plurality of processors except for the first processor;
responsive to finding the message, sending, by the secure application, a request to the operating system to suspend a process that is executing on the first processor;
conducting, by the secure application, a communication session with the different server;
responsive to conducting the communication session, sending, by the secure application, a request to the operating system to release each of the plurality of processors that were suspended and to resume functionality; and
responsive to conducting the communication session, sending, by the secure application, a request to the operating system to resume execution of the process that was suspended on the first processor.
6 Assignments
0 Petitions
Accused Products
Abstract
A security monitor processing server is disclosed. The server comprises a plurality of processors, a memory, and a security monitor application that, when executed by a first processor checks for a message that requests establishment of a secure communication link between a different server and the server directed to it by the different server. The application sends a request to an operating system (OS) to suspend functionality of the other processors except for the first processor. The application sends a request to the OS to suspend a process executing on the first processor. The application conducts a communication session with the different server. The application, responsive to completion of the communication session sends a request to the OS to allow the other processors to resume functionality. The application sends a request to the OS to resume execution of the suspended process on the first processor.
93 Citations
20 Claims
-
1. A method of establishing hardware assisted trust to a communication server that does not utilize hardware assisted trust, comprising:
-
checking, by a secure application of a first server, for a message that requests for establishment of a secure communication link between the first server and a different server, wherein the secure application is executed on a first processor of a plurality of processors of the first server, and wherein the message is directed from the different server to the secure application of the first server; finding, by the secure application, the message that requests establishment of the secure communication link; responsive to finding the message, sending, by the secure application, a request to an operating system to suspend each of the plurality of processors except for the first processor; responsive to finding the message, sending, by the secure application, a request to the operating system to suspend a process that is executing on the first processor; conducting, by the secure application, a communication session with the different server; responsive to conducting the communication session, sending, by the secure application, a request to the operating system to release each of the plurality of processors that were suspended and to resume functionality; and responsive to conducting the communication session, sending, by the secure application, a request to the operating system to resume execution of the process that was suspended on the first processor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of establishing trust between a first communication server without hardware assisted trust and a second communication server with hardware assisted trust, comprising:
-
checking, by a security monitor application of a first server, for a message from a second server that requests establishment of a secure communication link between the first server and the second server, wherein the security monitor application is executed on a first processor of a plurality of processors on the first server, wherein the message is directed to a secure application that also executes on the first processor of the first server, and wherein the message is from the second server; finding, by the security monitor application, the message that requests establishment of the secure communication link; responsive to finding the message, sending, by the security monitor application, a request to an operating system to suspend each of the plurality of processors except for the first processor, wherein the security monitor application receives the message and a security token from the second server, and wherein the security token identifies the second server as a secure server that is trusted; responsive to finding the message, sending, by the security monitor application, a request to the operating system to suspend a process that is executing on the first processor; invoking, by the security monitor application sending a request to the operating system, a secure application that executes on the first processor; sending, by the security monitor application, the message to the secure application; engaging, by the secure application, in a communication session with the second server in response to the second server being identified as a secure server that is trusted based on the security token received by the security monitor application; receiving, by the security monitor application, a message from the secure application that indicates to the security monitor application the communication session with the second server has finished; stopping, by the security monitor application, the secure application from executing on the first processor, wherein the security monitor application sends a request to the operating system to stop execution of the secure application, and wherein the secure application becomes dormant in response to the request to stop execution until re-invoked; sending, by the security monitor application, a request to the operating system to release each of the plurality of processors that were suspended and to resume functionality; and sending, by the security monitor application, a request to the operating system to resume execution of the process that was suspended on the first processor. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A server, comprising;
-
a plurality of processors, a non-transitory memory, and a security monitor application stored in the non-transitory memory, that when executed by a first processor of the plurality of processors, checks for a message from a different server, wherein the message requests establishment of a secure communication link between the different server and the security monitor application, finds the message that requests establishment of the secure communication link between the different server and the security monitor application, responsive to finding the message, sends a request to an operating system executing on the server to suspend functionality of each of the plurality of processors except for the first processor, responsive to finding the message, sends a request to the operating system to suspend a process that is executing on the first processor, conducts a communication session with the different server, responsive to conducting the communication session, sends a request to the operating system to allow each of the plurality of processors that were suspended to resume functionality, and responsive to conducting the communication session, sends a request to the operating system to resume execution of the process that was suspended on the first processor. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification