Associating a multi-context trusted platform module with distributed platforms
First Claim
Patent Images
1. A method comprising:
- creating an instance of a virtual trusted platform module (TPM) in a manager platform corresponding to a first server including TPM hardware, the manager platform a central repository of TPM services for a plurality of managed platforms coupled to the manager platform;
associating the instance of the virtual TPM with a first one of the managed platforms coupled to the manager platform, the managed platforms each a server including platform resources, a plurality of virtual machines and a platform manager, wherein the virtual TPM instance remains on the manager platform when the virtual TPM instance performs secure operations for the first managed platform and private keys of the virtual TPM instance remain on the manager platform and are not accessible to the first managed platform; and
updating the virtual TPM instance from the first managed platform to a second managed platform based on load information, and without re-authenticating the virtual TPM instance.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, the present invention includes a method for creating an instance of a virtual trusted platform module (TPM) in a central platform and associating the instance with a managed platform coupled to the central platform. Multiple such vTPM'"'"'s may be instantiated, each associated with a different managed platform coupled to the central platform. The instances may all be maintained on the central platform, improving security. Other embodiments are described and claimed.
69 Citations
23 Claims
-
1. A method comprising:
-
creating an instance of a virtual trusted platform module (TPM) in a manager platform corresponding to a first server including TPM hardware, the manager platform a central repository of TPM services for a plurality of managed platforms coupled to the manager platform; associating the instance of the virtual TPM with a first one of the managed platforms coupled to the manager platform, the managed platforms each a server including platform resources, a plurality of virtual machines and a platform manager, wherein the virtual TPM instance remains on the manager platform when the virtual TPM instance performs secure operations for the first managed platform and private keys of the virtual TPM instance remain on the manager platform and are not accessible to the first managed platform; and
updating the virtual TPM instance from the first managed platform to a second managed platform based on load information, and without re-authenticating the virtual TPM instance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19, 22)
-
-
8. An apparatus comprising:
a manager device to create instances of a virtual trusted platform module (TPM) and associate each of the instances with corresponding managed platforms coupled to the manager device, wherein the virtual TPM instances remain on the manager device while the virtual TPM instances perform a secure operation for the corresponding managed platforms and are to be maintained by the manager device, the manager device comprising a server of a server center including at least one hardware TPM, and the managed platforms comprise other servers of the server center, wherein the manager device is to change association of an instance of a virtual TPM from a first managed platform to a second managed platform based on load information, wherein the instance is maintained on the manager device, by update to an association table that lists the virtual TPM instances and corresponding managed platforms and without re-authentication of the instance. - View Dependent Claims (9, 10, 11, 12, 20, 21)
-
13. An article comprising a non-transitory machine-accessible storage medium including instructions that when executed cause a system to:
-
instantiate a first virtual security coprocessor in a central location corresponding to a first server; associate the first virtual security coprocessor with a first managed platform corresponding to a second server coupled to the central location responsive to a request from the first managed platform, wherein the first virtual security coprocessor is to remain in the central location; and update association of the first virtual security coprocessor to a second managed platform corresponding to a third server coupled to the central location responsive to a management command from a platform manager based on load information via update to an association table that lists virtual security coprocessor instances and corresponding managed platforms to associate the first virtual security coprocessor with the second managed platform without re-authentication of the first virtual security coprocessor, wherein the first virtual security coprocessor is to remain in the central location after the update. - View Dependent Claims (14, 15, 16)
-
-
17. A system comprising:
-
a plurality of managed platforms each a server having at least one hardware resource to be used in a virtualized environment; a management platform having a hardware trusted platform module (TPM) and corresponding to a TPM server coupled to the plurality of managed platforms to create instances of a virtual security module and associate each of the instances with a corresponding one of the plurality of managed platforms, wherein the management platform is to maintain the instances of the virtual security module on the management platform while the virtual security module instances perform a secure operation for the corresponding managed platform and private keys of the virtual security module instances remain on the management platform and are not accessible to the corresponding managed platforms during the secure operation; and a platform manager coupled to the management platform, when the platform manager is to instruct the management platform to migrate an instance of the virtual security module from a first managed platform to a second managed platform based on load information without re-authorization activities, wherein the instance is maintained on the management platform. - View Dependent Claims (18, 23)
-
Specification