发明授权
US07664965B2 Method and system for bootstrapping a trusted server having redundant trusted platform modules
失效
用于引导具有冗余可信平台模块的可信服务器的方法和系统
- 专利标题: Method and system for bootstrapping a trusted server having redundant trusted platform modules
- 专利标题(中): 用于引导具有冗余可信平台模块的可信服务器的方法和系统
-
申请号: US10835498申请日: 2004-04-29
-
公开(公告)号: US07664965B2公开(公告)日: 2010-02-16
- 发明人: Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , David R. Safford , Leendert Peter Van Doorn
- 申请人: Steven A. Bade , Linda Nancy Betz , Andrew Gregory Kegel , David R. Safford , Leendert Peter Van Doorn
- 申请人地址: US NY Armonk
- 专利权人: International Business Machines Corporation
- 当前专利权人: International Business Machines Corporation
- 当前专利权人地址: US NY Armonk
- 代理商 Casimer K. Salys; Jack V. Musgrove
- 主分类号: G06F11/30
- IPC分类号: G06F11/30
摘要:
Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted.
公开/授权文献
信息查询