公开(公告)号：US20150244559A1

公开(公告)日：2015-08-27

申请号：US14697956

申请日：2015-04-28

Applicant: Intel Corporation

Inventor： PALSAMY SAKTHIKUMAR ,  VINCENT J. ZIMMER

IPC: H04L12/24

CPC classification number: H04L41/00 ,  G06F11/203 ,  G06F21/57 ,  G06F21/80 ,  G06F2221/2107 ,  H04L9/0827 ,  H04L9/0877 ,  H04L41/28 ,  H04L63/061

Abstract: A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.

Abstract translation: 一种具有指令的方法，系统和计算机可读存储介质，用于在刀片服务器之间迁移全盘加密的虚拟存储。 获得用于在第一刀片服务器上执行操作的键。 密钥是从虚拟安全硬件实例获得的，并通过安全的带外通信信道提供给第一个刀片服务器。 密钥从第一个刀片服务器迁移到第二个刀片服务器。 该密钥用于对存储在第一个刀片服务器上的数据执行硬件加密。 将数据迁移到第二个刀片服务器，而不会在第一个刀片服务器上解密数据，而第二个刀片服务器使用密钥来访问数据。 描述和要求保护其他实施例。

公开(公告)号：US20170033970A9

公开(公告)日：2017-02-02

申请号：US14697956

申请日：2015-04-28

Applicant: Intel Corporation

Inventor： PALSAMY SAKTHIKUMAR ,  VINCENT J. ZIMMER

IPC: H04L12/24

CPC classification number: H04L41/00 ,  G06F11/203 ,  G06F21/57 ,  G06F21/80 ,  G06F2221/2107 ,  H04L9/0827 ,  H04L9/0877 ,  H04L41/28 ,  H04L63/061

Abstract: A method, system and computer-readable storage medium with instructions to migrate full-disk encrypted virtual storage between blade servers. A key is obtained to perform an operation on a first blade server. The key is obtained from a virtual security hardware instance and provided to the first blade server via a secure out-of-band communication channel. The key is migrated from the first blade server to a second blade server. The key is used to perform hardware encryption of data stored on the first blade server. The data are migrated to the second blade server without decrypting the data at the first blade server, and the second blade server uses the key to access the data. Other embodiments are described and claimed.

Abstract translation: 一种具有指令的方法，系统和计算机可读存储介质，用于在刀片服务器之间迁移全盘加密的虚拟存储。 获得用于在第一刀片服务器上执行操作的键。 密钥是从虚拟安全硬件实例获得的，并通过安全的带外通信信道提供给第一个刀片服务器。 密钥从第一个刀片服务器迁移到第二个刀片服务器。 该密钥用于对存储在第一个刀片服务器上的数据执行硬件加密。 将数据迁移到第二个刀片服务器，而不会在第一个刀片服务器上解密数据，而第二个刀片服务器使用密钥来访问数据。 描述和要求保护其他实施例。

公开(公告)号：US20160371098A1

公开(公告)日：2016-12-22

申请号：US15076384

申请日：2016-03-21

Applicant: INTEL CORPORATION

Inventor： DAVID C. ESTRADA ,  VINCENT J. ZIMMER ,  PALSAMY SAKTHIKUMAR

IPC: G06F9/44 ,  G06F13/26

CPC classification number: G06F9/4411 ,  G06F9/4406 ,  G06F13/26 ,  G06F13/4027

Abstract: Various embodiments are directed to creating multiple device blocks associated with hardware devices, arranging the device blocks in an order indicative of positions of the hardware devices in a hierarchy of buses and bridges, and enabling access to the multiple device blocks from an operating system. An apparatus comprises a processor circuit and storage storing instructions operative on the processor circuit to create a device table comprising multiple device blocks, each device block corresponding to one of multiple hardware devices accessible to the processor circuit, the device blocks arranged in an order indicative of relative positions of the hardware devices in a hierarchy of buses and at least one bridge device; enable access to the device table by an operating system; and execute a second sequence of instructions of the operating system operative on the processor circuit to access the device table. Other embodiments are described and claimed herein.

Abstract translation: 各种实施例涉及创建与硬件设备相关联的多个设备块，以指示总线和桥接器层级中的硬件设备的位置的顺序排列设备块，以及使得能够从操作系统访问多个设备块。 一种装置包括处理器电路和存储器，其存储指令，其操作在所述处理器电路上以创建包括多个设备块的设备表，每个设备块对应于所述处理器电路可访问的多个硬件设备之一，所述设备块以指示 硬件设备在总线和至少一个桥接设备层级中的相对位置; 使操作系统能够访问设备表; 并且执行在处理器电路上操作的操作系统的第二指令序列以访问设备表。 在此描述和要求保护的其它实施例。