公开(公告)号：US20090327700A1

公开(公告)日：2009-12-31

申请号：US12125871

申请日：2008-05-22

申请人： Steven A. Blade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  Michael J. Kelly ,  William Lee Terrell

发明人： Steven A. Blade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  Michael J. Kelly ,  William Lee Terrell

IPC分类号： G06F1/24

CPC分类号： G06F21/57 ,  G06F21/53 ,  H04L9/0897

摘要： A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.

摘要翻译： 提出了一种方法，装置，系统和计算机程序产品，用于虚拟化数据处理系统内的可信平台模块。 使用物理可信平台模块的平台签名密钥在数据处理系统内的物理可信平台模块内创建虚拟可信平台模块以及虚拟认证密钥，从而在虚拟可信平台模块和虚拟可信平台模块之间提供传递信任关系 信任平台的核心信任根源。 虚拟可信平台模块可以与数据处理系统内的可分区运行时环境中的分区唯一关联。

公开(公告)号：US08065522B2

公开(公告)日：2011-11-22

申请号：US12125871

申请日：2008-05-22

申请人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  Michael J. Kelly ,  William Lee Terrell

发明人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  Michael J. Kelly ,  William Lee Terrell

IPC分类号： H04L29/00 ,  H04L9/00

CPC分类号： G06F21/57 ,  G06F21/53 ,  H04L9/0897

摘要： A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.

摘要翻译： 提出了一种方法，装置，系统和计算机程序产品，用于虚拟化数据处理系统内的可信平台模块。 使用物理可信平台模块的平台签名密钥在数据处理系统内的物理可信平台模块内创建虚拟可信平台模块以及虚拟认证密钥，从而在虚拟可信平台模块和虚拟可信平台模块之间提供传递信任关系 信任平台的核心信任根源。 虚拟可信平台模块可以与数据处理系统内的可分区运行时环境中的分区唯一关联。

公开(公告)号：US07380119B2

公开(公告)日：2008-05-27

申请号：US10835330

申请日：2004-04-29

申请人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  Michael J. Kelly ,  William Lee Terrell

发明人： Steven A. Bade ,  Linda Nancy Betz ,  Andrew Gregory Kegel ,  Michael J. Kelly ,  William Lee Terrell

IPC分类号： G06F1/24

CPC分类号： G06F21/57 ,  G06F21/53 ,  H04L9/0897

摘要： A method, an apparatus, a system, and a computer program product is presented for virtualizing trusted platform modules within a data processing system. A virtual trusted platform module along with a virtual endorsement key is created within a physical trusted platform module within the data processing system using a platform signing key of the physical trusted platform module, thereby providing a transitive trust relationship between the virtual trusted platform module and the core root of trust for the trusted platform. The virtual trusted platform module can be uniquely associated with a partition in a partitionable runtime environment within the data processing system.

摘要翻译： 提出了一种方法，装置，系统和计算机程序产品，用于虚拟化数据处理系统内的可信平台模块。 使用物理可信平台模块的平台签名密钥在数据处理系统内的物理可信平台模块内创建虚拟可信平台模块以及虚拟认证密钥，从而在虚拟可信平台模块和虚拟可信平台模块之间提供传递信任关系 信任平台的核心信任根源。 虚拟可信平台模块可以与数据处理系统内的可分区运行时环境中的分区唯一关联。

公开(公告)号：US07480804B2

公开(公告)日：2009-01-20

申请号：US10835503

申请日：2004-04-29

申请人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  William Lee Terrell

发明人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  William Lee Terrell

IPC分类号： H04L9/00 ,  G06F12/14

CPC分类号： G06F21/57

摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.

摘要翻译： 用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。 然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。 系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的 同时允许其高度并行化的初始化过程进行。

公开(公告)号：US07752458B2

公开(公告)日：2010-07-06

申请号：US12258332

申请日：2008-10-24

申请人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  William Lee Terrell

发明人： Steven A. Bade ,  Ryan Charles Catherman ,  James Patrick Hoff ,  William Lee Terrell

IPC分类号： G06F11/30

CPC分类号： G06F21/57

摘要： An architecture for a distributed data processing system comprises a system-level service processor along with one or more node-level service processors; each are uniquely associated with a node, and each is extended to comprise any components that are necessary for operating the nodes as trusted platforms, such as a TPM and a CRTM in accordance with the security model of the Trusted Computing Group. These node-level service processors then inter-operate with the system-level service processor, which also contains any components that are necessary for operating the system as a whole as a trusted platform. A TPM within the system-level service processor aggregates integrity metrics that are gathered by the node-level service processors, thereafter reporting integrity metrics as requested, e.g., to a hypervisor, thereby allowing a large distributed data processing system to be validated as a trusted computing environment while allowing its highly parallelized initialization process to proceed.

摘要翻译： 用于分布式数据处理系统的架构包括系统级服务处理器以及一个或多个节点级服务处理器; 每个都与节点唯一相关联，并且每个都被扩展以包括根据可信计算组的安全模型将节点操作为可信平台（例如TPM和CRTM）所需的任何组件。 然后，这些节点级服务处理器与系统级服务处理器互操作，系统级服务处理器还包含将系统作为整体操作为可信平台所必需的任何组件。 系统级服务处理器内的TPM聚合由节点级服务处理器收集的完整性度量，此后根据请求报告完整性度量，例如向管理程序报告，从而允许将大型分布式数据处理系统验证为可信任的 同时允许其高度并行化的初始化过程进行。