公开(公告)号：US20230261867A1

公开(公告)日：2023-08-17

申请号：US18137494

申请日：2023-04-21

Applicant: VMware, Inc.

Inventor： Alexey Makhalov ,  Maria Potapova ,  Ravishankar Chamarajnagar ,  Bo Gan ,  Raghunath Krishnamurthy ,  Sharath George ,  Sriram Nambakam

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/32 ,  G06F3/06

CPC classification number: H04L9/14 ,  H04L9/0877 ,  H04L9/3234 ,  G06F3/0653 ,  G06F3/0622 ,  G06F3/067 ,  H04L9/0822

Abstract: The present disclosure relates to centralized volume encryption key management for edge devices with trusted platform modules (TPM)s. In some examples, a TPM measures platform configuration register (PCR) values during a gateway boot process of a gateway device, including a PCR value for an extractor PCR. The extractor PCR refers to a PCR for an extractor application of the gateway device. The extractor application unseals a volume encryption key using the PCR value for the extractor PCR and a sealing authorization policy. The extractor application itself is verified as a result of measuring and using the PCR value for the extractor PCR.

公开(公告)号：US11689365B2

公开(公告)日：2023-06-27

申请号：US16661198

申请日：2019-10-23

Applicant: VMware, Inc.

Inventor： Alexey Makhalov ,  Maria Potapova ,  Ravishankar Chamarajnagar ,  Bo Gan ,  Raghunath Krishnamurthy ,  Sharath George ,  Sriram Nambakam

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/32 ,  G06F3/06

CPC classification number: H04L9/14 ,  G06F3/067 ,  G06F3/0622 ,  G06F3/0653 ,  H04L9/0822 ,  H04L9/0877 ,  H04L9/3234

Abstract: The present disclosure relates to centralized volume encryption key management for edge devices with trusted platform modules (TPM)s. In some aspects a volume encryption key is generated for a gateway device. A sealing authorization policy is also generated for the gateway device. The sealing authorization policy is generated based on a predetermined platform configuration register (PCR) mask and expected PCR values. The volume encryption key and the sealing authorization policy are transmitted from the management service to the gateway device to provision the gateway device with the volume encryption key.

公开(公告)号：US20210021418A1

公开(公告)日：2021-01-21

申请号：US16661198

申请日：2019-10-23

Applicant: VMware, Inc.

Inventor： Alexey Makhalov ,  Maria Potapova ,  Ravishankar Chamarajnagar ,  Bo Gan ,  Raghunath Krishnamurthy ,  Sharath George ,  Sriram Nambakam

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/32 ,  G06F3/06

Abstract: The present disclosure relates to centralized volume encryption key management for edge devices with trusted platform modules (TPM)s. In some aspects a volume encryption key is generated for a gateway device. A sealing authorization policy is also generated for the gateway device. The sealing authorization policy is generated based on a predetermined platform configuration register (PCR) mask and expected PCR values. The volume encryption key and the sealing authorization policy are transmitted from the management service to the gateway device to provision the gateway device with the volume encryption key.