| Patent application number | Description | Published |
|---|
| 20080244292 | Method and Apparatus to Re-create trust model after sleep state - A processing system features random access memory (RAM), a processor, and a trusted platform module (TPM). When the processing system enters a sleep mode during which the RAM is to stay powered, the processing system may measuring a VMM and one or more secure VMs in the processing system. However, the processing system may not measure or encrypt all of system memory. Upon resuming from sleep, the processing system may verify the measurements, to ensure that the VMM and secure VMs have not been tampered with. Other steps may include sealing encryption keys to the TPM, while preserving the blobs in memory. Other embodiments are described and claimed. | 10-02-2008 |
| 20090044187 | Methods And Apparatus For Creating An Isolated Partition For A Virtual Trusted Platform Module - A data processing system isolates a virtual trusted platform module (vTPM) manager in the processing system from other management software in the processing system. In one example process, the processing system launches a virtual machine monitor (VMM) that includes a memory-mapped input/output (MMIO) trap. The processing system also launches a vTPM manager in a first virtual machine (VM). In addition, the processing system launches a second VM to contain virtual machine management programs other than the vTPM manager and the MMIO trap. Other embodiments are described and claimed. | 02-12-2009 |
| 20090055641 | Method and apparatus for virtualization of a multi-context hardware trusted platform module (TPM) - In one embodiment, the present invention includes a method for receiving a request for a trusted platform module (TPM) operation from a virtual machine, determining whether the request is for a modification of a TPM version, and associating part of a multi-context hardware TPM with a virtual TPM (vTPM) to enable the modification. Other embodiments are described and claimed. | 02-26-2009 |
| 20090086979 | VIRTUAL TPM KEYS ROOTED IN A HARDWARE TPM - The present subject matter related to trusted computing, and more particularly, to virtual trusted platform module keys rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module operable to capture virtual machine trusted platform module calls and operates to generate, maintain, and utilize hardware trusted platform module keys on behalf of the one or more virtual machines. Some embodiments include virtual trusted platform module keys having a public portion on top of an private portion including an encrypted hardware trusted platform module key. | 04-02-2009 |
| 20090089582 | METHODS AND APPARATUS FOR PROVIDING UPGRADEABLE KEY BINDINGS FOR TRUSTED PLATFORM MODULES - A processing system with a trusted platform module (TPM) supports migration of digital keys. For instance, an application in the processing system may create a first configuration key as a child of a TPM storage root key (SRK) when the processing system has a first configuration. The application may also create an upgradable root user key associated with an upgrade authority as a child of the first configuration key. The application may also create a user key as a child of the upgradable root user key. When the processing system has a second configuration, the application may create a second configuration key as a child of the SRK. The application may request migration approval from the upgrade authority. In response to receiving the approval from the upgrade authority, the application may migrate the root user key to be a child of the second configuration key. Other embodiments are described and claimed. | 04-02-2009 |
| 20090165117 | Methods And Apparatus Supporting Access To Physical And Virtual Trusted Platform Modules - A data processing system features a hardware trusted platform module (TPM), and a virtual TPM (vTPM) manager. When executed, the vTPM manager detects a first request from a service virtual machine (VM) in the processing system, the first request to involve access to the hardware TPM (hTPM). In response, the vTPM manager automatically determines whether the first request should be allowed, based on filter rules identifying allowed or disallowed operations for the hTPM. The vTPM manager may also detect a second request to involve access to a software TPM (sTPM) in the processing system. In response, the vTPM manager may automatically determine whether the second request should be allowed, based on a second filter list identifying allowed or disallowed operations for the sTPM. Other embodiments are described and claimed. | 06-25-2009 |
| 20090169012 | VIRTUAL TPM KEY MIGRATION USING HARDWARE KEYS - The present subject matter is related to trusted computing, and more particularly to migration of virtual trusted platform module keys that are rooted in a hardware trusted platform module. Some embodiments include a trusted platform virtualization module that may perform one or more of inbound and outbound trusted platform module key migrations. Such migrations may be performed between a virtual trusted platform module and either a hardware or a virtual trusted platform module. | 07-02-2009 |
| 20090307493 | SYSTEM AND METHOD FOR COMBINING USER AND PLATFORM AUTHENTICATION IN NEGOTIATED CHANNEL SECURITY PROTOCOLS - A network security handshake exchange for combining user and platform authentication. The security handshake exchange performs operations on a pre-master secret to increase identity verification and security. The pre-master secret is augmented and authenticated with platform identity and user identity credentials of one endpoint. A second phase of exchanges may include exchange of a master secret that is the pre-master secret modified with platform identity and user identity of the other endpoint. | 12-10-2009 |
| 20110138166 | Extensible Pre-Boot Authentication - In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a non-volatile storage that is configured with full disk encryption (FDE), and storing the PBA image in a memory. Then a callback protocol can be performed between a loader executing on an engine of a chipset and an integrity checker of a third party that provided the PBA image to confirm integrity of the PBA image, the PBA image is executed if the integrity is confirmed, and otherwise it is deleted. Other embodiments are described and claimed. | 06-09-2011 |
| 20110145598 | Providing Integrity Verification And Attestation In A Hidden Execution Environment - In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed. | 06-16-2011 |
| 20110154023 | Protected device management - A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments. | 06-23-2011 |
