Dynamic creation and hierarchical organization of trusted platform modules

Abstract

A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

Description

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates generally to a data processing system. Specifically, the present invention provides a method, an apparatus and a computer program product for the dynamic creation and hierarchical organization of trusted platform modules.

[0003] 2. Description of the Related Art

[0004] The Trusted Computing Group has defined the functionality and protocol for a hardware module called the Trusted Platform Module (TPM). This piece of hardware offers security and cryptographic functionality to computer systems such as, for example, asymmetric key generation, decryption, encryption, signing, sealing and binding of data to the state of the TPM, migration of keys between TPMs, random number generation and hashing functionality. A TPM also implements a rather complex state machine which allows some of its operations to only be performed when a sequence of certain commands has been sent to the TPM before. One e...

Images