| 发明名称 | Trusted device having virtualized registers | ||
| 摘要 | A trusted device having virtualized registers provides an extensible amount of storage for hash values and other information stored within a trusted device. The trusted device includes a buffer to which registers are virtualized to and from external storage, by encrypting the register values using a private device key. The registers may be platform control registers (PCRs) or other storage of the trusted device, which may be a trusted platform module (TPM). The registers are accessed in accordance with a register number. When the externally stored values are retrieved, they are decrypted and placed in the buffer. The buffer may implement a cache mechanism, such as a most recently used algorithm, so that encryption/decryption and fetch overhead is reduced. A register shadowing technique may be employed at boot time, to ensure that the trusted device is not compromised by tampering with the externally stored virtualized registers. | ||
| 申请公布号 | US9171161(B2) | 申请公布日期 | 2015.10.27 |
| 申请号 | US200611558024 | 申请日期 | 2006.11.09 |
| 申请人 | INTERNATIONAL BUSINESS MACHINES CORPORATION | 发明人 | Anbalagan Arun P.;Nataraj Pruthvi P.;Tomar Bipin |
| 分类号 | H04L27/01;G06F21/57 | 主分类号 | H04L27/01 |
| 代理机构 | Mitch Harris, Atty at Law, LLC | 代理人 | Mitch Harris, Atty at Law, LLC ;Harris Andrew M.;Kalaitzis Parashos T. |
| 主权项 | 1. A method for virtualizing storage within a trusted device integrated circuit in a secured processing system, method comprising: receiving a request for a first data register value associated with a register number uniquely specifying either a physical data register within the trusted device integrated circuit or a virtual data register of the trusted device integrated circuit; determining whether the register number specifies an unencrypted physical register of the trusted device integrated circuit or a virtual register for which an encrypted value is stored in a storage external to the trusted device integrated circuit, by comparing the register number supplied with the request with a predetermined value; responsive to the receiving and in response to determining that the register number specifies an unencrypted physical register of the trusted device integrated circuit, first responding to the request by providing the first data register value from the physical register specified by the register number; responsive to the receiving and in response to determining that the register number specifies a virtual register, retrieving the encrypted version of the first data register value from the storage external to the trusted device integrated circuit using the register number; responsive to retrieving the encrypted version of the first data register value, decrypting the retrieved encrypted version of the first data register value using a private device key to obtain the first data register value and storing the first data register value in a buffer in the trusted device integrated circuit; and second responding to the request by providing the first data register value from the buffer. | ||
| 地址 | Armonk NY US | ||