IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0122785
(2002-04-15)
|
발명자
/ 주소 |
- Grawrock,David W.
- Sutton, II,James A.
|
출원인 / 주소 |
|
대리인 / 주소 |
Blakely, Sokoloff, Taylor &
|
인용정보 |
피인용 횟수 :
34 인용 특허 :
167 |
초록
▼
In one embodiment, a method comprises generating a cryptographic key pair associated with a data center. The method also includes storing a private key of the cryptographic key pair within a platform. The private key is used to sign a value stored in the platform for validation of inclusion of the p
In one embodiment, a method comprises generating a cryptographic key pair associated with a data center. The method also includes storing a private key of the cryptographic key pair within a platform. The private key is used to sign a value stored in the platform for validation of inclusion of the platform into the data center. In an embodiment, the private key is revoked upon determining that the platform has been compromised. In one embodiment, the private key may be revoked in each of the platforms of the data center.
대표청구항
▼
What is claimed is: 1. A platform comprising: a private key to validate inclusion of the platform within a data center; and at least one token to seal the private key to the platform. 2. The platform of claim 1, further comprising an interface to provide a response signed by the private key in
What is claimed is: 1. A platform comprising: a private key to validate inclusion of the platform within a data center; and at least one token to seal the private key to the platform. 2. The platform of claim 1, further comprising an interface to provide a response signed by the private key in response to a received challenge. 3. The platform of claim 1, wherein the at least one token comprises a register to store a metric of the platform; and a processing unit to seal the private key to the metric. 4. The platform of claim 3, wherein the metric stored in the register corresponds to a policy of the data center when the platform is within the data center. 5. The platform of claim 3, wherein the processing unit is to generate the metric during an initiation of the platform. 6. The platform of claim 3, wherein the processing unit is to generate the private key. 7. The platform of claim 1, wherein the private key is to be stored within a number of platforms of the data center. 8. The platform of claim 1, wherein the private key is different from private keys to be stored in other platforms of the data center. 9. A data center comprising: an administrative unit to generate a cryptographic key pair that includes a private key; and a platform coupled to the administrative unit, the platform comprising a token, wherein the token comprises a private key to validate inclusion of the platform within the data center; a register to store a metric of the platform; and a processing unit to seal the private key based on the metric. 10. The data center of claim 9, wherein the private key is to be stored within a number of platforms of the data center. 11. The data center of claim 9, wherein the private key is different from private keys to be stored in other platforms of the data center. 12. The data center of claim 9, wherein the register is to store a metric of the platform that corresponds to a policy of the data center. 13. The data center of claim 9, wherein the platform further comprises an interface to provide a response signed by the private key in response to a received challenge. 14. A data center comprising: a platform comprising a token that includes a processing unit and a register, the register to store a value, wherein the value represents a policy of the platform, the processing unit to generate a cryptographic key pair that includes a private key; a memory to store the private key of the cryptographic key pair; and an administrative unit coupled to the platform, the administrative unit to generate a root key for the data center, to generate a signing key for the data center based on a certification of the root key, to sign the private key of the platform with the signing key of the data center. 15. The data center of claim 14, further comprising a certification authority to certify the root key. 16. The data center of claim 15, wherein the certification authority is to validate inclusion of the platform within the data center. 17. The data center of claim 14, wherein the memory is to store the private key that is different from private keys stored in other platforms of the data center. 18. A method comprising: generating a cryptographic key pair associated with a data center; and storing a private key of the cryptographic key pair within a platform, the private key used to sign a value stored in the platform for validation of inclusion of the platform into the data center. 19. The method of claim 18, further comprising validating a policy for the platform prior to storing the private key within the platform. 20. The method of claim 19, wherein validating the policy comprises validating metrics of the platform. 21. The method of claim 19, further comprising associating the private key with the policy for the platform. 22. The method of claim 21, wherein associating the private key with the policy for the platform comprises, binding the private key based on the hardware of the platform; and sealing the private key based on the policy for the platform. 23. The method of claim 22, wherein sealing of the private key based on the policy for the platform comprises sealing the private key based on a value stored in a register within a physical token in the platform. 24. The method of claim 18, further comprising storing the private key of the cryptographic key pair in a number of platforms within the data center. 25. A method comprising: receiving a quote request to validate inclusion of a platform within a data center; retrieving a value associated with a policy of the platform, the value stored in the platform; signing the value using a private key of a cryptographic key pair stored in the platform; and outputting the signed value in response to the quote request. 26. The method of claim 25, wherein retrieving the value associated with the policy of the platform comprises retrieving the value from a physical token of the platform. 27. The method of claim 25, wherein signing the value using the private key of the cryptographic key pair comprises signing the value using a private key that is different from private keys stored other platforms within the data center. 28. The method of claim 25, wherein receiving the quote request comprises receiving a quote request that comprises a random value. 29. The method of claim 25, further comprising, signing the random value using the private key; and outputting the random value in response to the quote request. 30. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising: generating a quote request to validate inclusion of a platform within a data center; transmitting the quote request to the platform; receiving a response to the quote request, the response including a value stored in the platform that is signed by a private key stored in the platform, wherein the value is associated with a policy of the platform; and validating the inclusion of the platform within the data center based on decryption of the value using a public key that corresponds to the private key. 31. The machine-readable medium of claim 30, further comprising retrieving a policy of the data center. 32. The machine-readable medium of claim 31, wherein validating the inclusion of the platform comprises validating that the policy of the platform corresponds to the policy of the data center. 33. The machine-readable medium of claim 31, wherein validating the inclusion of the platform within the data center comprises validating that a number of metrics of the platform correspond to the policy of the data center. 34. The machine-readable medium of claim 30, wherein validating the inclusion of the platform within the data center comprises validating the private key has been signed by a signing key associated with the data center using a certifying authority validation. 35. The machine-readable medium of claim 30, wherein generating the quote request comprises generating a quote request that includes a random value, wherein validating the inclusion of the platform within the data center comprises validating that the decryption of the response includes the random value. 36. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising: generating a root key associated with a data center; generating a signing key based on the root key using a certification of the root key; receiving a request from a platform for inclusion into the data center, the request to include a private key associated with the platform; certifying the private key based on a signature from the signing key associated with the data center; and storing the certification of the private key within the platform, the private key to sign a value stored in the platform for validation of inclusion of the platform within the data center. 37. The machine-readable medium of claim 36, wherein receiving the request from the platform comprises receiving a request that includes a private key for the platform that is different from private keys of other platforms in the data center. 38. The machine-readable medium of claim 36, further comprising validating that the platform includes a policy that corresponds to a policy for the data center prior to certifying the private key of the platform. 39. The machine-readable medium of claim 38, wherein validating comprises validating that the platform comprises a number of metrics for the data center. 40. The machine-readable medium of claim 39, further comprising associating the private key with the policy for the platform. 41. The machine-readable medium of claim 40, wherein associating the private key with the policy for the platform comprises, binding the private key based on the hardware of the platform; and sealing the private key based on the policy for the platform. 42. The machine-readable medium of claim 41, wherein the sealing of the private key based on the policy for the platform comprises sealing the private key based on a value stored in a register within a physical token in the platform. 43. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising: performing the following, upon determining that a platform of a number of platforms of a data center has been compromised, revoking a current cryptographic key pair stored in the number of platforms of the data center; generating a new cryptographic key pair associated with the data center; and storing a new private key of the new cryptographic key pair into the number of platforms that had been compromised. 44. The machine-readable medium of claim 43, further comprising validating a policy for the number of platforms prior to storing the new private key into the number of platforms. 45. The machine-readable medium of claim 44, wherein validating the policy comprises validating metrics of the platform. 46. The machine-readable medium of claim 44, wherein the performing of the following further comprises associating the new private key with the policy of the platform. 47. The machine-readable medium of claim 43, further comprising determining that a current private key of the current cryptographic key pair is unusable in at least one platform of the number of platforms. 48. The machine-readable medium of claim 47, further comprising redistributing the current private key to the at least one platform, upon determining that the at least one platform has not been compromised. 49. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising: performing the following, upon determining that a platform of a number of platforms of a data center has been compromised and that a current private key stored in the platform is different from private keys stored in other platforms of the data center, revoking a current cryptographic key pair that includes the current private key; certifying a new private key based on a signature from a signing key associated with the data center; and storing the certification of the new private key within the platform, wherein the new private key is to sign a value stored in the platform for validation of the platform within the data center. 50. The machine-readable medium of claim 49, further comprising validating that the platform includes a policy that corresponds to a policy for the data center prior to certifying the new private key. 51. The machine-readable medium of claim 50, wherein the performing the following comprises associating the new private key with the policy of the platform. 52. The machine-readable medium of claim 49, further comprising determining that the current private key is unusable in at least one of platform of the number of platforms. 53. The machine-readable medium of claim 52, further comprising redistributing the current private key to the at least one platform, upon determining that the at least one platform has not been compromised.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.