Distributed trusted platform module key management protection for roaming data

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Ronald Aigner · Redmond, US
• Giridhar Viswanathan · Redmond, US
• Lars Reuther · Kirkland, US
• Alvin Morales CARO · Redmond, US
• David Kimler Altobelli · Houston, US
• Dan Ma · Cleveland, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2009/45587
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Distributed security key management for protecting roaming data via a trusted platform module is performed by systems that include first and second processors, and first and second respective hardware security modules. The first security module encrypts a security key using a public key from the second security module, and the encrypted security key is provided to the second security module. A virtual machine (VM) executed by the first processor has a first virtual security module instance having state data that includes a storage key encrypting VM virtual disk data and that is encrypted with the security key. When a transfer condition is determined, the VM is transferred and executed by the second processor, using a second virtual security module instance, based on decrypting the security key by the second security module using a private key and decrypting the state data for the second virtual security module using the security key.