FIELD OF INVENTION

The present invention relates to a migration system of virtual Trusted Platform Module (vTPM) instance from a source platform network connectable to a destination platform and methods of migrating thereof.

BACKGROUND OF INVENTION

In a system where a vTPM is present in a distributed network, there is a need at some point in time for the vTPM to be migrated to another network. Since the main objective of providing vTPM into a network is to ensure the trustworthiness of the system, care needs to be given on how to migrate the vTPM to another physical location. Without the correct protocol to migrate the vTPM, the chain of trust can be broken.

US 2009/0154709 Al describes a migration scheme of virtualized trusted platform module that uses a key server to provide attestation with a destination machine to identify an entitled destination machine for access to session key to unseal the sealed data. However, if the key server security is compromised, chain of trust may be broken during migration of vTPM.

Therefore, there is a need for a solution for vTPM migration that ensures that the chain of trust of the vTPM is maintained throughout the migration.

SUMMARY OF INVENTION

Accordingly there is provided a migration system of virtual Trusted Platform Module (vTPM) instance from a source platform network connectable to a destination platform, the system includes a resource manager positionable on a migration source server, wherein the resource manager is network connectable to a source migration controller positionable on the source platform, a resource manager positionable on a migration destination server, wherein the resource manager is network connectable to a destination migration controller positionable on the destination platform, wherein a plurality of session keys are used for tracking of migration when a secure channel is established beforehand.

There is also provided a method of migrating virtual Trusted Platform Module (vTPM) instance from a source platform network connectable to a destination platform, the method includes the steps of sending a migration signal to a source migration control ler, creating a plurality of session keys to be passed together with the migration signal, retrieving the migration signal, notifying a manager at a destination server, creating at least one vTPM instance, creating an endorsement key (EK) and Local Certificate Authority (LCA) to create an EK credential, encrypting the EK credential and LCA credential using the plurality of session keys, sending encrypted data to the source platform (107), decrypting the data using the plurality of session keys, validating EK credentials, requesting vTPM instance state, encrypting state with public key of LCA, sending encrypted state to destination migration controller, decrypting state using a private key of the LCA, sending decrypted state to the manager, saving a new state, starting vTPM with the new state and returning a success signal to the source migration controller.

There is also provided a method of migrating virtual Trusted Platform Module (vTPM) instance from a source platform network connectable to a destination platform, the method includes the steps of creating a plurality of session keys to be passed together with the migration signal, sending a signal to a Resource Manager Destination (RMD), creating at least one vTPM instance, creating an endorsement key (EK) and Local Certificate Authority (LCA) to create an EK credential, encrypting the EK credential and LCA credential using the plurality of session keys, sending encrypted data to a Resource Manager Source (RMS), decrypting the data using the plurality of session keys, validating EK credentials, encrypting state with public key of LCA, sending encrypted state to the RMD, decrypting state using a private key of the LCA, saving a new state, starting vTPM with the new state and returning a Success signal to the RMS.

The present invention consists of several novel features and a combination of parts hereinafter fully described and illustrated in the accompanying description and drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The drawings constitute part of this specification and include an exemplary or preferred embodiment of the invention, which may be embodied in various forms. It should be understood, however, the disclosed preferred embodiments are merely exemplary of the invention. Therefore, the figures (not to scale) disclosed herein are not to be interpreted as limiting, but merely as the basis for the claims and for teaching one skilled in the art of the invention,

Figure 1 shows a block diagram of a preferred embodiment of a migration system of virtual Trusted Platform Module (vTPM) instance;

Figure 2 shows a flowchart describing steps of a first embodiment of a method of migrating virtual Trusted Platform Module (vTPM) instance; and

Figure 3 shows a flowchart describing steps of a second embodiment of a method of migrating virtual Trusted Platform Module (vTPM) instance.

DETAILED DESCRlFTiON OF THE PREFERRED EMBODIMENTS

The present invention relates to a migration system of virtual Trusted Platform Module (vTPM) instance from a source platform network connectable to a destination platform and methods of migrating thereof. Hereinafter, this specification will describe the present invention according to the preferred embodiments of the present invention. However, it is to be understood mat limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned that those skilled in the art may devise various modifications and equivalents without departing from the scope of the appended claims.

The following detailed description of the preferred embodiments will now be described in accordance with trie attached drawings, either individually or in combination. Figure 1 shows an embodiment of a migration system (200) of virtual Trusted Platform Module (vTPM) instance from a source platform (107) network connectable to a destination platform (108). The system (200) includes a resource manager positionable on a migration source server, wherein the resource manager is network connectable to a source migration controller positionable on the source platform (107), a resource manager positionable on a migration destination server, wherein the resource manager is network connectable to a destination migration controller positionable on the destination platform (108)» wherein a plurality of session keys are used for tracking of migration when a secure channel is established beforehand. The system (200) as seen in Figure 1 further includes Virtual Machine (VM) server services (100) network connectable to a primary vTPM server (102), secondary vTPM server (104), a source platform (107) and a destination platform (108).

In deploying the system (200), the VM server services (100) is network connectable to the primary vTPM server (102) and the secondary vTPM server (103) in a source platform (107). The primary vTPM server (102) is connectable through a secured network (103) to the secondary vTPM server (104). The destination VM server services is network connectable to a destination primary vTPM server and a destination secondary vTPM server in the destination platform (108). The destination primary vTPM server is connectable through a secured network (103) to the destination secondary vTPM server. The source platform (107) is connectable through secured networks (105, 106, 109, 110) to the destination network (108).

A method of migrating virtual Trusted Platform Module (vTPM) instance from a source platform (107) network connectable to a destination platform (108) is described as seen in Figure 2. The method includes the steps of sending a migration signal to a source migration controller, creating a plurality of session keys to be passed together with the migration signal, retrieving the migration signal, notifying a manager at a destination server, creating at least one vTPM instance, creating an endorsement key (EK) and Local Certificate Authority (LCA) to create an EK credential, encrypting the EK credential and LCA credential using the plurality of session keys, sending encrypted data to the source platform (107), decrypting the data using the plurality of session keys, validating EK credentials, requesting vTPM instance state, encrypting state with public key of LCA, sending encrypted state to destination migration controller, decrypting state using a private key of the LCA, sending decrypted state to the manager, saving a new state, starting vTPM with the new state and returning a success signal to the source migration controller.

The method further includes the steps of deleting migrated vTPM instance state, destroying vTPM instance and updating information regarding deleted vTPM instance. Virtual TPM instance migration is described herein as a migration of vTPM states between a virtual TPM instance on the source platform (107) and a virtual TPM instance cm the destination platform (108). In this embodiment of the invention, a Resource Manager on the source server, such as a Resource Manager Source (RMS), sends a migration signal to source migration controller on the source server. A signal is sent to the virtual TPM instance to save its state. The source migration controller starts to create a notice or a plurality of session keys to be passed together with the migration signal to the destination migration controller. It is to be appreciated by a person skilled in the art that a secure channel is established beforehand to ensure integrity of communication network. When the destination migration controller retrieves the migration signal from the source platform (107), the destination migration controller notifies the Resource Manager at the destination platform (108). In this embodiment the Resource Manager at the destination server is a Resource Manager Destination (RMD). The RMD creates a vTPM instance. Then, the created vTPM instance creates ail Endorsement Key (EK) and subsequently a Local Certificate Authority (LCA) will create an EK credential for the new vTPM instance. RMD will send the EK credential and the Local CA credential to the destination migration controller. The destination migration controller encrypts the EK credential and LCA credential using the nonce or plurality of session keys. The destination migration controller then sends the encrypted blob of the EK credential and LCA credential to the source migration controller on the source platform (107).

The virtual TPM migration is further based on the migration of a plurality of vTPM states from the source platform (107) to the destination platform (108). The source migration controller receives the encrypted blob and then decrypts the encrypted blob using the nonce or the plurality of session keys that was created before. Validity of the EK credential is then verified. When the EK credential of a vTPM instance is correct, then the source migration controller requests the vTPM instance state from the RMS. The source migration controller then encrypts the state of a vTPM instance using Public Key of Local CA obtained from the LCA credential. The encrypted state then is passed to the destination migration controller on the destination platform (108).

The destination migration controller interacts with the LCA to decrypt the vTPM instance state using the Private Key of the LCA. The destination migration controller then will pass the vTPM instance state to the RMD. The RMD saves the state and starts the new vTPM with the new state file. After a vTPM instance state has been successfully saved, then the destination migration controller sends a return success signal to the source migration controller. After the source migration controller receives the success signal, the source migration controller sends the signal to RMS. RMS then deletes the migrated virtual TPM instance state and destroys the vTPM instance. RMS updates information regarding the deleted vTPM instance.

A second embodiment of the method of migrating virtual Trusted Platform Module (vTPM) instance from a source platform (107) network connectable to a destination platform (108) as seen in Figure 3 is described herein. The method includes the steps of creating a plurality of session keys to be passed together with the migration signal, sending a signal to a Resource Manager Destination (RMD), creating at least one vTPM instance, creating an endorsement key (EK) and Local Certificate Authority (LCA) to create an EK credential, encrypting the EK credential and LCA credential using the plurality of session keys, sending encrypted data to a Resource Manager Source (RMS), decrypting the data using the plurality of session keys, validating EK credentials, encrypting state with public key of LCA, sending encrypted state to the RMD, decrypting state using a private key of the LCA, saving a new state, starting vTPM with the new state and returning a success signal to the RMS.

The method further includes the steps of deleting migrated vTPM instance state, destroying vTPM instance and updating information regarding deleted vTPM instance.

Further, the method includes the steps of sending a signal to a vTPM and saving a state of a vTPM instance, before the steps above are performed. Virtual TPM instance migration is described as the migration of the vTPM state between a vTPM instance on the source platform (107) and a vTPM instance on the destination platform (108). Resource Manager Source (RMS) sends a migration signal to vTPM instance to save state and shutdown. The RMS starts creating a nonce or a plurality of session keys to be passed together with the migration signal to the Resource Manager Destination (RMD) at the destination platform (108). It is to be appreciated by a person skilled in the art that a secure channel is established beforehand to ensure integrity of communication network.

When the RMD retrieves the migration signal from the source platform (107). the RMD men creates a new vTPM instance. Then, the newly created vTPM instance creates an Endorsement Key (EK) and subsequently the Local Certificate Authority (LCA) creates an EK credential for the new vTPM instance. The vTPM instance then returns the EK certificate to the RMD and then RMD encrypts the EK credential and LCA credential using the nonce or the plurality of session keys that were sent earlier.

The vTPM migration is further based on the migration of vTPM states from the source platform (107) to the destination platform (108). The RMD then sends the encrypted blob of the EK credential and LCA credential to the RMS on the source platform (107). The RMS receives the encrypted blob and then decrypts the encrypted blob using the nonce or the plurality of session keys that were created before and also checks the validity of the EK credentials. When the EK credentials have been verified as correct or valid, then the RMS encrypts the state of the vTPM instance using the Public Key of LCA obtained from the LCA credential. The encrypted state then is passed to the RMD on the destination platform (108). The RMD of the destination platform (108) then interacts with the LCA to decrypt the vTPM instance state using the Private Key of the LCA. The RMD saves the state and starts the new vTPM with a new state file. After a vTPM instance state has been successfully saved* then the RMD sends the return success signal to the RMS. After the RMS receives the success signal from the destination platform (108), the RMS then deletes the migrated vTPM instance state and destroys the vTPM instance. The RMS then updates information regarding the deleted vTPM instance.

This invention is adapted for migrating a virtual TPM (vTPM) instance from a source platform to a dest ination in a networked environment by ensuring that a chain of trust of the vTPM is maintained even though the vTPM has been moved to another physical location. This is done by providing proof of the destination to the source and also by using session keys and credentials to ensure correct data is transmitted.