Abstract: A method of provisioning a secured storage device for use with a trusted host platform enables the trusted host platform to access both a first secured network operating in a first security domain and a second secured network operating in a second security domain without exposing the first and second security domains to one another. An enrollment agent provides access to a certificate authority associated with the first security domain to obtain authentication and authorization materials for a user authorized to access the first secured network. Likewise, an enrollment agent provides access to a certificate authority associated with the second security domain to obtain authentication and authorization materials for the user when the user is authorized to access the second secured network.

Abstract: The invention provides methods and apparatus, including computer program products, implementing and using techniques for providing access from a trusted host platform to a first secured network operating on a first security domain and a second secured network operating on a second security domain. In some embodiments, a first virtual machine associated with the first secured network is instantiated on the trusted host platform. A second virtual machine associated with the second secured network is also instantiated on the trusted host platform. A first connection is established between the first virtual machine on the trusted host platform and the first secured network using at least a first virtual secure storage device. A second connection also established between the second virtual machine on the trusted host platform and the second secured network using at least a second virtual secure storage device.