Abstract: A method and apparatus are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement key, which is stored only within a corresponding virtual TPM. Using the virtual endorsement key, each virtual TPM also generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.

Abstract: Multiple logical partitions are provided in a data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions. Contexts are swapped into and out of the hardware TPM during runtime of the data processing system so that when ones of the partitions require access to the hardware TPM, their required contexts are currently stored in the hardware TPM.

Abstract: Electronic circuit chips which include cryptography functions are arranged in multichip configurations through the utilization of a shared external memory. Security of the chips is preserved via a handshaking protocol which permits each chip to access limited portions of the memory as defined in a way that preserves the same high security level as the tamper proof chips themselves. The chips may be operated to work on different tasks or to work on the same task thus providing a mechanism for trading off speed versus redundancy where desired.

Abstract: A mechanism is provided in which access to the functionality present on an integrated circuit chip is controllable via an encrypted certificate of authority which includes time information indicating allowable periods of operation or allowable duration of operation. The chip includes at least one cryptographic engine and at least one processor. The chip also contains hard coded cryptographic keys including a chip private key, a chip public key and a third party's public key. The chip is also provided with a battery backed up volatile memory which contains information which is used to verify authority for operation. The certificate of authority is also used to control not only the temporal aspects of operation but is also usable to control access to certain functionality that may be present on the chip, such as access to some or all of the cryptographic features provided in conjunction with the presence of the cryptographic engine, such as key size.

Abstract: The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of simultaneous operation in two subphases per processing element and the chaining together of processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a pardonable chain with separate parts for processing factors of the modulus.

Abstract: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions.

Abstract: A computer implemented method for recovering a partition context in the event of a system or hardware device failure. Upon receiving a command from a partition to modify context data in a trusted platform module (TPM) hardware device, a trusted platform module input/output host partition (TMPIOP) provides an encrypted copy of the context data and the command to the TPM hardware device, which processes the command and updates the context data. If the TPM hardware device successfully processes the command, the TMPIOP receives the updated context data from the TPM hardware device and stores the updated context data received in encrypted form in a context data cache or a non-volatile storage off-board the TPM hardware device. If the TPM hardware device fails to successfully process the command, the TMPIOP uses a last valid copy of the context data to retry processing of the command on a different TPM hardware device.

Abstract: A method is described for implementing a trusted computing environment within a data processing system where the data processing system includes a single hardware trusted platform module (TPM). Multiple logical partitions are provided in the data processing system. A unique context is generated for each one of the logical partitions. When one of the logical partitions requires access to the hardware TPM, that partition's context is required to be stored in the hardware TPM. The hardware TPM includes a finite number of storage locations, called context slots, for storing contexts. Each context slot can store one partition's context. Each one of the partitions is associated with one of the limited number of context storage slots in the hardware TPM. At least one of the context slots is simultaneously associated with more than one of the logical partitions.

Abstract: The partitioning of large arrays in the hardware structure, for multiplication and addition, into smaller structures results in a multiplier design which includes a series of nearly identical processing elements linked together in a chained fashion. As a result of simultaneous operation in two subphases per processing element and the chaining together of processing elements, the overall structure is operable in a pipelined fashion to improve throughput and speed. The chained processing elements are constructed so as to provide a pardonable chain with separate parts for processing factors of the modulus.

Abstract: A method and apparatus are provided for identifying a defective processor of a plurality of processors of a multi-processor system. In such method, a first command is submitted to a first processor and to a second processor within the multi-processor system. The first command is executed by each of the first and second processors. A first result of executing the first command by the first processor is compared with a second result of executing the second command by the second processor. A hard error is indicated when the first result does not match the second result. To further isolate a fault within the system, commands are submitted to different pairings of processors and the results are compared to isolate a faulty processor from among them.

Abstract: A computer implemented method for recovering a partition context in the event of a system or hardware device failure. Upon receiving a command from a partition to modify context data in a trusted platform module (TPM) hardware device, a trusted platform module input/output host partition (TMPIOP) provides an encrypted copy of the context data and the command to the TPM hardware device, which processes the command and updates the context data. If the TPM hardware device successfully processes the command, the TMPIOP receives the updated context data from the TPM hardware device and stores the updated context data received in encrypted form in a context data cache or a non-volatile storage off-board the TPM hardware device. If the TPM hardware device fails to successfully process the command, the TMPIOP uses a last valid copy of the context data to retry processing of the command on a different TPM hardware device.

Abstract: Electronic circuit chips which include cryptography functions are arranged in multichip configurations through the utilization of a shared external memory. Security of the chips is preserved via a handshaking protocol which permits each chip to access limited portions of the memory as defined in a way that preserves the same high security level as the tamper proof chips themselves. The chips may be operated to work on different tasks or to work on the same task thus providing a mechanism for trading off speed versus redundancy where desired.

Abstract: A method, apparatus, and computer program product are disclosed in a data processing system for establishing virtual endorsement credentials. The data processing system includes a hardware trusted platform module (TPM). Logical partitions are generated in the system. A different virtual TPM is generated for each one of the logical partitions. For each one of the logical partitions, the virtual TPM that was generated for the logical partition then dynamically generates a virtual endorsement credential for use by the logical partition that includes the virtual TPM. The virtual endorsement credential is generated within the data processing system without the data processing system or its devices accessing a trusted third party that is external to the data processing system.

Abstract: An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using one or more cryptographic keys passed to the command processor. The decrypted information is stored in a preferably volatile, on-chip memory in unencrypted form. The flow control circuit is then able to accept requests which invoke the stored, decrypted instructions. More specifically, the invoked instructions are usable to control the cryptographic engines present on the chip in ways knowable only to the one who provides the encrypted instructions. In this way, many different encryption algorithms are employable in a secure fashion.

Abstract: A mechanism is provided in which access to the functionality present on an integrated circuit chip is controllable via an encrypted certificate of authority which includes time information indicating allowable periods of operation or allowable duration of operation. The chip includes at least one cryptographic engine and at least one processor. The chip also contains hard coded cryptographic keys including a chip private key, a chip public key and a third party's public key. The chip is also provided with a battery backed up volatile memory which contains information which is used to verify authority for operation. The certificate of authority is also used to control not only the temporal aspects of operation but is also usable to control access to certain functionality that may be present on the chip, such as access to some or all of the cryptographic features provided in conjunction with the presence of the cryptographic engine, such as key size.

Abstract: A mechanism is provided in which a secure chip for performing cryptographic and/or other functions is able to securely access a separate random access memory externally disposed with respect to a secure chip boundary. Addressing of the external memory is controlled so as to define certain regions therein which receive and store only encrypted information from the chip. Other regions of the external memory are set aside for the receipt and storage of unencrypted information. Access to the external memory is provided through a controlled interface which communicates with internal chip hardware which operates to control the flow of communication between various internal components such as cryptographic engines, data processors, internal memory of both the volatile and the nonvolatile variety and an external interface which provides the only other access to the chip.

Abstract: A system and method are provided in which a third party chip vendor is enabled to securely program an electronic circuit chip supplied from a chip manufacturer. The chip vendor supplies a vendor's public cryptography key to the chip manufacturer who hard codes it on the chip along with a chip private key and a chip public key. One or more cryptographic engines on the chip, which preferably has a tamper resistant/detecting boundary, are used to decrypt program instructions supplied to the chip after having been encrypted with the vendor's private key and the chip public key. The chip includes a processor and an associated memory which receives a version of the instructions decrypted with the chip private key and the vendor's public key. The chip also preferably includes programmable hardware which is also securely programmable by the downstream chip vendor.

Abstract: An integrated circuit chip is provided which contains one or more processors and one or more cryptographic engines. A flow control circuit having a command processor accepts requests and data via a secure external interface through which only encrypted information is passed. The flow control circuit mediates decryption of this information using cryptographic keys that are present in hard coded form on the chip. In particular the flow control circuit includes a programmable hardware portion which is configurable in a secure manner to create a flexible internal chip architecture. The chip also includes a volatile memory disposed on a voltage island on which is maintained either through a battery backup or from a fixed power source (mains). The chip is thus enabled to securely perform cryptographic operations with the processors controlling the cryptographic engines through the flow control circuit.

Abstract: A system and method are provided for securely providing configuration information, that is, programming, to programmable hardware such as a Field Programmable Gate Array (FPGA) or a Programmable Logic Device (PLD). Security is provided by first verifying authority to enter configuration information via the decryption of an encrypted certificate of authority. The decryption is carried out using a cryptography engine disposed on the chip containing the programmable hardware. Additionally, the configuration information is itself provided in an encrypted form which requires recognition of the certificate of authority in order to decrypt it and to place it in storage locations within the programmable hardware. In this manner, the flexibility advantages of programmable hardware are fully met without the disadvantage of the programmable hardware being compromised by other users.

Abstract: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system. The data processing system includes a primary hardware trusted platform module (TPM) and a secondary hardware backup TPM. The data processing system also includes multiple logical partitions. The primary hardware TPM is used to provide trusted computing services to the logical partitions. A determination is made as to whether the primary hardware TPM is malfunctioning. If a determination is made that the primary hardware TPM is malfunctioning, the secondary hardware TPM is designated as a new primary hardware TPM and is utilized instead of the primary TPM to provide trusted computing services to the logical partitions.