Inventors:
- Armonk NY, US
Elaine R. Palmer - Hanover NH, US
Kenneth A. Goldman - Norwalk CT, US
William E. Hall - Clinton CT, US
Hugo M. Krawczyk - Tarrytown NY, US
David D. Sanner - Rochester MN, US
Christopher J. Engel - Rochester MN, US
Peter A. Sandon - Essex Junction VT, US
International Classification:
H04L 29/06
H04L 9/08
G06F 9/445
G06F 9/455
G06F 9/4401
Abstract:
A method and computer system for implementing authentication protocol for merging multiple server nodes with trusted platform modules (TPMs) utilizing provisioned node certificates to support concurrent node add and node remove. Each of the multiple server nodes boots an instance of enablement level firmware and extended to a trusted platform module (TPM) on each node as the server nodes are powered up. A hardware secure channel is established between the server nodes for firmware message passing as part of physical configuration of the server nodes to be merged. A shared secret is securely exchanged via the hardware secure channel between the server nodes establishing an initial authentication value shared among all server nodes. All server nodes confirm common security configuration settings and exchange TPM log and platform configuration register (PCR) data to establish common history for future attestation requirements, enabling dynamic changing the server nodes and concurrently adding and removing nodes.