METHOD AND APPARATUS FOR PROVIDING REDUNDANT AND RESILIENT CRYPTOGRAPHIC SERVICES

METHOD AND APPARATUS FOR PROVIDING REDUNDANT AND RESILIENT CRYPTOGRAPHIC SERVICES

A cryptographic system (200) providing redundant and resilient cryptographic services to a computer system (120). Upon receiving a request for cryptographic services, a cryptographic services interface (207) running on a first operating environment (210) processes the request. The cryptographic serv...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: DEAN, DAVID, A, MILLIGAN, ANDREW DAVID, SALAMON, GARY, KAIN, MICHAEL, T, CLAYTON, KEVIN, F
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
ADVERTISING
CALCULATING
CODING OR CIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHERPURPOSES INVOLVING THE NEED FOR SECRECY
COMPUTING
COUNTING
CRYPTOGRAPHY
DISPLAY
EDUCATION
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
SEALS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A cryptographic system (200) providing redundant and resilient cryptographic services to a computer system (120). Upon receiving a request for cryptographic services, a cryptographic services interface (207) running on a first operating environment (210) processes the request. The cryptographic services interface (207) is initialized with information specific to available operating environments (220, 230, 240) connected to the first operating environment (210) over a secure connection (124) and maintains communication protocols for various communication interfaces in the other alternate operating environments (220, 230, 240) accessible over the secure connection (124). The cryptographic services interface (207) communicates with the alternate operating environments (220, 230, 240) over communication dialogs (e.g. TCP protocol) (245, 249, 251). When processing the cryptographic service requests, the cryptographic services interface (207) facilitates the creation of cryptographic services sessions (261, 263, 265, 267) between the requestor (203, 205) and the desired cryptographic services (223, 224, 243) running on the alternate operating environments (220, 230, 240). In turn, the cryptographic services perform cryptographic functions, such as encryption, decryption, digital signing, verification, message digest creation, and random number generation on received requests. Once processed, requests are communicated back over the secure connection (124) to the requestor (203, 205) for use. The cryptographic system further monitors and stores information about the processing performed by the cryptographic services (223, 224, 243) that utilize state information when processing. Monitoring may entail processing such that if cryptographic services fail or malfunction during processing, the failed request may be re-submitted to the cryptographic services interface (207) to establish a new independent cryptographic services session (267) with cryptographic services (243) performing the same cryptographic function running on another available operating environment (240). This process allows for distributed, redundant, and resilient processing of requests for cryptographic services.