Enabling a securing of cryptographic operations

Enabling a securing of cryptographic operations

A method of generating a key for securing cryptographic operations executed by a stateless hardware security module (HSM) for a client workload (e.g. a program, an application or software running on a client). The HSM receives a key generation request from the client workload 200, and an attestation...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Muhammad Usman Karim Khan, Timo Kussmaul
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method of generating a key for securing cryptographic operations executed by a stateless hardware security module (HSM) for a client workload (e.g. a program, an application or software running on a client). The HSM receives a key generation request from the client workload 200, and an attestation document signed by an attestation service 202. The key generation request and the attestation document are verified by the HSM using one or more predefined requirements of a workload policy 204. Upon successful verification the HSM determines a set of one or more workload requirements for the client workload 206. A key is generated by the HSM and used to encode the one or more workload requirements as one or more attributes of the generated key 208. The HSM encrypts the generated key and one or more attributes with an HSM key and returns the encrypted key and attributes to the client workload 210. The attributes of the key define workload requirements that must be satisfied for the workload to use the key. The workload may use the key by sending a request that it be used to perform some cryptographic operation to the HSM.