Identity based hierarchical sessions

Identity based hierarchical sessions

A computer-implemented method, for establishing identity-based hierarchical sessions on a hardware security module (HSM) for binding secure keys to a guest system, comprises: establishing a communication channel between the guest system and the HSM 102, wherein the communication channel is identity-...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Tamas Visegrady, Volker Urban, Eric David Rossman, Reinhard Buendgen, Michael Hocker
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A computer-implemented method, for establishing identity-based hierarchical sessions on a hardware security module (HSM) for binding secure keys to a guest system, comprises: establishing a communication channel between the guest system and the HSM 102, wherein the communication channel is identity-based, end-to-end and encrypted, thereby establishing a session; transferring login information of the guest system through the communication channel to the HSM 104; maintaining a predefined security level throughout a hierarchy of the sessions 106, wherein no child session has a higher security level than its parent session; and performing a challenge-response protocol based on a session ownership verification with the guest 108, such that an HSM generated and secured key is bound to an associated session. The guest system may be executed on a hypervisor. Establishing the communication session may be based on a public/private key pair of said HSM and a transmitted code allowing the derivation of a symmetrical encryption/decryption key based on a Diffie-Hellman algorithm.