Systems and methods for using extended hardware security modules
First Claim
1. A method of managing processing modules available to remote clients over a computer network in order to provide confidentiality, non-repudiation, and authentication to the clients, comprising the steps of:
- providing at least one secure processing module having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the first processor to selectively load and run a plurality of logical layers and allows the secure processing module to run at least one application software program;
initiating said at least one secure processing module by storing thereon a private cryptographic key corresponding to a public cryptographic key, as well as a signed public key certificate for the said public cryptographic key, wherein the signed public key certificate is signed by a signor entity related to at least one of a production and sale of said secure processing module;
connecting said at least one secure processing module to a computer network, wherein the step of connecting allows the at least one secure processing module to communicate electrical signals over the computer network;
receiving through the computer network an electronic request from a requesting party for allocation of said at least one secure processing module;
allocating said at least one secure processing module, wherein the step of allocating comprises the at least one secure processing module proving to said requesting party knowledge of the said private cryptographic key;
the requesting party verifying said signed public key certificate using a second certificate provided to the requesting party, wherein verification comprises identifying said signor entity as the signor of the signed public key certificate; and
at least reconfiguring said at least one secure processing module to be allocated and providing identifying information to the party from whom the electronic request was received; and
wherein said step of allocating said at least one secure processing module selectively causes said requesting party from whom the electronic request was received to transmit at least one of encrypted client data and encrypted client software to at least one of the allocated secure processing modules; and
wherein said step of allocating said at least one secure processing module selectively causes said requesting party from whom the electronic request was received to at least one of;
receive encrypted processed data and interface with client application software programs, wherein said encrypted processed data embody the encrypted client data after being decrypted, processed, and encrypted on the allocated secure processing module and said client application software programs embody the encrypted client software after being decrypted and run on the allocated secure processing module.
1 Assignment
0 Petitions
Accused Products
Abstract
An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.
34 Citations
24 Claims
-
1. A method of managing processing modules available to remote clients over a computer network in order to provide confidentiality, non-repudiation, and authentication to the clients, comprising the steps of:
-
providing at least one secure processing module having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the first processor to selectively load and run a plurality of logical layers and allows the secure processing module to run at least one application software program; initiating said at least one secure processing module by storing thereon a private cryptographic key corresponding to a public cryptographic key, as well as a signed public key certificate for the said public cryptographic key, wherein the signed public key certificate is signed by a signor entity related to at least one of a production and sale of said secure processing module; connecting said at least one secure processing module to a computer network, wherein the step of connecting allows the at least one secure processing module to communicate electrical signals over the computer network; receiving through the computer network an electronic request from a requesting party for allocation of said at least one secure processing module; allocating said at least one secure processing module, wherein the step of allocating comprises the at least one secure processing module proving to said requesting party knowledge of the said private cryptographic key;
the requesting party verifying said signed public key certificate using a second certificate provided to the requesting party, wherein verification comprises identifying said signor entity as the signor of the signed public key certificate; and
at least reconfiguring said at least one secure processing module to be allocated and providing identifying information to the party from whom the electronic request was received; andwherein said step of allocating said at least one secure processing module selectively causes said requesting party from whom the electronic request was received to transmit at least one of encrypted client data and encrypted client software to at least one of the allocated secure processing modules; and wherein said step of allocating said at least one secure processing module selectively causes said requesting party from whom the electronic request was received to at least one of;
receive encrypted processed data and interface with client application software programs, wherein said encrypted processed data embody the encrypted client data after being decrypted, processed, and encrypted on the allocated secure processing module and said client application software programs embody the encrypted client software after being decrypted and run on the allocated secure processing module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus, for use over a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising:
-
an anti-tamper enclosure; a first discrete processor; a non-transitory memory; a cryptography module, wherein the first discrete processor, the non-transitory memory, and the cryptography module are interconnected inside the anti-tamper enclosure and together form a secure processing module which comprises an extended hardware security module; wherein said non-transitory memory includes instructions that selectively cause the first discrete processor to selectively load and run a plurality of logical layers; wherein said secure processing module is configured to; (1) run at least one application software program; (2) connect to said computer network and allow said secure processing module to communicate electrical signals over the computer network; (3) initiate said secure processing module by storing on the secure processing module a private cryptographic key corresponding to a public cryptographic key and a signed public key certificate for said public cryptographic key, wherein the signed public key certificate is signed by a signor entity related to the at least one of a production and sale of said at least one secure processing module; (4) receive through the computer network an electronic request from a requesting party for allocation of said secure processing module; (5) prove to the requesting party from whom the electronic request was received knowledge of the private cryptographic key, reconfigure said secure processing module so that said secure processing module is allocated, and provide identifying information to the requesting party; (6) receive at least one of encrypted client data and encrypted client software; and (7) provide at least one of encrypted processed data and an interface to client application software programs, wherein said encrypted processed data embody the encrypted client data after being decrypted, processed, and encrypted and said client application software programs embody the encrypted client software after being decrypted and run on the apparatus. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
Specification