Universal secure messaging for cryptographic modules
First Claim
1. A secure messaging method for securely exchanging information between a host computer system and a functionally connected cryptographic module comprising the steps of:
- a. generating a pair of identical session keys, b. performing a secure key exchange between said host computer system and said cryptographic module such that said host computer system and said cryptographic module each receives one session key of said pair of identical session keys, c. generating a unique session identifier, d. associating said unique session identifier with said pair of identical session keys, and e. performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module.
3 Assignments
0 Petitions
Accused Products
Abstract
An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.
125 Citations
21 Claims
-
1. A secure messaging method for securely exchanging information between a host computer system and a functionally connected cryptographic module comprising the steps of:
-
a. generating a pair of identical session keys, b. performing a secure key exchange between said host computer system and said cryptographic module such that said host computer system and said cryptographic module each receives one session key of said pair of identical session keys, c. generating a unique session identifier, d. associating said unique session identifier with said pair of identical session keys, and e. performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A secure messaging method for reactivating a previously established messaging session between a host computer system and a functionally connected cryptographic module comprising the steps of:
-
a. sending a unique session identifier associated with a previously exchanged pair of identical session keys from said host computer system to said cryptographic module, b. retrieving a session key associated with said unique session identifier, and c. mutually verifying said host computer system and said cryptographic module using said previously exchanged pair of identical session keys. - View Dependent Claims (9)
-
-
10. An secure messaging system for securely exchanging information between a host computer system and a functionally connected cryptographic module comprising:
-
said host computer system including;
a Host Security Manager application including means for;
generating a session key pair, associating at least one session key of said session key pair with a unique session identifier, performing a secure key exchange with said cryptographic module, wherein a session key associated with said unique session identifier is securely transferred to said cryptographic module, and performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module;
said cryptographic module including;
a Security Executive application including means for;
generating said unique session identifier, associating said unique session identifier with said exchanged key, and performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for causing a host computer system to establish an secure messaging session with a cryptographic module for the secure exchange of information, said executable instructions comprising computer readable program code means for causing said computer to,
a. generate a pair of identical session keys, b. perform a secure key exchange between said host computer system and said cryptographic module such that said host computer system and said cryptographic module each receives one session key of said pair of identical session keys, c. generate a unique session identifier, d. associate said unique session identifier with said pair of identical session keys, and e. perform counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module.
-
20. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for causing a host computer system to reestablish an secure messaging session with a cryptographic module for the secure exchange of information, said executable instructions comprising computer readable program code means for causing said computer to:
-
a. send a unique session identifier associated with a previously exchanged pair of identical session keys from said host computer system to said cryptographic module, b. retrieve a session key associated with said unique session identifier, and c. mutually verify said host computer system and said cryptographic module using said previously exchanged pair of identical session keys. - View Dependent Claims (21)
-
Specification