Cryptographic-key management device
First Claim
1. A cryptographic-key management device comprising:
- a secure cryptographic module comprising a first memory storing a private cryptographic key of a plurality of public/private key pairs, the secure cryptographic module adapted to zeroize the first memory in response to physical disruption of the module;
a secure microcontroller in communication with and adapted to control operation of the secure cryptographic module, the secure microcontroller comprising a second memory storing the public keys of the plurality of public/private key pairs and a self-destruct pin whose activation disables the microcontroller; and
a package encapsulating the secure cryptographic module and the secure microcontroller, the package linked with the self-destruct pin to activate the self-destruct pin in response to a breach of the package.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic-key management device is provided. A secure cryptographic module is provided with a first memory storing a private cryptographic key of multiple public/private key pairs. The secure cryptographic module is adapted to zeroize the first memory in response to physical disruption of the module. A secure microcontroller is provided in communication with and adapted to control operation of the secure cryptographic module. The secure microcontroller has a second memory storing the public keys of the public/private key pains and a self-destruct pin whose activation disables the microcontroller. A package encapsulates the secure cryptographic module and the secure microcontroller, and is linked with the self-destruct pin to activate the self-destruct pin in response to a breach of the package.
32 Citations
29 Claims
-
1. A cryptographic-key management device comprising:
-
a secure cryptographic module comprising a first memory storing a private cryptographic key of a plurality of public/private key pairs, the secure cryptographic module adapted to zeroize the first memory in response to physical disruption of the module;
a secure microcontroller in communication with and adapted to control operation of the secure cryptographic module, the secure microcontroller comprising a second memory storing the public keys of the plurality of public/private key pairs and a self-destruct pin whose activation disables the microcontroller; and
a package encapsulating the secure cryptographic module and the secure microcontroller, the package linked with the self-destruct pin to activate the self-destruct pin in response to a breach of the package. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for fabricating a cryptographic-key management device, the method comprising:
-
providing a secure cryptographic module comprising a first memory and adapted to zeroize the first memory in response to physical disruption of the module;
providing a secure microcontroller in communication with the secure cryptographic module, the secure microcontroller comprising a second memory and a self-destruct pin whose activation disables the microcontroller;
storing a private cryptographic key of a plurality of public/private key pairs in the first memory;
storing the public keys of the plurality of public/private key pains in the second memory; and
encapsulating the secure cryptographic module and the secure microcontroller within a package linked with the self-destruct pin to activate the self-destruct pin in response to a breach of the package. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An optical-card network comprising:
-
a plurality of transaction processing units, each such unit comprising;
a cryptographic-key management device having a securely stored private key for that cryptographic-key management device and securely stored public keys for a plurality of cryptographic-key management devices comprised by the network;
an optical-card read/write drive in communication with the cryptographic-key management device and adapted to exchange data with optical cards; and
a processor in communication with and adapted to control operation of the cryptographic-key management device and the optical-card read/write drive; and
a plurality of optical cards. - View Dependent Claims (24, 25, 26, 27, 28, 29)
-
Specification