Method and system for protecting master secrets using smart key devices
First Claim
1. A data processing system comprising:
- a removable hardware device including;
means for storing a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair;
a first hardware interface for electrically engaging a system unit; and
means for authenticating a hardware security unit;
a system unit including;
a second hardware interface for electrically engaging the removable hardware device; and
a hardware security unit including;
means for storing a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair;
means for authenticating the removable hardware device; and
means for enabling the system unit to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit after the removable hardware device and the hardware security unit have been mutually authenticated.
3 Assignments
0 Petitions
Accused Products
Abstract
A data processing system accepts a removable hardware device, which becomes electrically engaged with a system unit within the data processing system, after which the removable hardware device and the hardware security unit mutually authenticate themselves. The removable hardware device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable hardware device. In response to successfully performing the mutual authentication operation between the removable hardware device and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit.
98 Citations
48 Claims
-
1. A data processing system comprising:
-
a removable hardware device including;
means for storing a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair;
a first hardware interface for electrically engaging a system unit; and
means for authenticating a hardware security unit;
a system unit including;
a second hardware interface for electrically engaging the removable hardware device; and
a hardware security unit including;
means for storing a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair;
means for authenticating the removable hardware device; and
means for enabling the system unit to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit after the removable hardware device and the hardware security unit have been mutually authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for performing cryptographic functions, the method comprising:
-
electrically engaging a removable hardware device with a system unit, wherein the system unit includes a hardware security unit, wherein the removable hardware device contains a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair, and wherein the hardware security unit contains a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair;
performing a mutual authentication operation between the removable hardware device and the hardware security unit; and
in response to successfully performing the mutual authentication operation between the removable hardware device and the hardware security unit, enabling the system unit to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer program product on a computer readable medium for use in a data processing system for performing cryptographic functions, the computer program product comprising:
-
means for electrically engaging a removable hardware device with a system unit, wherein the system unit includes a hardware security unit, wherein the removable hardware device contains a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair, and wherein the hardware security unit contains a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair;
means for performing a mutual authentication operation between the removable hardware device and the hardware security unit; and
means for enabling the system unit to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit in response to successfully performing the mutual authentication operation between the removable hardware device and the hardware security unit. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
Specification