Stateless hardware security module
First Claim
1. A secure data processing method comprising:
- storing at least one cipher key in at least one data memory in an integrated circuit;
maintaining the at least one cipher key within a security boundary associated with the integrated circuit;
using the at least one cipher key within the security boundary; and
enforcing policy associated with the at least one cipher key.
6 Assignments
0 Petitions
Accused Products
Abstract
Stateless hardware security modules facilitate securing data transfers between devices in a data communication system. The stateless hardware security module may communicate with other devices via a secure communication channel to securely transfer information between the client device and another device. As a result, sensitive information such as cryptographic keys and data may be securely routed between the client device and another device. The stateless hardware security module may support a limited set of key management operations to facilitate routing of information between the client device and another device. However, the stateless hardware security module does not need to maintain state information for the keys it maintains and/or uses. As a result, the stateless hardware security module may be advantageously integrated into a variety of client devices. A stateless hardware security module may support receiving keys in a secure manner from another device and storing and using these keys within a secure boundary. A stateless hardware security module may support generating a private/public key pair within a secure boundary, maintaining the private key within the secure boundary, and exporting the public key to an authenticating entity.
135 Citations
36 Claims
-
1. A secure data processing method comprising:
-
storing at least one cipher key in at least one data memory in an integrated circuit;
maintaining the at least one cipher key within a security boundary associated with the integrated circuit;
using the at least one cipher key within the security boundary; and
enforcing policy associated with the at least one cipher key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A security processing system comprising:
-
at least one key generator for generating an identity cipher key within an integrated circuit;
at least one data memory within the integrated circuit for storing the identity cipher key; and
at least one processor for processing data using the identity cipher key within the integrated circuit and for enforcing policy associated with key usage. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A security processing system comprising:
-
at least one data interface for receiving an identity cipher key within an integrated circuit;
at least one data memory within the integrated circuit for storing the identity cipher key; and
at least one processor for processing data using the identity cipher key within the integrated circuit and for enforcing policy associated with key usage. - View Dependent Claims (19, 20, 21)
-
-
22. A secured data transmission system, comprising:
-
at least one data channel;
at least one main security module for distributing encrypted cipher keys over at the least one data channel; and
at least one stateless security module for receiving encrypted cipher keys over the at least one data channel and for encrypting or decrypting data using the cipher keys. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. A method for providing secured data transmission comprising the steps of:
-
establishing communication over a data channel between a main security module and a stateless security module;
establishing a secure channel over the data channel;
generating at least one cipher key in a main security module;
transmitting the at least one cipher key to the stateless security module over the secure channel; and
using the at least one cipher key within a security boundary associated with the stateless security module. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
-
Specification