COMPOSITE CRYPTOGRAPHIC ACCELERATOR AND HARDWARE SECURITY MODULE
First Claim
1. A cryptographic device combining cryptographic functionality for generating and protecting secrets with dedicated cryptographic hardware, the cryptographic device comprising:
- memory;
a security module including a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, wherein the master key is stored within the memory, and a software portion configured to manage the use of the at least one cryptographic key in performance of at least one service related application; and
cryptographic hardware configured to accelerate computation of cryptographic functionalities using the at least one cryptographic key in performance of the at least one service related application.
1 Assignment
0 Petitions
Accused Products
Abstract
The functionality of a hardware security module is combined with that of a cryptographic accelerator in a single device. A single device comprising a hardware security module configured to generate and securely store at least one cryptographic key is combined with hardware configured to accelerate cryptographic computations associated with a plurality of encryption algorithms. The cryptographic keys generated are managed entirely within the composite HSM cryptographic accelerator. Once generated, cryptographic keys may be stored either within the device or outside the device in an encrypted form. The master key used to encrypt the cryptographic keys remains within the device at all times and is isolated on a separate bus. Clear text versions of the cryptographic keys are not accessible outside of the composite HSM cryptographic accelerator.
-
Citations
20 Claims
-
1. A cryptographic device combining cryptographic functionality for generating and protecting secrets with dedicated cryptographic hardware, the cryptographic device comprising:
-
memory; a security module including a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, wherein the master key is stored within the memory, and a software portion configured to manage the use of the at least one cryptographic key in performance of at least one service related application; and cryptographic hardware configured to accelerate computation of cryptographic functionalities using the at least one cryptographic key in performance of the at least one service related application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for secure cryptographic key management in financially related services, the system comprising:
-
a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, the master key remaining within the cryptographic device; a software portion configured to manage the use of the at least one cryptographic key in performance of at least one financially related service application; a software portion configured to transport requests generated by the at least one financially related service application to cryptographic hardware constructed to accelerate computation of cryptographic functionalities identified by the at least one financially related service application using the at least one cryptographic key wherein transport of the at least one cryptographic key is conducted entirely within the system. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A cryptographic device, comprising:
-
a security module including a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, wherein the master key is stored within the cryptographic device, and a software portion configured to manage the use of the at least one cryptographic key in performance of chaining together commands directed by at least one service related application such that intermediate cryptographic results are unavailable outside of the cryptographic device; and cryptographic hardware configured to accelerate computation of cryptographic functionalities as directed by the at least on service related application using the at least one cryptographic key. - View Dependent Claims (20)
-
Specification