COMPOSITE CRYPTOGRAPHIC ACCELERATOR AND HARDWARE SECURITY MODULE

US 20080181399A1
Filed: 01/29/2007
Published: 07/31/2008
Est. Priority Date: 01/29/2007
Status: Abandoned Application

First Claim

Patent Images

1. A cryptographic device combining cryptographic functionality for generating and protecting secrets with dedicated cryptographic hardware, the cryptographic device comprising:

memory;

a security module including a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, wherein the master key is stored within the memory, and a software portion configured to manage the use of the at least one cryptographic key in performance of at least one service related application; and

cryptographic hardware configured to accelerate computation of cryptographic functionalities using the at least one cryptographic key in performance of the at least one service related application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The functionality of a hardware security module is combined with that of a cryptographic accelerator in a single device. A single device comprising a hardware security module configured to generate and securely store at least one cryptographic key is combined with hardware configured to accelerate cryptographic computations associated with a plurality of encryption algorithms. The cryptographic keys generated are managed entirely within the composite HSM cryptographic accelerator. Once generated, cryptographic keys may be stored either within the device or outside the device in an encrypted form. The master key used to encrypt the cryptographic keys remains within the device at all times and is isolated on a separate bus. Clear text versions of the cryptographic keys are not accessible outside of the composite HSM cryptographic accelerator.

Citations

20 Claims

1. A cryptographic device combining cryptographic functionality for generating and protecting secrets with dedicated cryptographic hardware, the cryptographic device comprising:
- memory;
  
  a security module including a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, wherein the master key is stored within the memory, and a software portion configured to manage the use of the at least one cryptographic key in performance of at least one service related application; and
  
  cryptographic hardware configured to accelerate computation of cryptographic functionalities using the at least one cryptographic key in performance of the at least one service related application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The cryptographic device of claim 1 wherein the security module is configured to perform symmetric and asymmetric cryptography.
  - 3. The cryptographic device of claim 1 wherein cryptographic commands are chained together such that intermediate cryptographic results remain secure.
  - 4. The cryptographic device of claim 3 wherein the security module within the cryptographic device is configured to generate, translate, and validate personal identification numbers to provide consumer authentication.
  - 5. The cryptographic device of claim 1 wherein commands directed by an application using the cryptographic device can be run concurrently within the device.
  - 6. The cryptographic device of claim 5 wherein the security module within the cryptographic device is configured to generate card verification values and to associate those values with valid consumer cards.
  - 7. The cryptographic device of claim 1 wherein the cryptographic device concurrently and securely stores in the memory the at least one cryptographic key while the at least one cryptographic key is used in conjunction with the at least on service application.
  - 8. The cryptographic device of claim 1 wherein the cryptographic hardware is configured to support at least one cryptographic algorithm.
  - 9. The cryptographic device of claim 8 wherein the at least one cryptographic algorithm is selected from a group consisting of exponential key exchange, advanced encryption standard, data encryption standard, triple data encryption standard, Rivest Shamir Adleman, digital signal algorithm, message-digest algorithm 5, secure hash algorithm and random number generation.
  - 10. The cryptographic device of claim 1 further comprising an input/output interface configured to support peripheral component interface express protocols.
  - 11. The cryptographic device of claim 1 wherein the security module includes a services library that includes a plurality of application program interfaces and a software driver to interact with the cryptographic hardware, and where commands directed by an application using the cryptographic device are formed using contiguous blocks of data such that intermediate cryptographic results are not disclosed.

12. A system for secure cryptographic key management in financially related services, the system comprising:
- a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, the master key remaining within the cryptographic device;
  
  a software portion configured to manage the use of the at least one cryptographic key in performance of at least one financially related service application;
  
  a software portion configured to transport requests generated by the at least one financially related service application to cryptographic hardware constructed to accelerate computation of cryptographic functionalities identified by the at least one financially related service application using the at least one cryptographic key wherein transport of the at least one cryptographic key is conducted entirely within the system.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The system of claim 12 further comprising a memory configured to securely store the master key.
  - 14. The system of claim 12 wherein the software portion configured to manage the use of the at least one cryptographic key is configured to perform symmetric and asymmetric cryptography.
  - 15. The system of claim 12 wherein cryptographic hardware is configured to generate, translate, and validate personal identification numbers to provide consumer authentication.
  - 16. The system of claim 12 wherein cryptographic hardware is configured to support at least one cryptographic algorithm.
  - 17. The system of claim 16 wherein the at least one cryptographic algorithm is selected from a group consisting of exponential key exchange, advanced encryption standard, data encryption standard, triple data encryption standard, Rivest Shamir Adleman, digital signal algorithm, message-digest algorithm 5, secure hash algorithm and random number generation.
  - 18. The system of claim 12 further comprising a services library that includes an application program interface to interact with each at least one financially related service application.

19. A cryptographic device, comprising:
- a security module including a software portion configured to generate at least one cryptographic key and encrypt the at least one cryptographic key using a master key, wherein the master key is stored within the cryptographic device, and a software portion configured to manage the use of the at least one cryptographic key in performance of chaining together commands directed by at least one service related application such that intermediate cryptographic results are unavailable outside of the cryptographic device; and
  
  cryptographic hardware configured to accelerate computation of cryptographic functionalities as directed by the at least on service related application using the at least one cryptographic key.
- View Dependent Claims (20)
- - 20. The device of claim 19 wherein the commands directed by the at least one service related application are formed using contiguous blocks of data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Weise, Joel M., Morton, Gary D.

Application Number

US11/668,358
Publication Number

US 20080181399A1
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 21/72   in cryptographic circuits

H04L 2209/12   Details relating to cryptog...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0877   using additional device, e....

H04L 9/0897   involving additional device...

H04L 9/3226   using a predetermined code,...

COMPOSITE CRYPTOGRAPHIC ACCELERATOR AND HARDWARE SECURITY MODULE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

COMPOSITE CRYPTOGRAPHIC ACCELERATOR AND HARDWARE SECURITY MODULE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links