KEY MANAGEMENT IN SECURE NETWORK ENCLAVES
First Claim
1. A method of operating a computer system to provide secure communications, the computer system comprising a plurality of host devices interconnected by a network and organized into enclaves, and the method comprising:
- in each enclave of the plurality of enclaves, providing a plurality of pair-wise enclave keys, the plurality of pair-wise enclave keys comprising, for each of a plurality of pairs of enclaves including the enclave, a pair-wise enclave key;
in at least one processor, for each of a plurality of enclaves, computing for each of a plurality of server devices in the enclave a plurality of server keys, each of the plurality of server keys being computed from a pair-wise enclave key for a pair of enclaves including the enclave of the server;
establishing a security association between a first host device in a first enclave of the plurality of enclaves and a second host device in a second enclave of the plurality of enclaves, the establishing comprising;
with the first host device, generating security parameters of the security association, the security parameters being generated from a selected server key of the plurality of server keys computed for the first host device, the server key comprising a server key computed from a pair-wise enclave key for the first enclave and the second enclave.
2 Assignments
0 Petitions
Accused Products
Abstract
A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.
-
Citations
20 Claims
-
1. A method of operating a computer system to provide secure communications, the computer system comprising a plurality of host devices interconnected by a network and organized into enclaves, and the method comprising:
-
in each enclave of the plurality of enclaves, providing a plurality of pair-wise enclave keys, the plurality of pair-wise enclave keys comprising, for each of a plurality of pairs of enclaves including the enclave, a pair-wise enclave key; in at least one processor, for each of a plurality of enclaves, computing for each of a plurality of server devices in the enclave a plurality of server keys, each of the plurality of server keys being computed from a pair-wise enclave key for a pair of enclaves including the enclave of the server; establishing a security association between a first host device in a first enclave of the plurality of enclaves and a second host device in a second enclave of the plurality of enclaves, the establishing comprising; with the first host device, generating security parameters of the security association, the security parameters being generated from a selected server key of the plurality of server keys computed for the first host device, the server key comprising a server key computed from a pair-wise enclave key for the first enclave and the second enclave. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of operating a computing device to provide secure communications in a computing system, the computing system comprising a plurality of host devices interconnected by a network and organized into enclaves, each enclave comprising at least a host device, the method comprising:
in a computing device; detecting a message between a first host in a first enclave and a second host in a second enclave transmitted in accordance with a security association between the first host and the second host; based on key derivation information in the message and a pair-wise enclave key for the first enclave and the second enclave, generating a security association key; performing a cryptographic function on the message with the generated security association key. - View Dependent Claims (11, 12, 13, 14, 15)
-
16. A method of operating a computing system to provide secure communications, the computing system comprising a plurality of host devices interconnected by a network and organized into enclaves, and the method comprising:
-
for each enclave of the plurality of enclaves, providing a plurality of pair-wise enclave keys; and establishing a security association between a first host device in a first enclave of the plurality of enclaves and a second host device in a second enclave of the plurality of enclaves, the establishing comprising; generating a pair-wise enclave key for the first enclave and the second enclave; and with the first host device, generating security parameters of the security association, the generating comprising; generating a server key from the pair-wise enclave key and a server identifier associated with the first host; generating a security association key from the server key and a key derivation value for the security association; and communicating the security parameters to the second host device. - View Dependent Claims (17, 18, 19, 20)
-
Specification