LOCATING CRYPTOGRAPHIC KEYS STORED IN A CACHE

US 20130326233A1
Filed: 07/02/2013
Published: 12/05/2013
Est. Priority Date: 04/28/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first key packet that includes a cryptographic key identifier and an encrypted cryptographic key;

locating a second key packet stored in a cache by using the cryptographic key identifier of the first key packet, the cryptographic key identifier being an actual memory address in the cache;

retrieving the second key packet from the cache;

determining that the first key packet matches the second key packet by comparing a portion of the first key packet with a portion of the second key packet;

in response to determining that the first key packet matches the second key packet, retrieving a cryptographic key associated with the second key packet from the cache; and

performing a cryptographic key operation using the retrieved cryptographic key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments provide various techniques for locating cryptographic keys stored in a cache. The cryptographic keys are temporarily stored in the cache until retrieved for use in a cryptographic operation. The cryptographic key may be located or found through reference to its cryptographic key identifier. In an example, a particular cryptographic key may be needed for a cryptographic operation. The cache is first searched to locate this cryptographic key. To locate the cryptographic key, the cryptographic key identifier that is associated with this cryptographic key is provided. In turn, the cryptographic key identifier may be used as an address into the cache. The address identifies a location of the cryptographic key within the cache. The cryptographic key may then be retrieved from the cache at the identified address and then used in the cryptographic operation.

Citations

20 Claims

1. A method comprising:
- receiving a first key packet that includes a cryptographic key identifier and an encrypted cryptographic key;
  
  locating a second key packet stored in a cache by using the cryptographic key identifier of the first key packet, the cryptographic key identifier being an actual memory address in the cache;
  
  retrieving the second key packet from the cache;
  
  determining that the first key packet matches the second key packet by comparing a portion of the first key packet with a portion of the second key packet;
  
  in response to determining that the first key packet matches the second key packet, retrieving a cryptographic key associated with the second key packet from the cache; and
  
  performing a cryptographic key operation using the retrieved cryptographic key.
- View Dependent Claims (2, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the cache stores a plurality of key packets at a corresponding plurality of memory addresses.
  - 4. The method of claim 1, wherein the first key packet also includes an encrypted signing key and a key signature.
  - 5. The method of claim 4, wherein comparing the portion of the first key packet with the portion of the second key packet includes comparing (i) cryptographic key identifiers of the first and second key packets, (ii) encrypted cryptographic keys of the first and second key packets, (iii) encrypted signing keys of the first and second key packets, or (iv) key signatures of the first and second key packets.
  - 6. The method of claim 1, wherein the cryptographic key identifier of the first key packet is a randomly assigned number.
  - 7. The method of claim 1, wherein the cryptographic key operation includes a decryption operation.
  - 8. The method of claim 1, wherein the cryptographic key operation includes an encryption operation.

3. The method of claim 3, wherein locating the second key packet stored in the cache includes comparing the cryptographic key identifier of the first key packet with each memory address of the plurality of memory addresses in the cache.

9. A non-transitory computer-readable medium storing instructions that, when executed by a processor, cause the processor to perform operations comprising:
- receiving a first key packet that includes a cryptographic key identifier and an encrypted cryptographic key;
  
  locating a second key packet stored in a cache by using the cryptographic key identifier of the first key packet, the cryptographic key identifier being an actual memory address in the cache;
  
  retrieving the second key packet from the cache;
  
  determining that the first key packet matches the second key packet by comparing a portion of the first key packet with a portion of the second key packet;
  
  in response to determining that the first key packet matches the second key packet, retrieving a cryptographic key associated with the second key packet from the cache; and
  
  performing a cryptographic key operation using the retrieved cryptographic key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable medium of claim 9, wherein the cache stores a plurality of key packets at a corresponding plurality of memory addresses.
  - 11. The non-transitory computer-readable medium of claim 10, wherein the instructions cause the processor to locate the second key packet stored in the cache by comparing the cryptographic key identifier of the first key packet with each memory address of the plurality of memory addresses in the cache.
  - 12. The non-transitory computer-readable medium of claim 10, wherein the first key packet also includes an encrypted signing key and a key signature.
  - 13. The non-transitory computer-readable medium of claim 12, wherein the instructions cause the processor to compare the portion of the first key packet with the portion of the second key packet by comparing (i) cryptographic key identifiers of the first and second key packets, (ii) encrypted cryptographic keys of the first and second key packets, (iii) encrypted signing keys of the first and second key packets, or (iv) key signatures of the first and second key packets.
  - 14. The non-transitory computer-readable medium of claim 9, wherein the cryptographic key identifier of the first key packet is a randomly assigned number.
  - 15. The non-transitory computer-readable medium of claim 9, wherein the cryptographic key operation includes a decryption operation.
  - 16. The non-transitory computer-readable medium of claim 9, wherein the cryptographic key operation includes an encryption operation.

17. A system comprising:
- one or more client devices;
  
  a storage system coupled to a plurality of storage devices; and
  
  a computing device to communicate with the one or more client devices and the storage system, the computing device comprising;
  
  a processor; and
  
  a memory storing instructions that cause the processor to perform operations comprising;
  
  receiving a first key packet that includes a cryptographic key identifier and an encrypted cryptographic key;
  
  locating a second key packet stored in a cache by using the cryptographic key identifier of the first key packet, the cryptographic key identifier being an actual memory address in the cache;
  
  retrieving the second key packet from the cache;
  
  determining that the first key packet matches the second key packet by comparing a portion of the first key packet with a portion of the second key packet;
  
  in response to determining that the first key packet matches the second key packet, retrieving a cryptographic key associated with the second key packet from the cache; and
  
  performing a cryptographic key operation using the retrieved cryptographic key.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the instructions cause the processor to compare the portion of the first key packet with the portion of the second key packet by comparing (i) cryptographic key identifiers of the first and second key packets, (ii) encrypted cryptographic keys of the first and second key packets, (iii) encrypted signing keys of the first and second key packets, or (iv) key signatures of the first and second key packets.
  - 19. The system of claim 17, wherein the cryptographic key identifier of the first key packet is a randomly assigned number.
  - 20. The system of claim 17, wherein the cryptographic key operation includes a decryption operation or an encryption operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Tolfmans, Joakim

Granted Patent

US 9,129,121 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/79   in semiconductor storage me...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

LOCATING CRYPTOGRAPHIC KEYS STORED IN A CACHE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

LOCATING CRYPTOGRAPHIC KEYS STORED IN A CACHE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links