SYSTEMS AND METHODS FOR SECURED HARDWARE SECURITY MODULE COMMUNICATION WITH WEB SERVICE HOSTS
First Claim
1. A system for secured hardware security module (HSM) communication for cloud-based web services, comprising:
- a plurality of HSM service units, wherein each of the HSM service units further comprises;
an HSM virtual machine (VM) running on a host, which in operation, is configured to;
establish a secured communication channel with a web service host over a network;
authenticate the web service host based on credentials provided by the web service host;
offload key management and crypto operations from the web service host to an HSM partition of an HSM adapter once the web service host is authenticated;
provide results of the key management and crypto operations to the web service host via the secured communication channel;
said HSM partition running on the HSM adapter, wherein the HSM partition is configured to perform the key management and crypto operations offloaded from the web service host.
3 Assignments
0 Petitions
Accused Products
Abstract
A new approach is proposed that contemplates systems and methods to support security communication between a hardware security module (HSM) and for a plurality of web services hosted in a cloud to offload their key storage, management, and crypto operations to the HSM. Each of a plurality of HSM virtual machines (VMs) establishes a secure communication channel with a web service hosts/server to offload its key management and crypto operations to a HSM partition of the HSM dedicated to support the web service. An HSM managing VM can also be deployed to monitor and manage the operations of the HSM-VMs to support the plurality of web service hosts.
-
Citations
27 Claims
-
1. A system for secured hardware security module (HSM) communication for cloud-based web services, comprising:
a plurality of HSM service units, wherein each of the HSM service units further comprises; an HSM virtual machine (VM) running on a host, which in operation, is configured to; establish a secured communication channel with a web service host over a network; authenticate the web service host based on credentials provided by the web service host; offload key management and crypto operations from the web service host to an HSM partition of an HSM adapter once the web service host is authenticated; provide results of the key management and crypto operations to the web service host via the secured communication channel; said HSM partition running on the HSM adapter, wherein the HSM partition is configured to perform the key management and crypto operations offloaded from the web service host. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
17. A method for secured hardware security module (HSM) communication for cloud-based web services, comprising:
-
establishing a secured communication channel between a web service host and a hardware security module (HSM) virtual machine (VM) created on a host, wherein the HSM-VM is dedicated to an HSM partition of an HSM adapter in a one-to-one correspondence; authenticating the web service host based on credentials provided by the web service host; offloading key management and crypto operations from the web service host to the HSM partition once the web service host is authenticated; performing the key management and crypto operations offloaded from the web service host via the HSM partition; providing results of the key management and crypto operations to the web service host via the secured communication channel. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification