SYSTEMS AND METHODS FOR SECURED KEY MANAGEMENT VIA HARDWARE SECURITY MODULE FOR CLOUD-BASED WEB SERVICES
First Claim
1. A system for secured key management and crypto operations for cloud-based web services, comprising:
- a plurality of hardware security module (HSM) service units, wherein each of the HSM service units further comprises;
an HSM virtual machine (VM) running on a host, which in operation, is configured to communicate with a web service host and to offload its key management and crypto operations via a secured communication channel over a network;
an HSM partition running on an HSM adapter, wherein the HSM partition is configured to;
store keys and credentials of the web service host in a key store in an isolated and tamper proof environment on the HSM adapter;
perform the crypto operations offloaded from the web service host using the stored keys and credentials of the web service host;
provide result of the crypto operations to the web service host via the secured communication channel.
3 Assignments
0 Petitions
Accused Products
Abstract
A new approach is proposed that contemplates systems and methods to support security management for a plurality of web services hosted in a cloud at a data center to offload their crypto operations to one or more hardware security modules (HSMs) deployed in the cloud. Each HSM is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security solution for crypto acceleration of the web services. Each HSM includes multiple partitions, wherein each HSM partition is dedicated to support one of the web service hosts/servers to offload their key management and crypto operations via one of a plurality of HSM virtual machine (VM) over the network. An HSM managing VM can also be deployed to monitor and manage the operations of the HSM-VMs to support a plurality of web services.
-
Citations
35 Claims
-
1. A system for secured key management and crypto operations for cloud-based web services, comprising:
a plurality of hardware security module (HSM) service units, wherein each of the HSM service units further comprises; an HSM virtual machine (VM) running on a host, which in operation, is configured to communicate with a web service host and to offload its key management and crypto operations via a secured communication channel over a network; an HSM partition running on an HSM adapter, wherein the HSM partition is configured to; store keys and credentials of the web service host in a key store in an isolated and tamper proof environment on the HSM adapter; perform the crypto operations offloaded from the web service host using the stored keys and credentials of the web service host; provide result of the crypto operations to the web service host via the secured communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
22. A method for secured key management and crypto operations for cloud-based web services, comprising:
-
communicating with a web service host and offloading its key management and crypto operations to an HSM service host via a secured communication channel over a network; storing keys and credentials of the web service host in a key store of an HSM partition of the HSM service host in an isolated and tamper proof environment on an HSM adapter; performing the crypto operations offloaded from the web service host by the HSM partition using stored keys and credentials of the web service host; providing result of the crypto operations to the web service host via the secured communication channel. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification