SYSTEMS AND METHODS FOR HIGH AVAILABILITY OF HARDWARE SECURITY MODULES FOR CLOUD-BASED WEB SERVICES

US 20150358312A1
Filed: 05/28/2015
Published: 12/10/2015
Est. Priority Date: 06/05/2014
Status: Abandoned Application

First Claim

Patent Images

1. A system to support high availability (HA) of hardware security modules (HSMs) for cloud-based web services, comprising:

an HSM HA domain including a plurality of HSM adapters, wherein each of the HSM adapters further comprises;

a plurality of active HSM partitions running on each of the HSM adapters, wherein each of the HSM partitions is configured to perform key management and crypto operations offloaded from a web service host;

an HSM managing virtual machine (VM) running on a host, which in operation, is configured to;

monitor load information on key management and crypto operations currently being performed by the HSM partitions running on the HSM adapters in the HSM HA domain;

identify one or more second HSM partitions running on the HSM adapters if a first HSM partition serving the offloaded key management and crypto operations is determined to be overloaded based on the load information;

distribute at least a portion of the offloaded key management and crypto operations from the first HSM partition to the second HSM partitions.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new approach is proposed to support high availability (HA) of hardware security module (HSM) adapters in an HSM HA domain for web services hosted in a cloud to offload their key storage, management, and crypto operations to the HSM adapters. Each of the HSM adapters is a high-performance, FIPS 140-compliant security solution and includes multiple partitions isolated from each other each dedicated to support one of the web service hosts to offload its key management crypto operations. An HSM managing virtual machine (VM) monitors load information on the operations currently being performed by the HSM partitions in the HSM HA domain and identifies one or more second HSM partitions if a first HSM partition serving the operations is determined to be overloaded. The HSM managing VM then distributes a portion of the offloaded key management and crypto operations from the first HSM partition to the second HSM partitions.

Citations

34 Claims

1. A system to support high availability (HA) of hardware security modules (HSMs) for cloud-based web services, comprising:
- an HSM HA domain including a plurality of HSM adapters, wherein each of the HSM adapters further comprises;
  
  a plurality of active HSM partitions running on each of the HSM adapters, wherein each of the HSM partitions is configured to perform key management and crypto operations offloaded from a web service host;
  
  an HSM managing virtual machine (VM) running on a host, which in operation, is configured to;
  
  monitor load information on key management and crypto operations currently being performed by the HSM partitions running on the HSM adapters in the HSM HA domain;
  
  identify one or more second HSM partitions running on the HSM adapters if a first HSM partition serving the offloaded key management and crypto operations is determined to be overloaded based on the load information;
  
  distribute at least a portion of the offloaded key management and crypto operations from the first HSM partition to the second HSM partitions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein:
    - the HSM adapter is a multi-chip embedded Federal Information Processing Standards (FIPS) 140-compliant hardware/firmware cryptographic module including, a security processor configured to enable cryptographic acceleration by performing the crypto operations with hardware accelerators and embedded software implementing security algorithms.
  - 3. The system of claim 1, wherein:
    - at least one of the second HSM partitions runs on the same HSM adapter as the first HSM partition.
  - 4. The system of claim 1, wherein:
    - at least one of the second HSM partitions runs on a different HSM adapter from the first HSM partition.
  - 5. The system of claim 4, wherein:
    - the HSM partitions running on different HSM adapters in the HSM HA domain are configured to communicate with each other over one or more back channels each running in parallel to a secured communication channel between the first HSM partition and the web service host.
  - 6. The system of claim 1, wherein:
    - the first HSM partition is configured to maintain information/entries of the second HSM partitions that share its loads in the HSM HA domain.
  - 7. The system of claim 1, wherein:
    - the second HSM partitions are configured to serve the offloaded key management and crypto operations independently or together with the first HSM partition.
  - 8. The system of claim 1, wherein:
    - the HSM managing VM is configured to monitor the load information on the offloaded key management and crypto operations either via push notifications by the HSM partitions or by polling from the HSM partitions.
  - 9. The system of claim 1, wherein:
    - the HSM managing VM is configured to adjust configuration of the HSM HA domain dynamically by adding and/or removing one or more second HSM partitions currently not serving the web service host to and/or from the HSM HA domain.
  - 10. The system of claim 9, wherein:
    - the HSM managing VM is configured to copy the key store of the first HSM partition to a newly added HSM partition.
  - 11. The system of claim 9, wherein:
    - the HSM managing VM is configured to delete information/entries of a second HSM partition from the first HSM partition when the second HSM partition is removed from the HSM HA domain.
  - 12. The system of claim 1, wherein:
    - the HSM HA domain includes one primary HSM partition and one or more secondary HSM partitions, wherein the primary HSM is solely responsible in the HSM HA domain for maintaining objects used for the key management and crypto operations of the web service host.
  - 13. The system of claim 12, wherein:
    - only the primary HSM partition is accessible by the web service host via a secured communication channel.
  - 14. The system of claim 12, wherein:
    - the objects in the key store include one or more of credentials, certificates, and keys of the web service host.
  - 15. The system of claim 12, wherein:
    - the primary HSM partition is configured to create and/or delete objects in the key store.
  - 16. The system of claim 12, wherein:
    - the primary HSM partition is configured to automatically update and synchronize its key store with the secondary HSM partitions so that all HSM partitions in the same HSM HA domain are in sync with respect to their key stores and all have the same objects with the same key handles as well as attributes associated with the objects.
  - 17. The system of claim 16, wherein:
    - the HSM managing VM is configured to utilize a secured key exchange mechanism to generate a shared key masking key (KMK) to encrypt the objects in the key store of the primary HSM partition before they are synchronized/transmitted to the secondary HSM partitions running on a different HSM adapter from the primary HSM partition.
  - 18. The system of claim 12, wherein:
    - the HSM managing VM is configured to identify a secondary HSM partition as a new primary HSM partition if the current primary HSM partition fails.
  - 19. The system of claim 1, wherein:
    - the HSM managing VM 106 is configured to clone and/or replicate some or all HSM partitions on a first HSM adapter to a second HSM adapter in the same HSM HA domain by exporting the HSM partitions and their key stores from the first HSM adapter and creating the HSM partitions and their key stores on the second HSM adapter.
  - 20. The system of claim 19, wherein:
    - the HSM managing VM is configured to restore objects of the web service host in the key stores of the HSM partitions on the second HSM adapter, wherein the objects are exported and transmitted from the first HSM adapter as one or more separate blobs to the second HSM adapter while the HSM partitions are created on the second HSM adapter.

21. A method to support high availability (HA) of hardware security modules (HSMs) for cloud-based web services, comprising:
- performing key management and crypto operations offloaded from a web service host via one or more of a plurality of HSM partitions running on one or more HSM adapters in an HSM HA domain having a plurality of HSM adapters;
  
  monitoring load information on the offloaded key management and crypto operations currently being performed by the HSM partitions running on the HSM adapters in the HSM HA domain;
  
  identifying one or more second HSM partitions running on the HSM adapters if a first HSM partition serving the offloaded key management and crypto operations is determined to be overloaded based on the load information;
  
  distributing at least a portion of the offloaded key management and crypto operations from the first HSM partition to the second HSM partitions.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 22. The method of claim 21, further comprising:
    - enabling the HSM partitions running on different HSM adapters in the HSM HA domain to communicate with each other over one or more back channels each running in parallel to a secured communication channel between the first HSM partition and the web service host.
  - 23. The method of claim 21, further comprising:
    - maintaining on the first HSM partition information/entries of the second HSM partitions that share its loads in the HSM HA domain.
  - 24. The method of claim 21, further comprising:
    - enabling the second HSM partitions to serve the offloaded key management and crypto operations independently or together with the first HSM partition.
  - 25. The method of claim 21, further comprising:
    - monitoring the load information on the offloaded key management and crypto operations either via push notifications by the HSM partitions or by polling from the HSM partitions.
  - 26. The method of claim 21, further comprising:
    - adjusting configuration of the HSM HA domain dynamically by adding and/or removing one or more second HSM partitions currently not serving the web service host to and/or from the HSM HA domain.
  - 27. The method of claim 26, further comprising:
    - copying the key store of the first HSM partition to a newly added second HSM partition.
  - 28. The method of claim 26, further comprising:
    - deleting information/entries of a second HSM partition from the first HSM partition when the second HSM partition is removed from the HSM HA domain.
  - 29. The method of claim 21, further comprising:
    - designating one primary HSM partition and one or more secondary HSM partitions in the HSM HA domain, wherein the primary HSM is solely responsible in the HSM HA domain for maintaining objects used for the key management and crypto operations of the web service host.
  - 30. The method of claim 29, further comprising:
    - automatically updating and synchronizing the key store of the primary HSM partition with the secondary HSM partitions so that all HSM partitions in the same HSM HA domain are in sync with respect to their key stores and all have the same objects with the same key handles as well as attributes associated with the objects.
  - 31. The method of claim 30, further comprising:
    - utilizing a secured key exchange mechanism to generate a shared key masking key (KMK) to encrypt the objects in the key store of the primary HSM partition before they are synchronized/transmitted to the secondary HSM partitions running on a different HSM adapter from the primary HSM partition.
  - 32. The method of claim 29, further comprising:
    - identifying a secondary HSM partition as a new primary HSM partition if the current primary HSM partition fails.
  - 33. The method of claim 21, further comprising:
    - cloning and/or replicating some or all HSM partitions on a first HSM adapter to a second HSM adapter in the same HSM HA domain by exporting the HSM partitions and their key stores from the first HSM adapter and creating the HSM partitions and their key stores on the second HSM adapter.
  - 34. The method of claim 33, further comprising:
    - restoring objects of the web service host in the key stores of the HSM partitions on the second HSM adapter, wherein the objects are exported and transmitted from the first HSM adapter as one or more separate blobs to the second HSM adapter while the HSM partitions are created on the second HSM adapter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cavium, LLC (Marvell Technology Group Limited)
Original Assignee
Cavium, LLC (Marvell Technology Group Limited)
Inventors
KANCHARLA, Phanikumar, MANAPRAGADA, Ram Kumar

Application Number

US14/723,999
Publication Number

US 20150358312A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 21/335   for accessing specific reso...

G06F 21/602   Providing cryptographic fac...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/04   for providing a confidentia...

H04L 63/0485   Networking architectures fo...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 9/321   involving a third party or ...

H04L 9/3268   using certificate validatio...

SYSTEMS AND METHODS FOR HIGH AVAILABILITY OF HARDWARE SECURITY MODULES FOR CLOUD-BASED WEB SERVICES

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR HIGH AVAILABILITY OF HARDWARE SECURITY MODULES FOR CLOUD-BASED WEB SERVICES

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links