SYSTEMS AND METHODS FOR HARDWARE SECURITY MODULE AS CERTIFICATE AUTHORITY FOR NETWORK-ENABLED DEVICES
First Claim
1. A system, comprising:
- a hardware security module (HSM) comprisinga trusted local certificate authority (CA) running on the HSM, wherein the trusted local CA is configured to issue a certificate to each of a plurality of network-enabled devices for authentication;
a plurality of HSM service units running on the HSM, wherein each of the HSM service units is configured to process key management and crypto operations offloaded from the network-enabled device once it is authenticated;
said plurality of network-enabled devices each configured toaccept its certificate for authentication from the trusted local CA;
establish a secured communication channel with the HSM over a network and present the certificate to the HSM in a request for authentication;
offload its key management and crypto operations to one of the HSM service units over the secured communication channel once the network-enabled device is authenticated.
0 Assignments
0 Petitions
Accused Products
Abstract
A new approach is proposed that contemplates systems and methods to support a trusted local certificate authority (CA) running on a hardware security module (HSM), wherein the trusted local CA is configured to issue a certificate to each of a plurality of network-enabled devices for authentication. The HSM further includes a plurality of HSM service units each configured to process key management and crypto operations offloaded from each of the network-enabled devices once it is authenticated. Each of the network-enabled devices is configured to accept its certificate for authentication from the trusted local CA, establish a secured communication channel with the HSM over a network and present the certificate to the HSM in a request for authentication, and offload its key management and crypto operations to one of the HSM service units once the network-enabled device is authenticated.
19 Citations
28 Claims
-
1. A system, comprising:
-
a hardware security module (HSM) comprising a trusted local certificate authority (CA) running on the HSM, wherein the trusted local CA is configured to issue a certificate to each of a plurality of network-enabled devices for authentication; a plurality of HSM service units running on the HSM, wherein each of the HSM service units is configured to process key management and crypto operations offloaded from the network-enabled device once it is authenticated; said plurality of network-enabled devices each configured to accept its certificate for authentication from the trusted local CA; establish a secured communication channel with the HSM over a network and present the certificate to the HSM in a request for authentication; offload its key management and crypto operations to one of the HSM service units over the secured communication channel once the network-enabled device is authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
issuing a certificate to each of a plurality of network-enabled devices for authentication via a trusted local certificate authority (CA) running on a hardware security module (HSM); accepting the certificate from the trusted local CA by the network-enabled device; establishing a secured communication channel with the HSM over a network and present the certificate to the HSM in a request for authentication; authenticating the network-enabled device via the certificate issued by the local CA; creating a HSM service unit on the HSM to serve key management and crypto operations of the network-enabled device once it is authenticated; offloading the key management and crypto operations of the network-enabled device to the HSM service unit; processing the key management and crypto operations offloaded from the network-enabled device by its HSM service unit. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification