DATA SECURITY WITH A SECURITY MODULE
First Claim
Patent Images
1. A computer-implemented method for key management, comprising:
- under control of a computer system configured with executable instructions,storing secret information in memory of the computer system;
detecting an event that triggers a transition into an administrative mode in which one or more administrative operations are permitted as a result of transitioning into the administrative mode; and
as a result of detecting the triggering event, rendering inaccessible information necessary to access the secret information in plaintext form.
1 Assignment
0 Petitions
Accused Products
Abstract
A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.
-
Citations
20 Claims
-
1. A computer-implemented method for key management, comprising:
under control of a computer system configured with executable instructions, storing secret information in memory of the computer system; detecting an event that triggers a transition into an administrative mode in which one or more administrative operations are permitted as a result of transitioning into the administrative mode; and as a result of detecting the triggering event, rendering inaccessible information necessary to access the secret information in plaintext form. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A computer system, comprising:
-
memory comprising; volatile memory; and non-volatile memory; and one or more processors collectively configured with executable instructions that, as a result of being executed by the processor, cause the processor to; manage secret information stored in the memory such that the secret information is unable to be stored in the non-volatile memory in plaintext form; and upon detection of a security event, configure the memory such that the secret information is unavailable in plaintext form to the computer system. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system, comprising:
-
a plurality of security modules, each security module of the plurality of security modules configured to; store a set of keys; and detect a security event and, as a result of detecting the security event, deny itself access to the set of keys; and a management subsystem configured to; use a selected security module from the plurality of security modules to respond to requests for performance of cryptographic operations; and for a particular security module that has denied itself access to the set of keys, obtain and provide, to the particular security module, encrypted information from one or more other security modules that enables the particular security module to regain access to the set of keys. - View Dependent Claims (15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium having stored thereon instructions that, as a result of being executed by a processor of a computer system, cause the computer system to at least:
-
store secret information in a memory of the computer system; detect a transition of the computer system into an administrative mode in which an operator is allowed to access contents of the memory; and as a result of detecting the transition, cause information necessary to access the secret information in plaintext form to be inaccessible to the computer system. - View Dependent Claims (19, 20)
-
Specification