Cryptographic facility environment backup/restore and replication in a public key cryptosystem
First Claim
1. In a data processing system which includes a first cryptographic facility containing configuration information for configuring said first cryptographic facility and coupled to a second cryptographic facility in a public key cryptographic system, a method for duplicating a configuration of said first cryptographic facility, comprising the steps of:
- generating a public key and a private key as a pair in said second cryptographic facility;
transferring said public key to said first cryptographic facility;
encrypting at least a portion of said configuration information under said public key forming a configuration token at said first cryptographic facility;
transferring said configuration token to said second cryptographic facility;
decrypting said configuration token using said private key forming a duplicate configuration information at said second cryptographic facility; and
configuring said second cryptographic facility with said duplicate configuration information to duplicate a configuration of said first cryptographic facility.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer apparatus, program and method function in a data processing system to replicate a cryptographic facility. The system includes a first cryptographic facility containing a portable part which personalizes the first cryptographic facility. The system also includes a second cryptographic facility which is linked to the first cryptographic facility by a public key cryptographic system. The portable part of the first cryptographic facility is encrypted and transferred to the second cryptographic facility, where it is decrypted and used to personalize the second cryptographic facility to enable replication of the first cryptographic facility. In one application, personalization of the second cryptographic facility can be in response to the detection of a failure in the first cryptographic facility. In another application, multiple cryptographic facilities can be brought on-line for parallel operation in the data processing system.
-
Citations
26 Claims
-
1. In a data processing system which includes a first cryptographic facility containing configuration information for configuring said first cryptographic facility and coupled to a second cryptographic facility in a public key cryptographic system, a method for duplicating a configuration of said first cryptographic facility, comprising the steps of:
-
generating a public key and a private key as a pair in said second cryptographic facility; transferring said public key to said first cryptographic facility; encrypting at least a portion of said configuration information under said public key forming a configuration token at said first cryptographic facility; transferring said configuration token to said second cryptographic facility; decrypting said configuration token using said private key forming a duplicate configuration information at said second cryptographic facility; and configuring said second cryptographic facility with said duplicate configuration information to duplicate a configuration of said first cryptographic facility. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a data processing system which includes a first cryptographic facility containing configuration information for configuring said first cryptographic facility and coupled to a second cryptographic facility in a public key cryptographic system, a method for duplicating a configuration of said first cryptographic facility, comprising the steps of:
-
generating a public key and a private key as a pair at said second cryptographic facility; transferring said public key to said first cryptographic facility; generating a key encrypting key at said first cryptographic facility; encrypting at least a portion of said configuration information under said key encrypting key forming a configuration token at said first cryptographic facility; transferring said configuration token to said second cryptographic facility; encrypting at least said key encrypting key under said public key forming an encrypted key lock at said first cryptographic facility; transferring said encrypted key block to said second cryptographic facility as a received encrypted key block; decrypting said received encrypted key block using said private key forming a recovered key block including a recovered key encrypting key at said second cryptographic facility; decrypting said configuration token using said recovered key encrypting key forming a duplicate configuration information at said second cryptographic facility; and configuring said second cryptographic facility with said duplicate configuration information to duplicate a configuration of said first cryptographic facility. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program in a data processing system which includes a first cryptographic facility containing configuration information for configuring said first cryptographic facility and coupled to a second cryptographic facility in a public key cryptographic system, the computer program when executed in said data processing system, performing a method for duplicating a configuration of said first cryptographic facility, comprising the steps of:
-
generating a public key and a private key as a pair in said second cryptographic facility; transferring said public key to said first cryptographic facility; encrypting at least a portion of said configuration information under said public key forming a configuration token at said first cryptographic facility; transferring said configuration token to said second cryptographic facility; decrypting said configuration token using said private key forming a duplicate configuration information at said second cryptographic facility; and configuring said second cryptographic facility with said duplicate configuration information to duplicate a configuration of said first cryptographic facility. - View Dependent Claims (17, 18)
-
-
19. A computer program in a data processing system which includes a first cryptographic facility containing configuration information for configuring said first cryptographic facility and coupled to a second cryptographic facility in a public key cryptographic system, the computer program when executed in said data processing system, performing a method for duplicating a configuration of said first cryptographic facility, comprising the steps of:
-
generating a public key and a private key as a pair of said second cryptographic facility; transferring said public key to said first cryptographic facility; generating a key encrypting key at said first cryptographic facility; encrypting at least a portion of said configuration information under said key encrypting key forming a configuration token at said first cryptographic facility; transferring said configuration token to said second cryptographic facility; encrypting at least said key encrypting key under said public key forming an encrypted key block at said first cryptographic facility; transferring said encrypted key block to said second cryptographic facility as a received encrypted key block; decrypting said received encrypted key block using said private key forming a recovered key block including a recovered key encrypting key at said second cryptographic facility; decrypting said configuration token using said recovered key encrypting key forming a duplicate configuration information at said second cryptographic facility; and configuring said second cryptographic facility with said duplicate configuration information to duplicate a configuration of said first cryptographic facility. - View Dependent Claims (20)
-
-
21. In a data processing system which includes a first cryptographic facility containing configuration information for configuring said first cryptographic facility and coupled to a second cryptographic facility in a public key cryptographic system, a computer apparatus for duplicating a configuration of said first cryptographic facility, comprising:
-
generating means for generating a public key and a private key as a pair in said second cryptographic facility; first transferring means coupled to said generating means, for transferring said public key to said first cryptographic facility; encrypting means coupled to said first transferring means, for encrypting at least a portion of said configuration information under said public key forming a configuration token at said first cryptographic facility; second transferring means coupled to said encrypting means, for transferring said configuration token to said second cryptographic facility; decrypting means coupled to said second transferring means, for decrypting said configuration token using said private key forming a duplicate configuration information at said second cryptographic facility; and configuring means coupled to said decrypting means, for configuring said second cryptographic facility with said duplicate configuration information to duplicate a configuration of said first cryptographic facility. - View Dependent Claims (22, 23)
-
-
24. In a data processing system which includes a first cryptographic facility containing configuration information for configuring said first cryptographic facility and coupled to a second cryptographic facility in a public key cryptographic system, a computer apparatus for duplicating a configuration of said first cryptographic facility, comprising:
-
first generating means for generating a public key and a private key as a pair at said second cryptographic facility; first transferring means coupled to said first generating means, for transferring said public key to said first cryptographic facility; second generating means for generating a key encrypting key at said first cryptographic facility; first encrypting means coupled to said second generating means, for encrypting at least a portion of said configuration information under said key encrypting key forming a configuration token at said first cryptographic facility; second transferring means coupled to said first encrypting means, transferring said configuration token to said second cryptographic facility; second encrypting means coupled to said first transferring means and said second generating means, for encrypting at least said key encrypting key under said public key forming an encrypted key block at said first cryptographic facility; third transferring means coupled to said second encrypting means, transferring said encrypted key block to said second cryptographic facility as a received encrypted key block; first decrypting means coupled to said third transferring means, for decrypting said received encrypted key block using said private key forming a recovered key block including a recovered key encrypting key at said second cryptographic facility; second decrypting means coupled to said second transferring means, decrypting said configuration token using said recovered key encrypting key forming a duplicate configuration information at said second cryptographic facility; and configuring means coupled to said decrypting means, for configuring said second cryptographic facility with said duplicate configuration information to duplicate a configuration of said first cryptographic facility. - View Dependent Claims (25, 26)
-
Specification