Method and system for initializing a key management system
First Claim
Patent Images
1. A method for securing encryption keys in a key management system (KMS) comprising:
- receiving data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network;
receiving at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card stores the KEK;
encrypting the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS;
hashing the KEK to generate a hashed KEK;
generating a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key;
serializing the vector to generate a serialized file; and
storing the serialized file in KMS memory.
3 Assignments
0 Petitions
Accused Products
Abstract
A network system for key management including a server, a key management system providing process logic for key management system initialization located on the server, a key management system storage providing a secure data storage for the key management system, and an interface providing a means for inputting data into the key management system.
-
Citations
23 Claims
-
1. A method for securing encryption keys in a key management system (KMS) comprising:
-
receiving data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network; receiving at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card stores the KEK; encrypting the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS; hashing the KEK to generate a hashed KEK; generating a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key; serializing the vector to generate a serialized file; and storing the serialized file in KMS memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for securing encryption keys comprising:
-
a key management system storage; and a key management system (KMS) configured to; receive data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network; receive at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card provides the KEK; encrypt the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS; hash the KEK to generate a hashed KEK; generate a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key; serialize the vector to generate a serialized file; and store the serialized file in KMS memory. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer readable medium storing instructions for execution on a key management system (KMS) processor, which when executed by the KMS processor cause the KMS processor to perform the steps of:
-
receiving data into the KMS, wherein the data comprises a key, a key name, and a key type, and wherein the data is received from a client over a network; receiving at least one key encryption key (KEK) into the KMS, wherein the KEK is received from the client using a smart card interfacing over the network with the KMS, wherein the smart card stores the KEK; encrypting the key, the key name, and the key type using the KEK to generate a secret token, wherein the encryption is performed by the KMS; hashing the KEK to generate a hashed KEK; generating a vector comprising the secret token and the hashed KEK, wherein the secret token comprises the encrypted key; serializing the vector to generate a serialized file; and storing the serialized file in KMS memory. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification