Method for improved key management for ATMs and other remote devices
First Claim
1. A computer implemented method for securely transferring symmetric cryptographic keys to other devices, wherein said method utilizes a data structure comprising instructions that are cryptographically protected against alteration or misuse, wherein said instructions further comprise a trusted block that defines specific key management policies that are permitted when applications employ said trusted block to generate or export said symmetric cryptographic keys, and wherein said applications comprise:
- application programming interfaces (API);
embedded firmware;
operating system code;
and hardware configured operations; and
wherein said applications further comprise;
a Trusted_Block_Create (TBC) function;
a Remote_Key_Export (RKX) function;
wherein said TBC function creates said trusted block; and
wherein said RKX function uses said Trusted Block to generate or export symmetric keys according to a set of parameters in said Trusted Block; and
wherein said trusted block has a number of fields containing rules that provide an ability to limit how said trusted block is used, thereby reducing the risk of said trusted block being employed in unintended ways or with unintended keys; and
wherein said method comprises;
receiving instructions from at least two separate individuals in order to create said trusted block.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, article, and system for providing an effective implementation of a data structure comprising instructions that are cryptographically protected against alteration or misuse, wherein the instructions further comprise a trusted block that defines specific key management policies that are permitted when an application program employs the trusted block in application programming interface (API) functions to generate or export symmetric cryptographic keys. The trusted block has a number of fields containing rules that provide an ability to limit how the trusted block is used, thereby reducing the risk of the trusted block being employed in unintended ways or with unintended keys.
-
Citations
5 Claims
-
1. A computer implemented method for securely transferring symmetric cryptographic keys to other devices, wherein said method utilizes a data structure comprising instructions that are cryptographically protected against alteration or misuse, wherein said instructions further comprise a trusted block that defines specific key management policies that are permitted when applications employ said trusted block to generate or export said symmetric cryptographic keys, and wherein said applications comprise:
-
application programming interfaces (API); embedded firmware; operating system code; and hardware configured operations; and wherein said applications further comprise; a Trusted_Block_Create (TBC) function; a Remote_Key_Export (RKX) function; wherein said TBC function creates said trusted block; and wherein said RKX function uses said Trusted Block to generate or export symmetric keys according to a set of parameters in said Trusted Block; and wherein said trusted block has a number of fields containing rules that provide an ability to limit how said trusted block is used, thereby reducing the risk of said trusted block being employed in unintended ways or with unintended keys; and wherein said method comprises; receiving instructions from at least two separate individuals in order to create said trusted block. - View Dependent Claims (2, 3, 4, 5)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsWiese, Jesper, Frehr, Carsten D., Jacobsen, Kurt S., Kelly, Michael J., Marik, Mark D., Dames, Elizabeth A., Arnold, Todd W.
-
Primary Examiner(s)Zand; Kambiz
-
Assistant Examiner(s)Wyszynski; Aubrey H
-
Application NumberUS11/534,232Publication NumberTime in Patent Office1,635 DaysField of Search713/169, 713/155, 713/190US Class Current713/155CPC Class CodesH04L 63/0435 wherein the sending and rec...H04L 63/062 for key distribution, e.g. ...H04L 63/0823 using certificates cryptogr...H04L 63/123 received data contents, e.g...H04L 63/20 for managing network securi...H04L 9/0637 Modes of operation, e.g. ci...H04L 9/0822 using key encryption keyH04L 9/088 Usage controlling of secret...H04L 9/3242 involving keyed hash functi...H04L 9/3247 involving digital signatures
