Network centered recovery process for cryptographic processing modules
First Claim
1. A method for re-initializing a cryptographic processing module, comprising:
- generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data;
communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database;
storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated;
indexing said module unique recovery vector in said unclassified network database using a unique module identifying code that identifies said cryptographic processing module;
relocating said cryptographic processing module from said classified environment to an unclassified environment;
subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over said computer network, to said unclassified environment; and
using said module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment;
wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for re-initializing a cryptographic processing module (102) at a location designated as an unclassified environment. The method includes storing in a database (122) a module unique recovery vector (310, 510) assigned to a cryptographic processing module. The method also includes indexing the module unique recovery vector in the database using a unique module identifying code (for example, a serial number) assigned to the cryptographic processing module. The method further includes subsequently communicating the module unique recovery vector from the database, over a computer network (120), to a remote computing environment (400) that is unclassified. The module unique recovery vector is used to re-initialize the cryptographic processing module.
16 Citations
12 Claims
-
1. A method for re-initializing a cryptographic processing module, comprising:
-
generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data; communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database; storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated; indexing said module unique recovery vector in said unclassified network database using a unique module identifying code that identifies said cryptographic processing module; relocating said cryptographic processing module from said classified environment to an unclassified environment; subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over said computer network, to said unclassified environment; and using said module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment; wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for re-initializing a cryptographic processing module, comprising:
-
generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data; communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database; storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated; querying said cryptographic processing module to obtain a unique module identifying code that is assigned only to said cryptographic processing module; communicating said unique module identifying code to said unclassified network database; indexing said module unique recovery vector in said unclassified network database using said unique module identifying code; relocating said cryptographic processing module from said classified environment to an unclassified environment; subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over a computer network, to said unclassified environment; and using module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment; wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module. - View Dependent Claims (10, 11)
-
-
12. A method for re-initializing a cryptographic processing module, comprising:
-
generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data; communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database; storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated; querying said cryptographic processing module to obtain a unique module identifying code that is assigned only to said cryptographic processing module; encrypting said unique module identifying code; communicating said unique module identifying code from said cryptographic processing module, over a computer network, to said unclassified network database; indexing said module unique recovery vector in said unclassified network database using said unique module identifying code; encrypting said module unique recovery vector; relocating said cryptographic processing module from said classified environment to an unclassified environment; subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over a computer network, to said unclassified environment; and using said module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment; wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module.
-
Specification