Using a portable computing device as a smart key device
First Claim
1. A data processing system, comprising:
- a first system unit, the first system unit comprising;
a first hardware security writ coupled to the first system unit, the first hardware security unit comprising;
a first private key corresponding to a first asymmetric cryptographic key pair;
a first public key corresponding to a second asymmetric cryptographic key pair;
a second private key corresponding to a third asymmetric cryptographic key pair; and
a second public key corresponding, to a fourth asymmetric cryptographic key pair;
a first removable hardware device, comprising;
a third public key corresponding to the first asymmetric cryptographic key pair; and
a third private key corresponding to the second asymmetric cryptographic key pair;
wherein the first hardware security unit includes logic for authenticating the first hardware security unit with respect to the first removable hardware device based upon the first and second cryptographic key pairs while the first removable hardware device is engaged with the first system unit;
a second system unit, the second system unit comprising;
a second hardware security unit coupled to the second, system unit, the second hardware security unit comprising;
a fourth private key corresponding to a fifth asymmetric cryptographic key pair;
a fourth public key corresponding to a sixth asymmetric cryptographic key pair;
a fifth public key corresponding, to the third asymmetric cryptographic key pair; and
a fifth private key corresponding to the fourth asymmetric cryptographic key pair;
a second removable hardware device, comprising;
a sixth public key corresponding to the fifth asymmetric cryptographic key pair; and
a sixth private key corresponding to the sixth asymmetric cryptographic key pair;
wherein the second hardware security unit includes logic for authenticating the second hardware security unit with respect to the second removable hardware device based upon the fifth and sixth cryptographic key pairs while the second removable hardware device is engaged with the second system unit; and
logic for authenticating the first hardware security unit with respect to the second hardware security unit based upon the third and fourth cryptographic key pairs while the first and second system units are communicatively coupled and after the first hardware security unit has been authenticated with respect to the first removable hardware device and the second hardware security unit has been authenticated with respect to the second removable hardware device.
3 Assignments
0 Petitions
Accused Products
Abstract
A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system.
-
Citations
13 Claims
-
1. A data processing system, comprising:
-
a first system unit, the first system unit comprising; a first hardware security writ coupled to the first system unit, the first hardware security unit comprising; a first private key corresponding to a first asymmetric cryptographic key pair; a first public key corresponding to a second asymmetric cryptographic key pair; a second private key corresponding to a third asymmetric cryptographic key pair; and a second public key corresponding, to a fourth asymmetric cryptographic key pair; a first removable hardware device, comprising; a third public key corresponding to the first asymmetric cryptographic key pair; and a third private key corresponding to the second asymmetric cryptographic key pair; wherein the first hardware security unit includes logic for authenticating the first hardware security unit with respect to the first removable hardware device based upon the first and second cryptographic key pairs while the first removable hardware device is engaged with the first system unit; a second system unit, the second system unit comprising; a second hardware security unit coupled to the second, system unit, the second hardware security unit comprising; a fourth private key corresponding to a fifth asymmetric cryptographic key pair; a fourth public key corresponding to a sixth asymmetric cryptographic key pair; a fifth public key corresponding, to the third asymmetric cryptographic key pair; and a fifth private key corresponding to the fourth asymmetric cryptographic key pair; a second removable hardware device, comprising; a sixth public key corresponding to the fifth asymmetric cryptographic key pair; and a sixth private key corresponding to the sixth asymmetric cryptographic key pair; wherein the second hardware security unit includes logic for authenticating the second hardware security unit with respect to the second removable hardware device based upon the fifth and sixth cryptographic key pairs while the second removable hardware device is engaged with the second system unit; and logic for authenticating the first hardware security unit with respect to the second hardware security unit based upon the third and fourth cryptographic key pairs while the first and second system units are communicatively coupled and after the first hardware security unit has been authenticated with respect to the first removable hardware device and the second hardware security unit has been authenticated with respect to the second removable hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 12)
-
-
8. A computer programming product on a non-transitory computer readable medium for use in a data processing, system for performing cryptographic functions, the computer programming product comprising logic, stored on the non-transitory computer readable medium, for:
-
communicatively coupling a first removable hardware device with a first system unit; communicatively coupling a second removable hardware device with a second system unit; communicatively coupling the first system unit and the second system unit while the first removable hardware device is engaged with the first system unit and the second removable hardware device is engaged with the second system unit; wherein the first system unit includes a first hardware security unit and the second system unit includes a second hardware security unit, wherein the first hardware security unit includes a first private key corresponding to a first asymmetric cryptographic key pair, a first public key corresponding to a second asymmetric cryptographic key pair, a second private key corresponding to a third asymmetric cryptographic key pair; and
a second public key corresponding to a fourth asymmetric cryptographic key pair; andwherein the second hardware security unit contains a third private key corresponding to the second asymmetric cryptographic key pair, a third public key corresponding to the first asymmetric cryptographic key pair, a fourth private key corresponding to the fourth asymmetric cryptographic key pair, and a fourth public key corresponding to the third asymmetric cryptographic key pair; executing a mutual authentication operation between the first hardware security unit and the first removable hardware device based upon the first and second asymmetric cryptographic key pairs, which the first system unit and the second system unit are communicatively coupled; executing a mutual authentication operation between the second hardware security unit and the second removable hardware device based upon the fifth and sixth asymmetric cryptographic key pairs first system unit and the second system unit are communicatively coupled; executing a mutual authentication operation between the first hardware security unit and the second hardware security based upon the third and fourth asymmetric cryptographic key pairs while the first system unit and the second system unit are communicatively coupled; and in response to successfully performing the mutual authentication operation between the first and second hardware security units, enabling the first system unit to invoke cryptographic functions on the first hardware security unit while the first and second system units remain communicatively coupled. - View Dependent Claims (9, 10, 11, 13)
-
Specification