Key management system and method
First Claim
Patent Images
1. A method of cryptographically processing data in a cryptographic system using an asymmetric key exchange, comprising:
- receiving, at a cryptographic accelerator device, a first key encryption key;
storing an encrypted private key for a host processor in a data memory, wherein the private key is encrypted with the first key encrypted key;
receiving, in the cryptographic accelerator device, encrypted session information from an external device, wherein the session information is encrypted using a public key for the host processor;
decrypting, in the cryptographic accelerator device, the stored encrypted private key for the host processor using the first key encryption key;
decrypting, in the cryptographic accelerator device, the encrypted session information using the private key for the host processor;
generating, in the cryptographic accelerator device, a set of cryptographic keys for a session between the external device and the host processor using the session information;
encrypting, in the cryptographic accelerator device, the set of cryptographic keys using the private key for the host processor; and
transmitting, by the cryptographic system, the encrypted set of cryptographic keys for the session to the external device.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.
66 Citations
18 Claims
-
1. A method of cryptographically processing data in a cryptographic system using an asymmetric key exchange, comprising:
-
receiving, at a cryptographic accelerator device, a first key encryption key; storing an encrypted private key for a host processor in a data memory, wherein the private key is encrypted with the first key encrypted key; receiving, in the cryptographic accelerator device, encrypted session information from an external device, wherein the session information is encrypted using a public key for the host processor; decrypting, in the cryptographic accelerator device, the stored encrypted private key for the host processor using the first key encryption key; decrypting, in the cryptographic accelerator device, the encrypted session information using the private key for the host processor; generating, in the cryptographic accelerator device, a set of cryptographic keys for a session between the external device and the host processor using the session information; encrypting, in the cryptographic accelerator device, the set of cryptographic keys using the private key for the host processor; and transmitting, by the cryptographic system, the encrypted set of cryptographic keys for the session to the external device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A cryptographic system for cryptographically processing data, comprising:
-
a security module configured to encrypt a private key for a host processor; a storage device configured to store the encrypted private key for the host processor; and a cryptographic accelerator, coupled to the security module and the storage device, the cryptographic accelerator configured to receive encrypted session information from an external device, to decrypt the encrypted session information, to generate a set of cryptographic keys for a session between the host processor and the external device, and to encrypt the set of cryptographic keys using a private key for the host processor, wherein the encrypted set of cryptographic keys are transmitted to the external device. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification