Locating cryptographic keys stored in a cache
First Claim
1. A method comprising:
- storing a plurality of cryptographic keys in a cache;
storing a plurality of cryptographic key identifiers in the cache;
associating a cryptographic key identifier of the plurality of cryptographic key identifiers with a cryptographic key of the plurality of cryptographic keys, the cryptographic key identifier being an actual memory address of the cryptographic key inside the cache, the actual memory address being randomly selected;
identifying a location of the cryptographic key using the cryptographic key identifier, the using of the cryptographic key identifier enabling the locating of the cryptographic key without performing of an additional operation;
performing a cryptographic operation with the cryptographic key;
storing a plurality of key packets in the cache, each key packet from the plurality of key packets being associated with the cryptographic key from the plurality of cryptographic keys;
comparing the cryptographic key identifier with a portion of a first key packet stored in the cache to determine if a match exists, the first key packet being associated with the cryptographic key;
retrieving the cryptographic key associated with the cryptographic key identifier from the cache when the match exists;
receiving a second key packet associated with the cryptographic key identifier, the second key packet including another encrypted cryptographic key and the cryptographic key identifier;
decrypting the encrypted cryptographic key to generate a further cryptographic key when the match does not exist; and
storing the further cryptographic key at a location in the cache defined by the cryptographic key identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments provide various techniques for locating cryptographic keys stored in a cache. The cryptographic keys are temporarily stored in the cache until retrieved for use in a cryptographic operation. The cryptographic key may be located or found through reference to its cryptographic key identifier. In an example, a particular cryptographic key may be needed for a cryptographic operation. The cache is first searched to locate this cryptographic key. To locate the cryptographic key, the cryptographic key identifier that is associated with this cryptographic key is provided. In turn, the cryptographic key identifier may be used as an address into the cache. The address identifies a location of the cryptographic key within the cache. The cryptographic key may then be retrieved from the cache at the identified address and then used in the cryptographic operation.
-
Citations
13 Claims
-
1. A method comprising:
-
storing a plurality of cryptographic keys in a cache; storing a plurality of cryptographic key identifiers in the cache; associating a cryptographic key identifier of the plurality of cryptographic key identifiers with a cryptographic key of the plurality of cryptographic keys, the cryptographic key identifier being an actual memory address of the cryptographic key inside the cache, the actual memory address being randomly selected; identifying a location of the cryptographic key using the cryptographic key identifier, the using of the cryptographic key identifier enabling the locating of the cryptographic key without performing of an additional operation; performing a cryptographic operation with the cryptographic key; storing a plurality of key packets in the cache, each key packet from the plurality of key packets being associated with the cryptographic key from the plurality of cryptographic keys; comparing the cryptographic key identifier with a portion of a first key packet stored in the cache to determine if a match exists, the first key packet being associated with the cryptographic key; retrieving the cryptographic key associated with the cryptographic key identifier from the cache when the match exists; receiving a second key packet associated with the cryptographic key identifier, the second key packet including another encrypted cryptographic key and the cryptographic key identifier; decrypting the encrypted cryptographic key to generate a further cryptographic key when the match does not exist; and storing the further cryptographic key at a location in the cache defined by the cryptographic key identifier. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
receiving a first key packet that includes a cryptographic key; locating a second key packet stored in the cache using the cryptographic key identifier, the cryptographic key identifier being an actual memory address of the cryptographic key inside the cache, the actual memory address being randomly selected; retrieving the second key packet located at the memory address from the cache; comparing the first key packet with the second key packet; retrieving the cryptographic key using the cryptographic key identifier when the first key packet matches the second key packet, the cryptographic key being associated with the second key packet, the using of the cryptographic key identifier enabling the locating of the cryptographic key without performing of an additional operation; performing a cryptographic operation using the cryptographic key; wherein the first key packet further includes an encrypted cryptographic key; decrypting the encrypted cryptographic key to generate a further cryptographic key when the first key packet is distinct from the second key packet; and storing the first key packet and the further cryptographic key in the cache at the memory address defined by the cryptographic key identifier. - View Dependent Claims (7, 8, 9)
-
-
10. A computing device comprising:
-
at least one processor; and a non-transitory machine-readable medium in communication with the at least one processor, the machine-readable medium being configured to store a storage encryption processing module and a cache, the cache being configured to store a plurality of cryptographic keys and being further configured to store a plurality of cryptographic key identifiers, associating a cryptographic key identifier of the plurality of cryptographic key identifiers with a cryptographic key of the plurality of cryptographic keys, the cryptographic key identifier being an actual memory address of the cryptographic key inside the cache, the actual memory address being randomly selected, the storage encryption processing module being executed by the at least one processor to cause following operations to be performed, comprising; identifying a location of a cryptographic key using the cryptographic key identifier, the using of the cryptographic key identifier enabling the locating of the cryptographic key without performing of an additional operation; and performing a cryptographic operation with the cryptographic key; wherein the cache is further configured to store a plurality of key packets, each key packet from the plurality of key packets being associated with the cryptographic key from the plurality of cryptographic keys, the operations further comprising; comparing the cryptographic key identifier with a portion of a first key packet stored in the cache to determine if a match exists, the first key packet being associated with the cryptographic key; and retrieving the cryptographic key associated with the cryptographic key identifier from the cache when the match exists; receiving a second key packet associated with the cryptographic key identifier, the second key packet including another encrypted cryptographic key and the cryptographic key identifier; decrypting the encrypted cryptographic key to generate a further cryptographic key when the match does not exist; and replacing the cryptographic key stored in the cache with the further cryptographic key. - View Dependent Claims (11, 12, 13)
-
Specification