Secure key management
First Claim
Patent Images
1. A computer-implemented method for secure key creation and management via a secure token, comprising:
- acquiring, by a secure module comprising a first computer system, a key that was created on a second computer system that is located outside of the secure module;
acquiring, by the secure module, a section of information associated with the key, the section of information being populated with information relating to how the key was created;
populating, by the secure module, the section of information with information relating to how the key was acquired by the secure module; and
binding, by the secure module, the section of information to the key, the key being encrypted when the key is located outside of the secure module;
the section of information associated with the key comprising a key control information section of a key token, the key token including the key;
the key control information section and the key being located in the key token when outside the secure module, and the key control information section being not encrypted when outside the secure module;
the key control information section comprising a key management field; and
the key management field defining attributes of the key wrapped in the key token, the attributes including;
what type of key encrypting key can be used to wrap the key, whether the wrapped key is complete or expects more user contributed material, how the key was created, how the key was acquired, and information relating to protection of the key over time.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment, a method for implementing secure key management is provided. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.
48 Citations
5 Claims
-
1. A computer-implemented method for secure key creation and management via a secure token, comprising:
-
acquiring, by a secure module comprising a first computer system, a key that was created on a second computer system that is located outside of the secure module; acquiring, by the secure module, a section of information associated with the key, the section of information being populated with information relating to how the key was created; populating, by the secure module, the section of information with information relating to how the key was acquired by the secure module; and binding, by the secure module, the section of information to the key, the key being encrypted when the key is located outside of the secure module; the section of information associated with the key comprising a key control information section of a key token, the key token including the key; the key control information section and the key being located in the key token when outside the secure module, and the key control information section being not encrypted when outside the secure module; the key control information section comprising a key management field; and the key management field defining attributes of the key wrapped in the key token, the attributes including;
what type of key encrypting key can be used to wrap the key, whether the wrapped key is complete or expects more user contributed material, how the key was created, how the key was acquired, and information relating to protection of the key over time. - View Dependent Claims (2, 3, 4, 5)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsArnold, Todd W., Dames, Elizabeth A., Frehr, Carsten D., Kelly, Michael J., Kerr, Kenneth B., Kisley, Richard V., Rossman, Eric D., Smith, Eric B.
-
Primary Examiner(s)Holder, Bradley
-
Application NumberUS13/652,022Publication NumberTime in Patent Office1,268 DaysField of SearchUS Class Current1/1CPC Class CodesH04L 2209/56 Financial cryptography, e.g...H04L 9/088 Usage controlling of secret...H04L 9/0897 involving additional device...
