Data security with a security module
First Claim
Patent Images
1. A computer-implemented method for key management, comprising:
- under the control of a computer system configured with executable instructions,storing a plurality of keys in memory of the computer system;
storing a first set of information in volatile memory without storing the first set of information in non-volatile memory, the first set of information comprising a key used to encrypt the plurality of keys and being sufficient to access the plurality of keys in plaintext form;
using keys from the plurality of keys to respond to requests to perform cryptographic operations;
detecting an event, the event triggering a transition of the computer system into an administrative mode in which one or more administrative operations are permissible as a result of being in the administrative mode;
deleting the first set of information from the computer system by at least removing power to the volatile memory so that the plurality of keys is inaccessible to the computer system in plaintext form while the computer system is in the administrative mode;
after deleting the first set of information, enabling the administrative mode;
entering and subsequently leaving the administrative mode;
after leaving the administrative mode, obtaining a second set of information usable to restore access to the plurality of keys, so that the plurality of keys is accessible to the computer system in plaintext form; and
using the obtained second set of information to access at least one key from the plurality of keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A security module securely manages keys. The security module is usable to implement a cryptography service that includes a request processing component. The request processing component responds to requests by causing the security module to perform cryptographic operations that the request processing component cannot perform due to a lack of access to appropriate keys. The security module may be a member of a group of security modules that securely manage keys. Techniques for passing secret information from one security module to the other prevent unauthorized access to secret information.
-
Citations
30 Claims
-
1. A computer-implemented method for key management, comprising:
under the control of a computer system configured with executable instructions, storing a plurality of keys in memory of the computer system; storing a first set of information in volatile memory without storing the first set of information in non-volatile memory, the first set of information comprising a key used to encrypt the plurality of keys and being sufficient to access the plurality of keys in plaintext form; using keys from the plurality of keys to respond to requests to perform cryptographic operations; detecting an event, the event triggering a transition of the computer system into an administrative mode in which one or more administrative operations are permissible as a result of being in the administrative mode; deleting the first set of information from the computer system by at least removing power to the volatile memory so that the plurality of keys is inaccessible to the computer system in plaintext form while the computer system is in the administrative mode; after deleting the first set of information, enabling the administrative mode; entering and subsequently leaving the administrative mode; after leaving the administrative mode, obtaining a second set of information usable to restore access to the plurality of keys, so that the plurality of keys is accessible to the computer system in plaintext form; and using the obtained second set of information to access at least one key from the plurality of keys. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A computer-implemented method for key management, comprising:
under the control of a computer system configured with executable instructions, storing secret information comprising a plurality of keys in memory of the computer system, at least a subset of the plurality of keys used to perform cryptographic operations to respond to requests; storing a key used to encrypt the plurality of keys in volatile memory without storing the key in non-volatile memory, the key being usable to access the plurality of keys in plaintext form; detecting an event, the event triggering a transition of the computer system into an administrative mode in which one or more administrative operations are permitted as a result of transitioning into the administrative mode; and as a result of detecting the event, rendering the key inaccessible to the computer system while in the administrative mode by at least removing power to the volatile memory; and after rendering the key inaccessible to the computer system, enabling the administrative mode; entering and subsequently leaving the administrative mode; rendering the key accessible to the computer system at a time after leaving the administrative mode; and using the key to access at least one key from the plurality of keys. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
16. A non-transitory computer-readable storage medium having stored thereon instructions that, as a result of execution by a processor of a computer system, cause the computer system to at least:
-
store secret information comprising a plurality of keys in memory of the computer system, at least a subset of the plurality of keys used to perform cryptographic operations to respond to requests; store a key used to encrypt the plurality of keys in volatile memory without storing the key in non-volatile memory, the key being usable to access the plurality of keys in plaintext form; detect an event, the event triggering a transition of the computer system into an administrative mode in which an operator can access contents of the memory; and as a result of detecting the event, cause the key to be inaccessible to the computer system while in the administrative mode by at least removing power to the volatile memory so that the plurality of keys is inaccessible to the computer system in plaintext form while the computer system is in the administrative mode; and enable the administrative mode after the secret information in plaintext form is inaccessible to the computer system; leave the administrative mode; after leaving the administrative mode, obtain the key so that the plurality of keys is accessible to the computer system; and use the key to access at least one key from the plurality of keys. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system, comprising:
hardware including one or more processors and memory including instructions executable by the one or more processors, the hardware being configured so that the system; stores secret information comprising a plurality of keys in memory of the system, at least a subset of the plurality of keys used to perform cryptographic operations to respond to requests; stores a key used to encrypt the plurality of keys in volatile memory without storing the key in non-volatile memory, the key being usable to access the plurality of keys in plaintext form; as a result of an event triggering a transition of the system into an administrative mode in which an operator can access contents of the memory; cause the key to be inaccessible to the system while in the administrative mode by at least removing power to the volatile memory so that the plurality of keys is inaccessible to the system in plaintext form while the system is in the administrative mode; and enable the administrative mode after the secret information in plaintext form is inaccessible to the system; leave the administrative mode; after leaving the administrative mode, obtain the key so that the plurality of keys is accessible to the system; and use the key to access at least one key from the plurality of keys. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
Specification