Secure import and export of keying material
First Claim
1. An apparatus comprising:
- at least one memory coupled to a processor;
at least one secure processor that is included in a first computing node, coupled to the memory, and out-of-band from the processor;
the at least one secure processor to perform operations comprising;
generating a key pair including a first public key and a corresponding first private key;
receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node;
associating the instance of the certificate with the key pair;
receiving an additional instance of the certificate;
verifying the additional instance of the certificate is associated with the key pair; and
encrypting and then exporting an instance of the first private key in response to verifying the additional instance of the certificate is associated with the key pair.
1 Assignment
0 Petitions
Accused Products
Abstract
An embodiment includes a method executed by at least one processor of a first computing node comprising: generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and exporting the first private key in response to verifying the additional instance of the certificate is associated with the key pair. Other embodiments are described herein.
-
Citations
23 Claims
-
1. An apparatus comprising:
-
at least one memory coupled to a processor; at least one secure processor that is included in a first computing node, coupled to the memory, and out-of-band from the processor;
the at least one secure processor to perform operations comprising;generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and then exporting an instance of the first private key in response to verifying the additional instance of the certificate is associated with the key pair. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one non-transitory storage medium having instructions stored thereon for causing a system, including at least one secure out-of-band processor of a first computing node, to perform operations comprising:
-
generating a key pair including a first public key and a corresponding first private key; receiving an instance of a certificate, including a second public key, from a second computing node located remotely from the first computing node; associating the instance of the certificate with the key pair; receiving an additional instance of the certificate; verifying the additional instance of the certificate is associated with the key pair; and encrypting and then exporting an instance of the first private key in response to verifying the additional instance of the certificate is associated with the key pair. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification