×

Negotiating a session with a cryptographic domain

  • US 9,832,171 B1
  • Filed: 06/13/2013
  • Issued: 11/28/2017
  • Est. Priority Date: 06/13/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • under control of one or more computer systems configured with executable instructions,at a first security module device of a plurality of security module devices;

    receiving, from an operator device, a first request for a session key;

    in response to the first request, producing an encrypted one or more session keys using a domain key to encrypt one or more session keys with information usable to identify the operator device, the encrypted one or more session keys not decryptable by the operator device, the domain key common to all of the plurality of security module devices, the domain key not common to the operator device;

    providing the one or more session keys using an encrypted channel such that the operator device can obtain the one or more session keys in plaintext; and

    providing the encrypted one or more session keys to the operator device; and

    at a second security module device of the plurality of security module devices;

    receiving, from the operator device, a second request to perform a cryptographic operation, the second request including an encrypted session key from the encrypted one or more session keys and a digital signature generated based at least in part on a session key of the one or more session keys;

    using the domain key to decrypt the encrypted session key to produce a decrypted session key and decrypted information usable to identify the operator device;

    verifying an identity of the operator device using the decrypted information usable to identify the operator device;

    verifying the digital signature using the decrypted session key; and

    as a result of verifying the operator device and verifying the digital signature;

    performing the cryptographic operation;

    using the decrypted session key, encrypt a result of performing the cryptographic operation to produce an encrypted result;

    electronically shredding the decrypted session key; and

    providing the encrypted result to the operator device.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×