Cryptographic device with detachable data planes
First Claim
1. A cryptographic configuration device configured to load one or more cryptographic keys onto one or more removeable encryption/decryption (E/D) devices, the cryptographic configuration device comprising:
- one or more child interfaces, wherein each child interface is configured to allow one or more removeable E/D devices to be physically connected to the cryptographic configuration device during the configuration of the one or more removeable E/D devices to perform one or more data plane cryptographic functions;
secure tamper memory, wherein the secure tamper memory is configured to store one or more secret keys, and clear memory contents based on operating without power for more than a configured amount of time; and
a microprocessor configured to;
perform one or more control plane cryptographic functions for the one or more secret keys, the one or more control plane cryptographic functions comprising a fail-safe key management function,derive one or more session keys based on the one or more secrets keys using one or more of a one-way function or internally generated random data bits, andload the one or more session keys onto the one or more removeable E/D devices while the one or more removeable E/D devices are physically connected to the cryptographic configuration device via the one or more child interfaces.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for performing encryption and/or decryption may include a parent cryptographic device. The parent cryptographic device may be configured to receive a first cryptographic key. The parent cryptographic device may be configured to determine one or more session keys based on the first cryptographic key and/or internally generated random data bits. The parent cryptographic device may be configured to insert the one or more session keys onto one or more child cryptographic devices that are operably connected to the parent cryptographic device. The one or more child cryptographic devices may be configured to receive the one or more session keys from the parent cryptographic device, and perform one or more of encryption or decryption of communications exchanged with another child cryptographic device of the one or more child cryptographic devices. The one or more child cryptographic devices may perform encryption/decryption after separation from the parent cryptographic device.
33 Citations
19 Claims
-
1. A cryptographic configuration device configured to load one or more cryptographic keys onto one or more removeable encryption/decryption (E/D) devices, the cryptographic configuration device comprising:
-
one or more child interfaces, wherein each child interface is configured to allow one or more removeable E/D devices to be physically connected to the cryptographic configuration device during the configuration of the one or more removeable E/D devices to perform one or more data plane cryptographic functions; secure tamper memory, wherein the secure tamper memory is configured to store one or more secret keys, and clear memory contents based on operating without power for more than a configured amount of time; and a microprocessor configured to; perform one or more control plane cryptographic functions for the one or more secret keys, the one or more control plane cryptographic functions comprising a fail-safe key management function, derive one or more session keys based on the one or more secrets keys using one or more of a one-way function or internally generated random data bits, and load the one or more session keys onto the one or more removeable E/D devices while the one or more removeable E/D devices are physically connected to the cryptographic configuration device via the one or more child interfaces. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method implemented by a cryptographic configuration device for loading one or more cryptographic keys onto one or more removeable encryption/decryption (E/D) devices the method comprising:
-
the cryptographic configuration device connecting to one or more removeable E/D devices via one or more child interfaces, wherein the one or more removeable E/D devices are physically connected to the cryptographic configuration device via the one or more child interfaces and the one or more removeable E/D devices are configured by the cryptographic configuration device to perform one or more data plane cryptographic functions while physically connected to the cryptographic configuration device; the cryptographic configuration device storing one or more secret keys in secure tamper memory, wherein the secure tamper memory is cleared on condition that power is not supplied to the secure tamper memory for more than a configured amount of time; the cryptographic configuration device performing one or more control plane cryptographic functions for the one or more secret keys, the one or more control plane cryptographic functions comprising a fail-safe key management function; the cryptographic configuration device deriving one or more session keys based on the one or more secrets keys using one or more of a one-way function or internally generated random data bits; and the cryptographic configuration device loading the one or more session keys onto the one or more removeable E/D devices while the one or more removeable E/D devices are physically connected to the cryptographic configuration device via the one or more child interfaces. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A cryptographic configuration device configured to load one or more cryptographic keys onto one or more removeable encryption/decryption (E/D) devices, the cryptographic configuration device comprising:
-
one or more child interfaces configured to connect to one or more removeable E/D devices, wherein the one or more child interfaces are configured to allow a physical connection between the one or more removeable E/D devices and the cryptographic configuration device; secure tamper memory configured to store one or more secret keys and to erase the one or more secret keys on condition that power is not supplied to the secure tamper memory for more than a configured amount of time; an operator interface configured to receive an input that indicates whether the one or more removeable E/D devices should be configured to perform encryption or should be configured to perform decryption; and a processor configured to; perform one or more control plane cryptographic functions for the one or more secret keys, the one or more control plane cryptographic functions comprising one or more fail safe key management functions, derive one or more session keys based on the one or more secrets keys using one or more of a one-way function or internally generated random data bits, and configure the one or more removeable E/D devices to perform one or more data plane cryptographic functions by loading the one or more session keys onto the one or more removeable E/D devices while the one or more removeable E/D devices are physically connected to the cryptographic configuration device via the one or more child interfaces. - View Dependent Claims (16, 17, 18, 19)
-
Specification