Cryptography chip with identity verification
First Claim
1. A computer-implemented method for performing cryptographic operations subject to identity verification, the method comprising:
- receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations;
decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip;
determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and
in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for performing cryptographic operations subject to identity verification. One of the methods includes receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client including client identity information, wherein the cryptography chip includes a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations, and identity information associated with clients that are permitted to request cryptographic operations; determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations; and performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource.
72 Citations
30 Claims
-
1. A computer-implemented method for performing cryptographic operations subject to identity verification, the method comprising:
-
receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations; decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip; determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory, computer-readable storage medium storing one or more instructions executable by a computer system to perform operations comprising:
-
receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations; decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip; determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-implemented system, comprising:
-
one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising; receiving, by a cryptography chip, a request to perform a requested cryptographic operation from a client, wherein the request includes client identity information associated with the client, and wherein the cryptography chip is a hardware component including a processing resource that performs cryptographic operations and a storage resource that stores key information used in the cryptographic operations and encrypted identity information associated with clients that are permitted to request cryptographic operations; decrypting, by the cryptography chip, the encrypted identity information using a key included in software instructions stored in a firmware of the cryptography chip; determining, by the cryptography chip, that the client identity information is associated with one of the clients that are permitted to request cryptographic operations based on comparing the client identity information to the decrypted identity information; and in response to determining that the client identity information is associated with one of the clients that are permitted to request cryptographic operations, performing, by the cryptography chip, the requested cryptographic operation based on the key information stored in the storage resource. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification