UNIVERSAL SECURE MESSAGING FOR CRYPTOGRAPHIC MODULES
First Claim
1. A secure messaging method for securely exchanging information between a host computer system and a functionally connected cryptographic module comprising the steps of:
- (a) generating a pair of identical session keys, (b) performing a secure key exchange between said host computer system and said cryptographic module such that said host computer system and said cryptographic module each receives one session key of said pair of identical session keys, (c) generating a unique session identifier, (d) associating said unique session identifier with said pair of identical session keys, and (e) performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module.
4 Assignments
0 Petitions
Accused Products
Abstract
An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.
113 Citations
15 Claims
-
1. A secure messaging method for securely exchanging information between a host computer system and a functionally connected cryptographic module comprising the steps of:
-
(a) generating a pair of identical session keys, (b) performing a secure key exchange between said host computer system and said cryptographic module such that said host computer system and said cryptographic module each receives one session key of said pair of identical session keys, (c) generating a unique session identifier, (d) associating said unique session identifier with said pair of identical session keys, and (e) performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A secure messaging system for securely exchanging information between a host computer system and a functionally connected cryptographic module comprising:
-
said host computer system including;
a Host Security Manager application including means for;
generating a session key pair, associating at least one session key of said session key pair with a unique session identifier, performing a secure key exchange with said cryptographic module, wherein a session key associated with said unique session identifier is securely transferred to said cryptographic module, and performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module;
said cryptographic module including;
a Security Executive application including means for;
generating said unique session identifier, associating said unique session identifier with said exchanged key, and performing counterpart cryptographic functions on at least a portion of information exchanged between said host computer system and said cryptographic module. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
Specification