SYSTEMS AND METHODS FOR USING EXTENDED HARDWARE SECURITY MODULES
First Claim
1. A method of deploying a secure processing module connected to a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:
- availing to a client device a secure processing module having a first discrete processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program;
establishing a secure communication channel between the client device and said secure processing module;
receiving by said secure processing module an encrypted client package containing at least one of client data and client software; and
decrypting by said cryptography module the encrypted client package, thereby availing the decrypted client package to the processor and allowing the processor to load any client data in application software and run client software.
1 Assignment
0 Petitions
Accused Products
Abstract
An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.
37 Citations
45 Claims
-
1. A method of deploying a secure processing module connected to a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:
-
availing to a client device a secure processing module having a first discrete processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program; establishing a secure communication channel between the client device and said secure processing module; receiving by said secure processing module an encrypted client package containing at least one of client data and client software; and decrypting by said cryptography module the encrypted client package, thereby availing the decrypted client package to the processor and allowing the processor to load any client data in application software and run client software. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of managing processing modules available to remote clients over a computer network so as to provide confidentiality, non-repudiation, and authentication to the clients, comprising the steps of:
-
providing at least one secure processing module having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program; connecting said at least one secure processing module to a computer network, thereby enabling the at least one secure processing module to communicate electrical signals over the computer network; receiving through the computer network an electronic request for allocation of secure processing modules; allocating at least one secure processing module, wherein the step of allocating includes at least reconfiguring each secure processing module to be allocated and providing identifying information to the party from whom the electronic request was received; and said step of allocating enabling a party from whom the electronic request was received to transmit at least one of encrypted client data and encrypted client software to any allocated secure processing module; and said step of allocating further enabling a party from whom the electronic request was received to at least one of receive encrypted processed data and interface with client application software programs, wherein said encrypted processed data embody the encrypted client data after being decrypted, processed, and encrypted on the allocated secure processing module and said client application software programs embody the encrypted client software after being decrypted and run on the allocated secure processing module. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method of initializing a secure processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:
-
providing at least one secure processing module, each having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program; providing an asymmetric encryption algorithm public/private key pair that includes a public key and a corresponding private key; storing on said secure processing module the private key; and receiving and storing a signed public key certificate that has been generated from the public key. - View Dependent Claims (29, 30, 31)
-
-
32. A method of initializing a secure processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner which secures sensitive data, code, and other information, comprising the steps of:
-
providing at least one secure processing module, each having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program; storing by said secure processing module a first ownership credential in response to receiving a first communication; authenticating by said secure processing module a request from a second communication, wherein the second communication includes a submitted ownership credential and the step of authenticating includes validating the submitted ownership credential against the first ownership credential; and in the event the submitted ownership credential is validated, said step of authenticating additionally enabling a sender of the second communication to cause the secure processing module to perform at least one of generating at least one second ownership credential, storing the at least one second ownership credential, and changing an internal key pair.
-
-
33. A method of managing a secure processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:
-
providing at least one secure processing module that includes a module processor, module memory, and a module network interface; providing a control system that includes a control processor, control memory, and a control network interface, wherein said secure processing module and control system are configured to communicate electrical signals between one another through the module network interface and control network interface; transmitting by said secure processing module at least one verified heartbeat, thereby announcing and verifying the secure processing module to the control system. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
- 40. An apparatus for use over a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising a first discrete processor, a non-transitory memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program.
Specification