SYSTEMS AND METHODS FOR USING EXTENDED HARDWARE SECURITY MODULES

US 20170351879A1
Filed: 10/19/2015
Published: 12/07/2017
Est. Priority Date: 12/19/2014
Status: Active Grant

First Claim

Patent Images

1. A method of deploying a secure processing module connected to a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:

availing to a client device a secure processing module having a first discrete processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program;

establishing a secure communication channel between the client device and said secure processing module;

receiving by said secure processing module an encrypted client package containing at least one of client data and client software; and

decrypting by said cryptography module the encrypted client package, thereby availing the decrypted client package to the processor and allowing the processor to load any client data in application software and run client software.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An extended hardware security module (“HSM”) possessing additional security properties relative to conventional HSMs and methods for initializing, deploying, and managing such extended HSMs in a networked environment. In the preferred embodiment, an extended HSM includes additional hardware and software components that configure it to run sensitive client tasks on demand inside a cloud-hosted, anti-tamper HSM housing so as to ensure sensitive data is encrypted when stored or processed outside the housing. Methods for initializing, deploying, and managing provide a framework through which extended HSMs may be secured from their initial assembly through their availing for use and actual use over a network by one or more clients. Such use often entails repeated discrete sequential secure sessions and concurrent discrete secure sessions.

37 Citations

View as Search Results

45 Claims

1. A method of deploying a secure processing module connected to a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:
- availing to a client device a secure processing module having a first discrete processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program;
  
  establishing a secure communication channel between the client device and said secure processing module;
  
  receiving by said secure processing module an encrypted client package containing at least one of client data and client software; and
  
  decrypting by said cryptography module the encrypted client package, thereby availing the decrypted client package to the processor and allowing the processor to load any client data in application software and run client software.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, additionally comprising the step of validating by said secure processing module a reservation claim of the client device, wherein the step of establishing is blocked until the step of validating is completed.
  - 3. The method of claim 2, wherein said reservation claim is embodied as a reservation token.
  - 4. The method of claim 1, additionally comprising the step of running by said processor client software from the decrypted client package.
  - 5. The method of claim 4, additionally comprising the steps of:
    - encrypting by said cryptography module resultant data, wherein said resultant data embodiments data processed by way of the running of client software; and
      
      transmitting by said secure processing module at least a portion of encrypted resultant data to the client device in the event resultant data was encrypted.
  - 6. The method of claim 1, additionally comprising the steps of:
    - processing by said processor client data from the decrypted client package;
      
      encrypting by said cryptography module processed data, wherein said processed data embodies the client data, after being processed at least in part on the secure processing module; and
      
      transmitting by said secure processing module the encrypted processed data to the client device in the event processed data was encrypted.
  - 7. The method of claim 6, additionally comprising the step of running by said processor client software from the decrypted client package, wherein said client data is processed at least in part by way of client software being run by the processor.
  - 8. The method of claim 4, wherein running client software enables at least one of the provision of a remote interface desired by the client device and the running of client data.
  - 9. The method of claim 1, wherein the secure processing module is adapted to maintain a digest of processing activity, thereby enabling attestation of state changes to the client device.
  - 10. The method of claim 1, wherein said memory includes instructions that configure the processor to selectively load and run at least a bootloader, kernel, operating system image, and system software so as to enable the secure processing module to run at least one application software program.
  - 11. The method of claim 10, wherein the secure processing module includes read only memory and at least a portion of the instructions that configure the processor to selectively load and run the bootloader are stored on the read only memory.

12. A method of managing processing modules available to remote clients over a computer network so as to provide confidentiality, non-repudiation, and authentication to the clients, comprising the steps of:
- providing at least one secure processing module having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program;
  
  connecting said at least one secure processing module to a computer network, thereby enabling the at least one secure processing module to communicate electrical signals over the computer network;
  
  receiving through the computer network an electronic request for allocation of secure processing modules;
  
  allocating at least one secure processing module, wherein the step of allocating includes at least reconfiguring each secure processing module to be allocated and providing identifying information to the party from whom the electronic request was received; and
  
  said step of allocating enabling a party from whom the electronic request was received to transmit at least one of encrypted client data and encrypted client software to any allocated secure processing module; and
  
  said step of allocating further enabling a party from whom the electronic request was received to at least one of receive encrypted processed data and interface with client application software programs, wherein said encrypted processed data embody the encrypted client data after being decrypted, processed, and encrypted on the allocated secure processing module and said client application software programs embody the encrypted client software after being decrypted and run on the allocated secure processing module.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 13. The method of claim 12, wherein the at least one secure processing module is reset prior to being allocated.
  - 14. The method of claim 12, wherein:
    - said at least one secure processing module is connected to the computer network through a control infrastructure that includes at least one controller; and
      
      the control infrastructure is configured to receive, decrypt, authenticate, and store meta-information uniquely identifying any secure processing module connected thereto.
  - 15. The method of claim 14, wherein the control infrastructure performs the steps of receiving and allocating.
  - 16. The method of claim 14, wherein the at least one secure processing module announces and verifies itself to the control infrastructure by transmitting at least one authenticated heartbeat.
  - 17. The method of claim 16, wherein said authenticated heartbeat requires cryptographic signature verification.
  - 18. The method of claim 16, wherein said authenticated heartbeat requires a cryptographic hash computation verification.
  - 19. The method of claim 16, wherein the at least one secure processing module announces and verifies itself to the control infrastructure by transmitting a plurality of discrete authenticated heartbeats.
  - 20. The method of claim 19, wherein at least two of said plurality of discrete authenticated heartbeats are transmitted by said secure processing module sequentially.
  - 21. The method of claim 19, wherein at least two of said plurality of discrete authenticated heartbeats are transmitted by said secure processing module concurrently.
  - 22. The method of claim 19, wherein at least two of said plurality of discrete authenticated heartbeats are verified by the said control infrastructure through distinct procedures.
  - 23. The method of claim 22, wherein:
    - a first one of said plurality of discrete authenticated heartbeats defines a high-overhead heartbeat; and
      
      a second one of said plurality of discrete authenticated heartbeats defines a low-overhead heartbeat.
  - 24. The method of claim 14, wherein the at least one secure processing module is configured to both authenticate messages from the control infrastructure and authenticate itself to the control infrastructure.
  - 25. The method of claim 14, additionally comprising the step of availing by said control infrastructure networked storage with at least one of record-level integrity and store-level integrity to said at least one secure processing module.
  - 26. The method of claim 14, wherein a plurality of secure processing modules are connected to a computer network through the control infrastructure.
  - 27. The method of claim 12, wherein the at least one secure processing module is adapted to virtualize at least the first processor, memory, and cryptography module to create a plurality of virtualized secure processing modules, each of which can be allocated separately.

28. A method of initializing a secure processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:
- providing at least one secure processing module, each having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program;
  
  providing an asymmetric encryption algorithm public/private key pair that includes a public key and a corresponding private key;
  
  storing on said secure processing module the private key; and
  
  receiving and storing a signed public key certificate that has been generated from the public key.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28, wherein the step of providing an asymmetric encryption algorithm public/private key pair includes generating by said secure processing module the public key and private key.
  - 30. The method of claim 29, additionally comprising the step of providing by said secure processing module the public key to an external party.
  - 31. The method of claim 28, additionally comprising the step of receiving on said secure processing module at least one ownership credential, wherein said secure processing module is configured to perform the step of providing an asymmetric encryption algorithm public/private key pair only after completing the step of receiving on said secure processing module at least one ownership credential.

32. A method of initializing a secure processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner which secures sensitive data, code, and other information, comprising the steps of:
- providing at least one secure processing module, each having a first processor, a memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program;
  
  storing by said secure processing module a first ownership credential in response to receiving a first communication;
  
  authenticating by said secure processing module a request from a second communication, wherein the second communication includes a submitted ownership credential and the step of authenticating includes validating the submitted ownership credential against the first ownership credential; and
  
  in the event the submitted ownership credential is validated, said step of authenticating additionally enabling a sender of the second communication to cause the secure processing module to perform at least one of generating at least one second ownership credential, storing the at least one second ownership credential, and changing an internal key pair.

33. A method of managing a secure processing module for use over a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising the steps of:
- providing at least one secure processing module that includes a module processor, module memory, and a module network interface;
  
  providing a control system that includes a control processor, control memory, and a control network interface, wherein said secure processing module and control system are configured to communicate electrical signals between one another through the module network interface and control network interface;
  
  transmitting by said secure processing module at least one verified heartbeat, thereby announcing and verifying the secure processing module to the control system.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The method of claim 33, wherein the step of transmitting is defined by the secure processing module transmitting a plurality of discrete authenticated heartbeats.
  - 35. The method of claim 34, wherein at least two of said plurality of discrete authenticated heartbeats are transmitted by said secure processing module sequentially.
  - 36. The method of claim 34, wherein at least two of said plurality of discrete authenticated heartbeats are transmitted by said secure processing module concurrently.
  - 37. The method of claim 34, wherein at least two of said plurality of discrete authenticated heartbeats are verified by the said control infrastructure through distinct procedures.
  - 38. The method of claim 37, wherein:
    - a first one of said plurality of discrete authenticated heartbeats defines a high-overhead heartbeat; and
      
      a second one of said plurality of discrete authenticated heartbeats defines a low-overhead heartbeat.
  - 39. The method of claim 38, wherein at least one of said high-overhead heartbeats enables the verification of at least one of said low overhead heartbeats.

40. An apparatus for use over a computer network to allow the running of arbitrary client tasks on demand in a manner that secures sensitive data, code, and other information, comprising a first discrete processor, a non-transitory memory, and a cryptography module interconnected inside an anti-tamper enclosure, wherein said memory includes instructions that configure the processor to selectively load and run a plurality of logical layers so as to enable the secure processing module to run at least one application software program.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The apparatus of claim 40, wherein said memory includes instructions that configure the processor to selectively load and run at least a bootloader, kernel, and system software so as to enable the secure processing module to run at least one application software program.
  - 42. The apparatus of claim 41, wherein said memory includes instructions that configure the processor to selectively load and run an operating system image.
  - 43. The apparatus of claim 41, additionally comprising a non-transitory read only memory, wherein at least a portion of the instructions that configure the processor to selectively load and run the bootloader are stored on the read only memory.
  - 44. The apparatus of claim 40, wherein said memory includes instructions that configure the processor to provide a Heartbeat Daemon for sending meta-information.
  - 45. The apparatus of claim 40, additionally comprising at least one of a communication port, data port, and control panel, wherein said at least one of communication port, data port, and control panel adapts the apparatus to removably receive at least one physical ownership credential device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Private Machines Inc.
Original Assignee
Private Machines Inc.
Inventors
Sion, Radu

Granted Patent

US 10,706,182 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

G06F 21/87   by means of encapsulation, ...

H04L 2209/12   Details relating to cryptog...

H04L 9/00   Cryptographic mechanisms or...

H04L 9/0844   with user authentication or...

H04L 9/3226   using a predetermined code,...

H04L 9/3265   using certificate chains, t...

SYSTEMS AND METHODS FOR USING EXTENDED HARDWARE SECURITY MODULES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR USING EXTENDED HARDWARE SECURITY MODULES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links