Cryptographic key containers on a USB token
First Claim
1. A method comprising:
- receiving, in a computer system comprising a processor, a request to access a cryptographic key;
the processor communicating with an application programming interface to automatically conduct a search, without requiring user interaction, for a USB compatible storage device having a first cryptographic key stored thereon in a key container, the searching comprising the processor searching an index of USB compatible storage devices to search for the key container;
if the USB compatible storage device is found, fetching, via a protected cryptographic process, the first cryptographic key from the USB compatible storage device, the protected cryptographic process preventing any user application executed by an operating system on the computer system, from directly accessing the cryptographic key; and
if the USB compatible storage device is not found;
rendering a prompt to provide the USB compatible storage device;
determining if the USB compatible storage device has been provided;
if the USB compatible storage device has been provided, accessing the first cryptographic key on the USB compatible storage device via the protected cryptographic process which prevents any user application executed by an operating system on the computer system from directly accessing the cryptographic key; and
if the USB compatible storage device has not been provided, accessing a second cryptographic key stored in a memory of the computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
A Universal Serial Bus (USB) compatible storage device is utilized as a security token for storage of cryptographic keys. A cryptographic subsystem of a processor accesses cryptographic keys in containers on the USB compatible storage device. Accessing includes storing and/or retrieving. The processor does not include an infrastructure dedicated to the USB compatible storage device. Cryptographic key storage is redirected from an in-processor container to the USB compatible storage device. No password or PIN is required to access the cryptographic keys, yet enhanced security is provided. Utilizing a USB compatible storage device for a cryptographic key container provides a convenient, portable, mechanism for carrying the cryptographic key, and additional security is provided via physical possession of the device.
26 Citations
17 Claims
-
1. A method comprising:
-
receiving, in a computer system comprising a processor, a request to access a cryptographic key; the processor communicating with an application programming interface to automatically conduct a search, without requiring user interaction, for a USB compatible storage device having a first cryptographic key stored thereon in a key container, the searching comprising the processor searching an index of USB compatible storage devices to search for the key container; if the USB compatible storage device is found, fetching, via a protected cryptographic process, the first cryptographic key from the USB compatible storage device, the protected cryptographic process preventing any user application executed by an operating system on the computer system, from directly accessing the cryptographic key; and if the USB compatible storage device is not found; rendering a prompt to provide the USB compatible storage device; determining if the USB compatible storage device has been provided; if the USB compatible storage device has been provided, accessing the first cryptographic key on the USB compatible storage device via the protected cryptographic process which prevents any user application executed by an operating system on the computer system from directly accessing the cryptographic key; and if the USB compatible storage device has not been provided, accessing a second cryptographic key stored in a memory of the computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer system comprising:
-
a processor; and memory coupled to the processor, the memory comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising; receiving a request to access a cryptographic key; searching, via an application programming interface to automatically search, without requiring user interaction, for a USB compatible storage device having a first cryptographic key stored thereon in a key container, the searching comprising searching an index of USB compatible storage devices to search for the key container; and if the USB compatible storage device is found, fetching, via a protected cryptographic process, the first cryptographic key on the USB compatible storage device, the protected cryptographic process preventing any user application executed by an operating system on the computer system, from directly accessing the cryptographic key; and if the USB compatible storage device is not found; rendering a prompt to provide the USB compatible storage device; determining if the USB compatible storage device has been provided; if the USB compatible storage device has been provided, accessing the first cryptographic key on the USB compatible storage device via the protected cryptographic process which prevents any user application executed by an operating system on the computer system from directly accessing the cryptographic key; and if the USB compatible storage device has not been provided, accessing a second cryptographic key stored in a memory of the computer system. - View Dependent Claims (10, 11, 12)
-
-
13. A computer-readable storage medium that is not a transient signal, the computer-readable storage medium having stored thereon computer-executable instructions that when executed by a processor cause the processor to effectuate operations comprising:
-
receiving, in a computer system, a request to access a cryptographic key; searching, via an application programming interface to automatically search, without requiring user interaction, for a USB compatible storage device having a first cryptographic key stored thereon in a key container, the searching comprising searching an index of USB compatible storage devices to search for the key container; and if the USB compatible storage device is found, fetching via a protected cryptographic process, the first cryptographic key from the USB compatible storage device, the protected cryptographic process preventing any user application executed by an operating system on the computer system, from directly accessing the cryptographic key; and if the USB compatible storage device is not found; rendering a prompt to provide the USB compatible storage device; determining if the USB compatible storage device has been provided; if the USB compatible storage device has been provided, accessing the first cryptographic key on the USB compatible storage device via the protected cryptographic process which prevents any user application executed by an operating system on the computer system from directly accessing the cryptographic key; and if the USB compatible storage device has not been provided, accessing a second cryptographic key stored in a memory of the computer system. - View Dependent Claims (14, 15, 16, 17)
-
Specification