US2020204530A1PendingUtilityA1

Self-encrypting key management system

58
Assignee: FORTANIX INCPriority: Jan 13, 2017Filed: Mar 2, 2020Published: Jun 25, 2020
Est. expiryJan 13, 2037(~10.5 yrs left)· nominal 20-yr term from priority
H04L 9/3247H04L 9/0822H04L 9/0897G06F 21/602H04L 63/062H04L 63/06
58
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A request may be received from an application provided on a server associated with a self-encrypting key management application. The request may be to establish a connection between the self-encrypting key management application and the other application. In response to receiving the request, a hash value associated with the self-encrypting key management application and a digital signature associated with a processing device may be generated. A message may be provided based on the digital signature and the hash value to the other application. The connection may be established between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method comprising:
 receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application;   in response to receiving the request, generating, by a processing device, a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device;   providing a message based on the digital signature and the hash value to the other application; and   establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.   
     
     
         2 . The method of  claim 1 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
 generating the digital signature based on an internal cryptographic key that is internal to the processing device.   
     
     
         3 . The method of  claim 1 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
 generating the message that includes the hash value associated with the self-encrypting key management application;   signing the message with the digital signature associated with the processing device; and   providing the signed message to the other application.   
     
     
         4 . The method of  claim 3 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application. 
     
     
         5 . The method of  claim 1 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application. 
     
     
         6 . The method of  claim 1 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device. 
     
     
         7 . The method of  claim 1 , further comprising:
 receiving a cryptographic key from the other application over the established connection;   receiving executable code from the other application over the established connection;   assigning a secure enclave for the other application; and   storing the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.   
     
     
         8 . A system comprising:
 a memory; and   a processing device, operatively coupled with the memory, to:
 receive, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application; 
 in response to receiving the request, generate a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device; 
 provide a message based on the digital signature and the hash value to the other application; and 
 establish the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message. 
   
     
     
         9 . The system of  claim 8 , wherein to generate the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device, the processing device is to:
 generate the digital signature based on an internal cryptographic key that is internal to the processing device.   
     
     
         10 . The system of  claim 8 , wherein to provide the message based on the digital signature and the hash value to the other application, the processing device is to:
 generate the message that includes the hash value associated with the self-encrypting key management application;   sign the message with the digital signature associated with the processing device; and   provide the signed message to the other application.   
     
     
         11 . The system of  claim 10 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application. 
     
     
         12 . The system of  claim 8 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application. 
     
     
         13 . The system of  claim 8 , wherein to establish the connection, the processing device is to further base on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device. 
     
     
         14 . The system of  claim 8 , the processing device is further to:
 receive a cryptographic key from the other application over the established connection;   receive executable code from the other application over the established connection;   assign a secure enclave for the other application; and   store the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.   
     
     
         15 . A non-transitory computer readable medium comprising data that, when accessed by a processing device, cause the processing device to perform operations comprising:
 receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application;   in response to receiving the request, generating a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device;   providing a message based on the digital signature and the hash value to the other application; and   establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.   
     
     
         16 . The non-transitory computer readable medium of  claim 15 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
 generating the digital signature based on an internal cryptographic key that is internal to the processing device.   
     
     
         17 . The non-transitory computer readable medium of  claim 15 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
 generating the message that includes the hash value associated with the self-encrypting key management application;   signing the message with the digital signature associated with the processing device; and   providing the signed message to the other application.   
     
     
         18 . The non-transitory computer readable medium of  claim 17 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application. 
     
     
         19 . The non-transitory computer readable medium of  claim 15 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application. 
     
     
         20 . The non-transitory computer readable medium of  claim 15 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.