Self-encrypting key management system
Abstract
A request may be received from an application provided on a server associated with a self-encrypting key management application. The request may be to establish a connection between the self-encrypting key management application and the other application. In response to receiving the request, a hash value associated with the self-encrypting key management application and a digital signature associated with a processing device may be generated. A message may be provided based on the digital signature and the hash value to the other application. The connection may be established between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method comprising:
receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application; in response to receiving the request, generating, by a processing device, a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device; providing a message based on the digital signature and the hash value to the other application; and establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
2 . The method of claim 1 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
generating the digital signature based on an internal cryptographic key that is internal to the processing device.
3 . The method of claim 1 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
generating the message that includes the hash value associated with the self-encrypting key management application; signing the message with the digital signature associated with the processing device; and providing the signed message to the other application.
4 . The method of claim 3 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application.
5 . The method of claim 1 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application.
6 . The method of claim 1 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.
7 . The method of claim 1 , further comprising:
receiving a cryptographic key from the other application over the established connection; receiving executable code from the other application over the established connection; assigning a secure enclave for the other application; and storing the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.
8 . A system comprising:
a memory; and a processing device, operatively coupled with the memory, to:
receive, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application;
in response to receiving the request, generate a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device;
provide a message based on the digital signature and the hash value to the other application; and
establish the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
9 . The system of claim 8 , wherein to generate the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device, the processing device is to:
generate the digital signature based on an internal cryptographic key that is internal to the processing device.
10 . The system of claim 8 , wherein to provide the message based on the digital signature and the hash value to the other application, the processing device is to:
generate the message that includes the hash value associated with the self-encrypting key management application; sign the message with the digital signature associated with the processing device; and provide the signed message to the other application.
11 . The system of claim 10 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application.
12 . The system of claim 8 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application.
13 . The system of claim 8 , wherein to establish the connection, the processing device is to further base on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.
14 . The system of claim 8 , the processing device is further to:
receive a cryptographic key from the other application over the established connection; receive executable code from the other application over the established connection; assign a secure enclave for the other application; and store the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.
15 . A non-transitory computer readable medium comprising data that, when accessed by a processing device, cause the processing device to perform operations comprising:
receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application; in response to receiving the request, generating a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device; providing a message based on the digital signature and the hash value to the other application; and establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
16 . The non-transitory computer readable medium of claim 15 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
generating the digital signature based on an internal cryptographic key that is internal to the processing device.
17 . The non-transitory computer readable medium of claim 15 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
generating the message that includes the hash value associated with the self-encrypting key management application; signing the message with the digital signature associated with the processing device; and providing the signed message to the other application.
18 . The non-transitory computer readable medium of claim 17 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application.
19 . The non-transitory computer readable medium of claim 15 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application.
20 . The non-transitory computer readable medium of claim 15 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.