Self-encrypting key management system
Abstract
A request may be received from an application provided on a server associated with a self-encrypting key management application. The request may be to establish a connection between the self-encrypting key management application and the other application. In response to receiving the request, a hash value associated with the self-encrypting key management application and a digital signature associated with a processing device may be generated. A message may be provided based on the digital signature and the hash value to the other application. The connection may be established between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method comprising:
receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application; in response to receiving the request, generating, by a processing device, a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device; providing a message based on the digital signature and the hash value to the other application; and establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
2 . The method of claim 1 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
generating the digital signature based on an internal cryptographic key that is internal to the processing device.
3 . The method of claim 1 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
generating the message that includes the hash value associated with the self-encrypting key management application; signing the message with the digital signature associated with the processing device; and providing the signed message to the other application.
4 . The method of claim 3 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application.
5 . The method of claim 1 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application.
6 . The method of claim 1 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.
7 . The method of claim 1 , further comprising:
receiving a cryptographic key from the other application over the established connection; receiving executable code from the other application over the established connection; assigning a secure enclave for the other application; and storing the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.
8 . A system comprising:
a memory; and a processing device, operatively coupled with the memory, to:
receive, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application;
in response to receiving the request, generate a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device;
provide a message based on the digital signature and the hash value to the other application; and
establish the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
9 . The system of claim 8 , wherein to generate the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device, the processing device is to:
generate the digital signature based on an internal cryptographic key that is internal to the processing device.
10 . The system of claim 8 , wherein to provide the message based on the digital signature and the hash value to the other application, the processing device is to:
generate the message that includes the hash value associated with the self-encrypting key management application; sign the message with the digital signature associated with the processing device; and provide the signed message to the other application.
11 . The system of claim 10 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application.
12 . The system of claim 8 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application.
13 . The system of claim 8 , wherein to establish the connection, the processing device is to further base on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.
14 . The system of claim 8 , the processing device is further to:
receive a cryptographic key from the other application over the established connection; receive executable code from the other application over the established connection; assign a secure enclave for the other application; and store the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.
15 . A non-transitory computer readable medium comprising data that, when accessed by a processing device, cause the processing device to perform operations comprising:
receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application; in response to receiving the request, generating a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device; providing a message based on the digital signature and the hash value to the other application; and establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.
16 . The non-transitory computer readable medium of claim 15 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
generating the digital signature based on an internal cryptographic key that is internal to the processing device.
17 . The non-transitory computer readable medium of claim 15 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
generating the message that includes the hash value associated with the self-encrypting key management application; signing the message with the digital signature associated with the processing device; and providing the signed message to the other application.
18 . The non-transitory computer readable medium of claim 17 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application.
19 . The non-transitory computer readable medium of claim 15 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application.
20 . The non-transitory computer readable medium of claim 15 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.Join the waitlist — get patent alerts
Track US2020204530A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.