US2020204530A1PendingUtilityA1

Self-encrypting key management system

Assignee: FORTANIX INCPriority: Jan 13, 2017Filed: Mar 2, 2020Published: Jun 25, 2020
Est. expiryJan 13, 2037(~10.5 yrs left)· nominal 20-yr term from priority
H04L 9/3247H04L 9/0822H04L 9/0897G06F 21/602H04L 63/062H04L 63/06
58
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A request may be received from an application provided on a server associated with a self-encrypting key management application. The request may be to establish a connection between the self-encrypting key management application and the other application. In response to receiving the request, a hash value associated with the self-encrypting key management application and a digital signature associated with a processing device may be generated. A message may be provided based on the digital signature and the hash value to the other application. The connection may be established between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method comprising:
 receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application;   in response to receiving the request, generating, by a processing device, a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device;   providing a message based on the digital signature and the hash value to the other application; and   establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.   
     
     
         2 . The method of  claim 1 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
 generating the digital signature based on an internal cryptographic key that is internal to the processing device.   
     
     
         3 . The method of  claim 1 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
 generating the message that includes the hash value associated with the self-encrypting key management application;   signing the message with the digital signature associated with the processing device; and   providing the signed message to the other application.   
     
     
         4 . The method of  claim 3 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application. 
     
     
         5 . The method of  claim 1 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application. 
     
     
         6 . The method of  claim 1 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device. 
     
     
         7 . The method of  claim 1 , further comprising:
 receiving a cryptographic key from the other application over the established connection;   receiving executable code from the other application over the established connection;   assigning a secure enclave for the other application; and   storing the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.   
     
     
         8 . A system comprising:
 a memory; and   a processing device, operatively coupled with the memory, to:
 receive, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application; 
 in response to receiving the request, generate a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device; 
 provide a message based on the digital signature and the hash value to the other application; and 
 establish the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message. 
   
     
     
         9 . The system of  claim 8 , wherein to generate the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device, the processing device is to:
 generate the digital signature based on an internal cryptographic key that is internal to the processing device.   
     
     
         10 . The system of  claim 8 , wherein to provide the message based on the digital signature and the hash value to the other application, the processing device is to:
 generate the message that includes the hash value associated with the self-encrypting key management application;   sign the message with the digital signature associated with the processing device; and   provide the signed message to the other application.   
     
     
         11 . The system of  claim 10 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application. 
     
     
         12 . The system of  claim 8 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application. 
     
     
         13 . The system of  claim 8 , wherein to establish the connection, the processing device is to further base on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device. 
     
     
         14 . The system of  claim 8 , the processing device is further to:
 receive a cryptographic key from the other application over the established connection;   receive executable code from the other application over the established connection;   assign a secure enclave for the other application; and   store the executable code and the cryptographic key from the other application at the secure enclave for the other application, wherein the executable code is retrieved in response to a subsequent request to perform an operation with the cryptographic key and the executable code.   
     
     
         15 . A non-transitory computer readable medium comprising data that, when accessed by a processing device, cause the processing device to perform operations comprising:
 receiving, from an application provided on a server associated with a self-encrypting key management application, a request to establish a connection between the self-encrypting key management application and the other application;   in response to receiving the request, generating a hash value associated with the self-encrypting key management application and a digital signature associated with the processing device;   providing a message based on the digital signature and the hash value to the other application; and   establishing the connection between the self-encrypting key management application and the other application in response to receiving an indication from the other application that the self-encrypting key management application has been authenticated based on the message.   
     
     
         16 . The non-transitory computer readable medium of  claim 15 , wherein the generating of the hash value associated with the self-encrypting key management application and the digital signature associated with the processing device comprises:
 generating the digital signature based on an internal cryptographic key that is internal to the processing device.   
     
     
         17 . The non-transitory computer readable medium of  claim 15 , wherein the providing of the message based on the digital signature and the hash value to the other application comprises:
 generating the message that includes the hash value associated with the self-encrypting key management application;   signing the message with the digital signature associated with the processing device; and   providing the signed message to the other application.   
     
     
         18 . The non-transitory computer readable medium of  claim 17 , wherein the signed message comprises at least one of identification information of the processing device or identification information of the self-encrypting key management application. 
     
     
         19 . The non-transitory computer readable medium of  claim 15 , wherein the hash value associated with the self-encrypting key management application corresponds to another hash value used by the other application. 
     
     
         20 . The non-transitory computer readable medium of  claim 15 , wherein the establishing of the connection is further based on verification of the digital signature associated with the processing device, by the other application, using a public key that corresponds to an internal cryptographic key that is internal to the processing device.

Join the waitlist — get patent alerts

Track US2020204530A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.