Postponing entropy depletion in key management systems with hardware security modules

What is claimed is: 1. A computer-implemented method for managing cryptographic objects in a key management system, the system comprising a set of one or more hardware security modules (HSMs), and clients interacting with the HSMs on behalf of users interacting with the clients, the method comprising, for each HSM of the set: monitoring, using a processor of the key management system, an entropy pool of said each HSM for generating cryptographic objects and/or a load induced at said each HSM due to the users interacting with the clients in order to obtain such cryptographic objects; and generating, using the processor, cryptographic objects at said each HSM according to the monitored entropy pool and/or load, such that an extent in which such objects are generated depends on the monitored entropy pool and/or load; wherein generating said cryptographic objects comprises accumulating such objects at said each HSM, in order to adjust the load induced at said each HSM with respect to a current value of the monitored entropy pool. 2. The method according to claim 1 , wherein: monitoring comprises monitoring the load induced at said each HSM, wherein the extent in which such objects are generated at said each HSM depends on the monitored load, such that a rate at which such objects are generated is increased if the monitored load drops under a given, load threshold value. 3. The method according to claim 1 , wherein: said cryptographic objects are generated at said each HSM so as to accumulate reserves of cryptographic objects for future uses. 4. The method according to claim 3 , wherein: the method further comprises instructing to store at least part of the generated cryptographic objects on said each HSM. 5. The method according to claim 4 , wherein: generating the cryptographic objects at said each HSM comprises generating: cryptographic keys, the latter including symmetric keys and/or asymmetric keys; and initialization vectors. 6. The method according to claim 5 , wherein: the method further comprises, upon request of one of the clients, performing a cryptographic operation at said each HSM, whereby one or more of said initialization vectors are used along with one or more cryptographic keys as input to a cryptographic primitive for data encryption. 7. The method according to claim 5 , wherein: the method further comprises instructing to store the generated cryptographic keys and initialization vectors on said each HSM. 8. The method according to claim 7 , wherein: generating the cryptographic objects at said each HSM further comprises wrapping, based on a master key residing in said each HSM, one or more of the keys generated at said each HSM to obtain one or more wrapped keys, respectively. 9. The method according to claim 8 , wherein the method further comprises: supplying one or more of the wrapped keys obtained at said each HSM for subsequent storage on an external storage medium. 10. The method according to claim 9 , wherein the method further comprises: receiving, from one of the clients, a request to perform a cryptographic operation, the request comprising a wrapped key as previously supplied to the client, or an identifier of this wrapped key; locating in one of the HSMs, a key corresponding to the wrapped key or the identifier received with the request; and performing the requested cryptographic operation at said one of the HSMs based on the located key. 11. The method according to claim 8 , wherein the method further comprises: checking a memory capacity of said HSM, prior to generating said cryptographic objects; and if the monitored memory capacity is smaller than a given memory capacity threshold value, supplying one or more of the cryptographic objects generated at said each HSM for subsequent storage on an external storage medium, and deleting, from said each HSM, one or more cryptographic objects corresponding to the one or more cryptographic objects supplied. 12. The method according to claim 11 , wherein: the supplied cryptographic objects comprise one or more wrapped keys as previously obtained at said HSM. 13. The method according to claim 12 , wherein: the one or more cryptographic objects deleted comprises one or more cryptographic keys corresponding to the one or more wrapped keys supplied. 14. The method according to claim 13 , wherein: the cryptographic keys deleted comprise both wrapped keys and unwrapped keys corresponding to the wrapped keys supplied. 15. The method according to claim 14 , wherein: the supplied cryptographic objects further comprise initialization vectors, as previously generated at said HSM, and the one or more cryptographic objects deleted further comprise the supplied initialization vectors. 16. The method according to claim 14 , wherein the method further comprises: receiving, from one of the clients, a request to perform a cryptographic operation, the request comprising a wrapped key as previously supplied from said each HSM; unwrapping the wrapped key received according to a master key residing in said each HSM to restore a corresponding key; and performing the requested cryptographic operation at said each HSM based on the restored key. 17. The method according to claim 11 , wherein: the monitored memory capacity is a capacity of a hardware memory device configured, in said each HSM, as cache memory for said each HSM. 18. The method according to claim 1 , wherein: the cryptographic objects are generated at said each HSM according to a parameterized function of the monitored entropy pool and/or load; and the method further comprises receiving inputs as to one or more parameters of the function and updating said function according to the received inputs. 19. The method according to claim 1 , wherein: the method further comprises, prior to generating the cryptographic objects: monitoring cryptographic objects already generated at said each HSM, so as to obtain corresponding statistics; and comparing such statistics with reference data, to obtain a comparison outcome, and wherein the cryptographic objects are subsequently generated at said each HSM based on the obtained comparison outcome. 20. The method according to claim 1 , wherein: monitoring comprises monitoring the entropy pool of said each HSM, whereby the extent in which such objects are generated at said each HSM depends on the monitored entropy pool, such that a rate at which such objects are generated is increased if the monitored entropy pool exceeds a given, entropy threshold value. 21. The method according to claim 2 , wherein: said cryptographic objects are generated so as to mitigate a potential entropy depletion of the entropy pool of said each HSM. 22. A computerized system for managing cryptographic objects, the system comprising a set of one or more hardware security modules (HSMs), and clients configured to interact with the set of HSMs on behalf of users, wherein the system is configured, for each HSM of the set, to: monitor an entropy pool of said each HSM for generating cryptographic objects and/or a load induced at said each HSM due to the users interacting with the clients in order to obtain such cryptographic object; and generate cryptographic objects at said each HSM according to the monitored entropy pool and/or load, such that an extent in which such objects are generated depends on the monitored entropy pool and/or load; wherein generate said cryptographic objects comprises accumulate