What technology area does this patent fall under?

Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue May 15 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Controlled use of a hardware security module

US9973496B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9973496-B2
Application number	US-201514875828-A
Country	US
Kind code	B2
Filing date	Oct 6, 2015
Priority date	Oct 8, 2014
Publication date	May 15, 2018
Grant date	May 15, 2018

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods are provided for using a hardware module connectable to multiple computer systems, where the multiple computer systems are connectable to a server within a common network. The method includes: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module; providing a private key in the persistent memory of the hardware security module; and based on the hardware security module being connectable to one of the computer systems, the method includes: establishing a secure connection between the hardware security module and the server; retrieving, via the secure connection, a wrapping key from the server and storing it in volatile memory of the hardware security module; and decrypting the encrypted secret entity with the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for using a hardware security module connectable to multiple computer systems, the multiple computer systems being connectable to a server within a common network, and the method comprising: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module, wherein the encrypted secret entity is provided from a secret entity encrypted using a wrapping key, and wherein the encrypted secret entity remains in the persistent memory of the hardware security module when the hardware security module is disconnected from a computer system of the multiple computer systems; providing a private key in the persistent memory of the hardware security module; based on the hardware security module being connected to one computer system of the multiple computer systems, the method comprising: establishing a secure connection between the hardware security module and the server; retrieving from the server, via the secure connection, an encrypted wrapping key generated by the server, the encrypted wrapping key being an encrypted version of the wrapping key used to provide the encrypted secret entity; decrypting the encrypted wrapping key using the private key to obtain the wrapping key and storing the wrapping key in volatile memory of the hardware security module; and decrypting the encrypted secret entity using the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module. 2. The method of claim 1 , wherein providing the encrypted secret entity comprises encrypting a secret entity with the wrapping key and storing the encrypted secret entity in the persistent memory of the hardware security module. 3. The method of claim 1 , further comprising retrieving the encrypted wrapping key from the server encrypted with a public key of the hardware security module. 4. The method of claim 1 , further comprising deleting the wrapping key from the volatile memory of the hardware security module after decrypting the encrypted secret entity. 5. The method of claim 1 , wherein the secret entity is a master key. 6. The method of claim 1 , further comprising deleting the volatile memory upon powering off the hardware security module. 7. The method of claim 1 , further comprising attributing the wrapping key exclusively to the hardware security module. 8. The method of claim 1 , wherein the server controls access thereto via a list of hardware security modules authorized to access the server via a secure connection, the hardware security module being identified in the list of hardware security modules. 9. A system for using a hardware security module connectable to multiple computer systems, the multiple computer systems being connectable to a server within a common network, and the system comprising: a memory; and a processing device communicatively coupled to the memory, wherein the system performs: providing a network address of the server in persistent memory of the hardware security module, wherein the encrypted secret entity is provided from a secret entity encrypted using a wrapping key, and wherein the encrypted secret entity remains in the persistent memory of the hardware security module when the hardware security module is disconnected from a computer system of the multiple computer systems; providing an encrypted secret entity in the persistent memory of the hardware security module; providing a private key in the persistent memory of the hardware security module; based on the hardware security module being connected to one computer system of the multiple computer systems, performing: establishing a secure connection between the hardware security module and the server; retrieving from the server, via the secure connection, an encrypted wrapping key generated by the server, the encrypted wrapping key being an encrypted version of the wrapping key used to provide the encrypted secret entity; decrypting the encrypted wrapping key using the private key to obtain the wrapping key and storing the wrapping key in volatile memory of the hardware security module; and decrypting the encrypted secret entity using the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module. 10. The system of claim 9 , wherein providing the encrypted secret entity comprises encrypting the secret entity with the wrapping key and storing the encrypted secret entity in the persistent memory of the hardware security module. 11. The system of claim 9 , further comprising retrieving the encrypted wrapping key from the server encrypted with a public key of the hardware security module. 12. The system of claim 9 , further comprising deleting the wrapping key from the volatile memory of the hardware security module after decrypting the encrypted secret entity. 13. The system of claim 9 , wherein the secret entity is a master key. 14. The system of claim 9 , further comprising deleting the volatile memory upon powering off the hardware security module. 15. The system of claim 9 , further comprising attributing the wrapping key exclusively to the hardware security module. 16. The system of claim 9 , wherein the server controls access thereto via a list of hardware security modules authorized to access the server via a secure connection, the hardware security module being identified in the list of hardware security modules. 17. A computer program product for using a hardware security module connectable to multiple computer systems, the multiple computer systems being connectable to a server within a common network, the computer program product comprising: a non-transitory computer readable storage medium having computer readable instructions embodied therewith, the computer readable instructions being executable to perform: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module, wherein the encrypted secret entity is provided from a secret entity encrypted using a wrapping key, and wherein the encrypted secret entity remains in the persistent memory of the hardware security module when the hardware security module is disconnected from a computer system of the multiple computer systems; providing a private key in the persistent memory of the hardware security module; based on the hardware security module being connected to any computer system of the multiple computer systems, the method comprising: establishing a secure connection between the hardware security module and the server; retrieving from the sender, via the secure connection, an encrypted wrapping key generated by the server, the encrypted wrapping key being an encrypted version of the wrapping key used to provide the encrypted secret entity; decrypting the encrypted wrapping key using the private key to obtain the wrapping key and storing the wrapping key in volatile memory of the hardware security module; and decrypting the encrypted secret entity using the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module. 18. The computer program product of claim 17 , wherein providing the encrypted secret entity comprises encrypting the secret entity with the wrapping key and storing the encrypted secret entity in the persistent memory of the hardware security module. 19. The comp

Assignees

Inventors

Classifications

H04L63/0853Primary
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
H04L63/062
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
H04L2463/062
applying encryption of the keys · CPC title

Patent family

Related publications grouped by family.

View patent family 51947034

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9973496B2 cover?: Methods are provided for using a hardware module connectable to multiple computer systems, where the multiple computer systems are connectable to a server within a common network. The method includes: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module; provi…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification H04L63/0853. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue May 15 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).