| CPC H04L 9/0897 (2013.01) [H04L 9/0877 (2013.01); H04L 2209/12 (2013.01)] | 20 Claims |
|
1. A system for securely managing a plurality of hardware security modules (HSMs) each including a memory and an electronic processor, the system comprising:
a first HSM;
a second HSM; and
a host device including a host memory and an electronic processor configured to
designate the first HSM as a primary HSM,
designate the second HSM as a subordinate HSM, and
activate a security association mode;
wherein the first HSM is configured to
in response to the security association mode being activated, generate a multi-HSM exchange key,
using a temporary key generated with a key agreement protocol between the first HSM and the second HSM, encrypt the multi-HSM exchange key using the temporary key, and
share an encrypted multi-HSM exchange key with the second HSM via the host device;
wherein the host device is further configured to
in response to the first HSM sharing the encrypted multi-HSM exchange key with the second HSM, deactivate the security association mode;
wherein the first HSM is further configured to
receive a traffic encryption key (TEK), and
in response to receiving the TEK, notify the host device of having received the TEK;
wherein the host device is further configured to
transmit a request to the first HSM to encrypt the TEK using the multi-HSM exchange key,
receive an encrypted TEK from the first HSM,
store the encrypted TEK in the host memory, and
provide the encrypted TEK to the second HSM;
wherein the second HSM is configured to
invalidate or erase the TEK upon completion of a processing session.
|