| CPC H04L 9/0819 (2013.01) [H04L 9/0643 (2013.01); H04L 9/3247 (2013.01); H04L 9/50 (2022.05)] | 10 Claims |
|
1. A computer implemented method of non-repudiatively transitioning management of a cryptographic key from a first hardware security module (HSM) to a second HSM, the cryptographic key being associated with the first HSM by a digitally signed record in a blockchain, the blockchain being accessible via a network and including a plurality of records validated by miner computing components, wherein the blockchain is not relied on for management or storage of the cryptographic key, the method comprising:
receiving a request from the second HSM to associate the cryptographic key with the second HSM, the request having associated identification information for a requester of the cryptographic key;
verifying an entitlement of the requester to the cryptographic key by the first HSM, wherein the entitlement of the requester is verified based on the identification information for the requester;
responsive to the verification by the first HSM, generating a new record for storage in the blockchain, the new record associating the cryptographic key with the second HSM and being validated by the miner components;
further responsive to the verification by the first HSM, securely and non-repudiatively transferring the cryptographic key from the first HSM to the second HSM;
verifying that the cryptographic key is associated with the second HSM in the blockchain; and
responsive to the verification that the cryptographic key is associated with the second HSM, transferring the cryptographic key from the second HSM to the requester of the cryptographic key.
|