| CPC H04L 9/0819 (2013.01) [G06F 21/72 (2013.01); H04L 9/0852 (2013.01); H04L 9/0869 (2013.01); H04L 9/14 (2013.01); H04L 9/0816 (2013.01); H04L 9/0827 (2013.01); H04L 9/0833 (2013.01); H04L 63/062 (2013.01)] | 20 Claims |
|
1. A method for hardware security module (HSM) communication management comprising:
deriving, by key derivation circuitry of a first HSM, a first cryptographic key based on an initial key and a first set of seed bits, wherein deriving the first cryptographic key establishes a first communication group comprising the first HSM and a second HSM based on the second HSM having also derived the first cryptographic key;
receiving, by communications hardware of the first HSM, a secure message comprising a second cryptographic key from a key exchange management device, wherein the second cryptographic key is associated with a second communication group comprising a third HSM and a fourth HSM;
deriving, by the key derivation circuitry of the first HSM, a third cryptographic key based on the first cryptographic key and the second cryptographic key, wherein deriving the third cryptographic key establishes a third communication group comprising the first HSM, the second HSM, the third HSM, and the fourth HSM based on the second HSM, the third HSM, and the fourth HSM having also derived the third cryptographic key; and
performing, by data protection circuitry of the first HSM, a first cryptographic data protection action using the third cryptographic key, wherein the first cryptographic data protection action facilitates secure communication between HSMs of the third communication group.
|