| CPC H04L 9/083 (2013.01) [G06F 21/606 (2013.01); H04L 9/0825 (2013.01); H04L 9/088 (2013.01); H04L 9/0897 (2013.01); H04L 9/3234 (2013.01); H04L 9/3263 (2013.01); H04L 9/3268 (2013.01)] | 10 Claims |
|
1. A hardware security module device, comprising:
a first transceiver configured to receive a first public key and a first cryptographic certificate, comprising information from which the origin of the first public key can be validated, from a second hardware security module device;
a first processor configured to perform cryptographic operations, the first processor being further configured to:
generate a second cryptographic key pair and a second cryptographic certificate, the second cryptographic key pair comprising a second public key and a second private key and the second cryptographic certificate comprising information from which the origin of the second public key can be identified, wherein the first transceiver is further configured to send the second public key and the second cryptographic certificate to the second hardware security module device;
validate that the first public key originated from the second hardware security module device;
encrypt a first cryptographic key and a corresponding access control list to provide a secure channel between the hardware security module device and the second hardware security module device, wherein the secure channel is derived from the first public key, wherein the access control list specifies that a valid use credential must be presented in order to grant a first type of use of the first cryptographic key;
wherein the first transceiver is further configured to send the encrypted first cryptographic key and access control list, and information from which the origin of the encrypted first cryptographic key can be validated, to the second hardware security module device.
|