公开(公告)号：US20240179000A1

公开(公告)日：2024-05-30

申请号：US18060159

申请日：2022-11-30

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Brian W. Pruss ,  Amalendu Roy ,  Brent A. Veltkamp

IPC: H04L9/08

CPC classification number: H04L9/0897 ,  H04L9/0877 ,  H04L2209/12

Abstract: A system for securely managing a plurality of hardware security modules (HSMs). One example provides a host device, a first HSM, and a second HSM. The host device is configured to designate the first HSM as a primary HSM, and activate a security association mode in the primary HSM. The first HSM is configured to generate a multi-HSM exchange key (“MEK”), and encrypt the MEK using a temporary key generated with a key agreement protocol between the first HSM and the second HSM. The first HSM shares the encrypted MEK with the second HSM via the host device. The host device deactivates the security association mode, and the first HSM receives a traffic encryption key (“TEK”). The first HSM encrypts the TEK using the MEK, and shares the encrypted TEK with the second HSM via the host device. The second HSM decrypts the TEK using the MEK.

公开(公告)号：US12192353B2

公开(公告)日：2025-01-07

申请号：US18060159

申请日：2022-11-30

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Brian W. Pruss ,  Amalendu Roy ,  Brent A. Veltkamp

IPC: H04L29/06 ,  H04L9/08

Abstract: A system for securely managing a plurality of hardware security modules (HSMs). One example provides a host device, a first HSM, and a second HSM. The host device is configured to designate the first HSM as a primary HSM, and activate a security association mode in the primary HSM. The first HSM is configured to generate a multi-HSM exchange key (“MEK”), and encrypt the MEK using a temporary key generated with a key agreement protocol between the first HSM and the second HSM. The first HSM shares the encrypted MEK with the second HSM via the host device. The host device deactivates the security association mode, and the first HSM receives a traffic encryption key (“TEK”). The first HSM encrypts the TEK using the MEK, and shares the encrypted TEK with the second HSM via the host device. The second HSM decrypts the TEK using the MEK.