公开(公告)号：US20130230165A1

公开(公告)日：2013-09-05

申请号：US13853880

申请日：2013-03-29

Applicant: BROADCOM CORPORATION

Inventor： Mark BUER ,  Zheng QI

IPC: H04L9/08

CPC classification number: H04L63/0428 ,  G06F21/602 ,  H04L9/0822 ,  H04L9/083 ,  H04L9/3228 ,  H04L9/3234 ,  H04L63/061

Abstract: A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE.

Abstract translation: 本文描述了用于数据的密码处理的用于安全和可扩展的密钥管理的方法和系统。 在该方法中，通用密码引擎（GPE）通过密钥服务器的安全通道接收密钥资料，并将接收到的密钥加密密钥（KEK）和/或纯文本密钥存储在安全密钥缓存中。 当从主机接收到加密处理数据块的请求时，请求实体使用包含在请求中的认证标签进行认证。 如果认证成功，则GPE检索明文密钥或使用KEK生成明文密文，使用明文密钥对数据进行加密处理，并发送处理后的数据。 该系统包括安全地向主机提供加密密钥和/或密钥句柄的密钥服务器以及GPE的密钥加密密钥和/或明文密钥。