-
1.发明申请SYSTEMS AND METHODS FOR SECURED BACKUP OF HARDWARE SECURITY MODULES FOR CLOUD-BASED WEB SERVICES 有权用于基于云的WEB服务的硬件安全模块的安全备份的系统和方法公开(公告)号:US20150358161A1
公开(公告)日:2015-12-10
申请号:US14723858
申请日:2015-05-28
申请人: CAVIUM, INC.
CPC分类号: H04L63/062 , G06F9/452 , G06F9/45558 , G06F9/50 , G06F21/335 , G06F21/602 , G06F2209/509 , H04L9/0897 , H04L9/3234 , H04L63/0485 , H04L63/06 , H04L63/0823 , H04L63/168 , H04L67/42
摘要: A new approach is proposed to support secured hardware security module (HSM) backup for a plurality of web services hosted in a cloud to offload their key storage, management, and crypto operations to the HSM. Each HSM is a high-performance, FIPS 140-compliant security solution for crypto acceleration of the web services. Each HSM includes multiple partitions isolated from each other, where each HSM partition is dedicated to support one of the web service hosts/servers to offload its crypto operations via a HSM virtual machine (VM) over the network. The HSM-VM is configured to export objects from the key store of a first HSM partition to a key store of a second HSM partition, wherein the second HSM partition is configured to serve the key management and crypto operations offloaded from the web service host once the objects exported from the key store of the first HSM partition are received.
摘要翻译: 提出了一种新方法来支持云中托管的多个Web服务的安全硬件安全模块(HSM)备份,以将密钥存储,管理和加密操作卸载到HSM。 每个HSM都是符合FIPS 140标准的高性能安全解决方案,用于加密Web服务。 每个HSM包括彼此隔离的多个分区,其中每个HSM分区专用于支持一个Web服务主机/服务器,以通过网络通过HSM虚拟机(VM)卸载其加密操作。 HSM-VM被配置为将对象从第一HSM分区的密钥存储区导出到第二HSM分区的密钥库,其中第二HSM分区被配置为服务于从web服务主机卸载的密钥管理和密码操作一次 接收从第一个HSM分区的密钥存储区导出的对象。
-
2.发明申请SYSTEMS AND METHODS FOR SECURED HARDWARE SECURITY MODULE COMMUNICATION WITH WEB SERVICE HOSTS 审中-公开具有WEB服务主机的安全硬件安全模块通信的系统和方法公开(公告)号:US20150358294A1
公开(公告)日:2015-12-10
申请号:US14662012
申请日:2015-03-18
申请人: CAVIUM, INC.
CPC分类号: H04L9/3268 , G06F9/45558 , G06F21/335 , G06F21/602 , G06F2009/45587 , H04L9/321 , H04L63/04 , H04L63/0485 , H04L63/06 , H04L63/0823
摘要: A new approach is proposed that contemplates systems and methods to support security communication between a hardware security module (HSM) and for a plurality of web services hosted in a cloud to offload their key storage, management, and crypto operations to the HSM. Each of a plurality of HSM virtual machines (VMs) establishes a secure communication channel with a web service hosts/server to offload its key management and crypto operations to a HSM partition of the HSM dedicated to support the web service. An HSM managing VM can also be deployed to monitor and manage the operations of the HSM-VMs to support the plurality of web service hosts.
摘要翻译: 提出了一种新的方法,其考虑用于支持硬件安全模块(HSM)和云中托管的多个Web服务之间的安全通信以将其密钥存储,管理和加密操作卸载到HSM的系统和方法。 多个HSM虚拟机(VM)中的每一个与web服务主机/服务器建立安全通信信道,以将其密钥管理和加密操作卸载到专用于支持web服务的HSM的HSM分区。 还可以部署HSM管理VM来监视和管理HSM-VM的操作,以支持多个Web服务主机。
-
3.发明申请SYSTEMS AND METHODS FOR CLOUD-BASED WEB SERVICE SECURITY MANAGEMENT BASEDON HARDWARE SECURITY MODULE 审中-公开基于云的WEB服务安全管理基于硬件安全模块的系统与方法公开(公告)号:US20160149877A1
公开(公告)日:2016-05-26
申请号:US14299739
申请日:2014-06-09
申请人: CAVIUM, INC.
CPC分类号: H04L63/062 , G06F9/45558 , G06F21/602 , G06F21/86 , G06F2009/45587 , G06F2221/2115 , H04L9/0897 , H04L9/3234 , H04L63/0485 , H04L63/168 , H04L67/02 , H04L2209/127
摘要: A new approach is proposed that contemplates systems and methods to support security management for a plurality of web services hosted in a cloud at a data center to offload their crypto operations to one or more hardware security modules (HSMs) deployed in the cloud. Each HSM is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security solution for crypto acceleration of the web services. Each HSM includes multiple partitions, wherein each HSM partition is dedicated to support one of the web service hosts/servers to offload their crypto operations via one of a plurality of HSM virtual machine (VM) over the network. An HSM managing VM can also be deployed to monitor and manage the operations of the HSM-VMs to support a plurality of web services.
摘要翻译: 提出了一种新方法,其中考虑了系统和方法来支持托管在数据中心的云中的多个Web服务的安全管理,以将其加密操作卸载到部署在云中的一个或多个硬件安全模块(HSM)。 每个HSM是一种高性能的联邦信息处理标准(FIPS)140兼容的安全解决方案,用于加密Web服务。 每个HSM包括多个分区,其中每个HSM分区专用于支持一个web服务主机/服务器以通过网络上的多个HSM虚拟机(VM)中的一个卸载其加密操作。 还可以部署HSM管理VM来监视和管理HSM-VM的操作以支持多个Web服务。
-
4.发明申请SYSTEMS AND METHODS FOR OFFLOADING INLINE SSL PROCESSING TO AN EMBEDDED NETWORKING DEVICE 审中-公开用于将嵌入式网络处理的内联网络装置卸载的系统和方法公开(公告)号:US20160352870A1
公开(公告)日:2016-12-01
申请号:US15152164
申请日:2016-05-11
申请人: CAVIUM, INC.
CPC分类号: G06F9/54 , G06F13/4282 , H04L63/168 , H04L67/34
摘要: A new approach is proposed that contemplates systems and methods to support a mechanism to offload all aspects of inline SSL processing of an application running on a server/host to an embedded networking device such as a Network Interface Card (NIC), which serves as a hardware accelerator for all applications running on the server that need to have a secure connection with a remote client device over a network. By utilizing a plurality of its software and hardware features, the embedded networking device is configured to process all SSL operations of the secure connection inline, i.e., the SSL operations are performed as packets are transferred between the host and the client over the network, rather than having the SSL operations offloaded to the NIC, which then returns the packets to the host (or the remote client device) before they can be transmitted to the remote client device (or to the host).
摘要翻译: 提出了一种新方法,其中考虑了支持将服务器/主机上运行的应用程序的内联SSL处理的所有方面卸载到诸如网络接口卡(NIC)的嵌入式网络设备的系统和方法,网络接口卡(NIC) 硬件加速器,用于在需要通过网络与远程客户端设备进行安全连接的服务器上运行的所有应用程序。 通过利用其多个软件和硬件特征,嵌入式网络设备被配置为在线处理安全连接的所有SSL操作,即,当通过网络在主机和客户端之间传送分组时,执行SSL操作,而不是 而不是将SSL操作卸载到NIC,然后将NIC发送到远程客户端设备(或主机)之前将数据包返回给主机(或远程客户端设备)。
-
5.发明申请SYSTEMS AND METHODS FOR SECURED COMMUNICATION HARDWARE SECURITY MODULE AND NETWORK-ENABLED DEVICES 审中-公开用于安全通信硬件安全模块和网络启动设备的系统和方法公开(公告)号:US20150358313A1
公开(公告)日:2015-12-10
申请号:US14829233
申请日:2015-08-18
申请人: CAVIUM, INC.
IPC分类号: H04L29/06
CPC分类号: H04L9/3268 , G06F9/45558 , G06F21/335 , G06F21/602 , G06F2009/45587 , H04L9/321 , H04L63/04 , H04L63/0485 , H04L63/06 , H04L63/0823
摘要: A new approach is proposed that contemplates systems and methods to support security communication between a hardware security module (HSM) and a plurality of network-enabled devices to offload their key storage, management, and crypto operations to the HSM. The HSM includes a plurality of HSM service units, each configured to authenticate one of the network-enabled devices based on its credentials and process the key management and crypto operations offloaded from the network-enabled device once it is authenticated. The HSM service unit also communicates results of the key management and crypto operations back to the network-enabled device via the secured communication channel.
摘要翻译: 提出了一种新的方法,其考虑了系统和方法来支持硬件安全模块(HSM)和多个启用网络的设备之间的安全通信,以将其密钥存储,管理和加密操作卸载到HSM。 HSM包括多个HSM服务单元,每个HSM服务单元被配置为基于其凭证来认证网络启用设备中的一个,并且一旦认证就处理从启用网络的设备卸载的密钥管理和密码操作。 HSM服务单元还通过安全通信信道将密钥管理和密码操作的结果传送回启用网络的设备。
-
6.发明申请SYSTEMS AND METHODS FOR HARDWARE SECURITY MODULE AS CERTIFICATE AUTHORITY FOR NETWORK-ENABLED DEVICES 审中-公开用于网络启动设备的硬件安全模块的系统和方法作为证书颁发机构公开(公告)号:US20160028551A1
公开(公告)日:2016-01-28
申请号:US14849027
申请日:2015-09-09
申请人: CAVIUM, INC.
CPC分类号: H04L9/3268 , G06F9/45558 , G06F21/335 , G06F21/602 , G06F2009/45587 , H04L9/321 , H04L63/04 , H04L63/0485 , H04L63/06 , H04L63/0823
摘要: A new approach is proposed that contemplates systems and methods to support a trusted local certificate authority (CA) running on a hardware security module (HSM), wherein the trusted local CA is configured to issue a certificate to each of a plurality of network-enabled devices for authentication. The HSM further includes a plurality of HSM service units each configured to process key management and crypto operations offloaded from each of the network-enabled devices once it is authenticated. Each of the network-enabled devices is configured to accept its certificate for authentication from the trusted local CA, establish a secured communication channel with the HSM over a network and present the certificate to the HSM in a request for authentication, and offload its key management and crypto operations to one of the HSM service units once the network-enabled device is authenticated.
摘要翻译: 提出了一种考虑用于支持在硬件安全模块(HSM)上运行的受信任的本地证书颁发机构(CA)的系统和方法的新方法,其中所述受信任的本地CA被配置为向多个网络启用的每个发布证书 认证设备。 HSM还包括多个HSM服务单元,每个HSM服务单元被配置为一旦被认证就处理从启用网络的设备中卸载的密钥管理和密码操作。 每个启用网络的设备配置为接受来自可信本地CA的认证证书,通过网络与HSM建立安全通信信道,并在认证请求中将证书呈现给HSM,并卸载其密钥管理 并且一旦启用了网络的设备被认证,则对HSM服务单元之一进行加密操作。
-
7.发明申请SYSTEMS AND METHODS FOR HIGH AVAILABILITY OF HARDWARE SECURITY MODULES FOR CLOUD-BASED WEB SERVICES 审中-公开用于基于云的WEB服务的硬件安全模块的高可用性的系统和方法公开(公告)号:US20150358312A1
公开(公告)日:2015-12-10
申请号:US14723999
申请日:2015-05-28
申请人: CAVIUM, INC.
IPC分类号: H04L29/06
CPC分类号: H04L9/3268 , G06F9/45558 , G06F21/335 , G06F21/602 , G06F2009/45587 , H04L9/321 , H04L63/04 , H04L63/0485 , H04L63/06 , H04L63/0823
摘要: A new approach is proposed to support high availability (HA) of hardware security module (HSM) adapters in an HSM HA domain for web services hosted in a cloud to offload their key storage, management, and crypto operations to the HSM adapters. Each of the HSM adapters is a high-performance, FIPS 140-compliant security solution and includes multiple partitions isolated from each other each dedicated to support one of the web service hosts to offload its key management crypto operations. An HSM managing virtual machine (VM) monitors load information on the operations currently being performed by the HSM partitions in the HSM HA domain and identifies one or more second HSM partitions if a first HSM partition serving the operations is determined to be overloaded. The HSM managing VM then distributes a portion of the offloaded key management and crypto operations from the first HSM partition to the second HSM partitions.
摘要翻译: 提出了一种新方法来支持HSM HA域中的硬件安全模块(HSM)适配器的高可用性(HA),用于托管在云中的Web服务,以将密钥存储,管理和加密操作卸载到HSM适配器。 每个HSM适配器都是高性能,符合FIPS 140标准的安全解决方案,并且包括彼此隔离的多个分区,专用于支持一个Web服务主机卸载其密钥管理加密操作。 HSM管理虚拟机(VM)监视HSM HA域中HSM分区当前正在执行的操作的负载信息,并且如果确定服务于该操作的第一HSM分区被过载,则识别一个或多个第二HSM分区。 然后,HSM管理VM将卸载的密钥管理和加密操作的一部分从第一HSM分区分发到第二HSM分区。
-
8.发明申请SYSTEMS AND METHODS FOR SECURED KEY MANAGEMENT VIA HARDWARE SECURITY MODULE FOR CLOUD-BASED WEB SERVICES 审中-公开用于基于云的WEB服务的硬件安全模块进行安全密钥管理的系统和方法公开(公告)号:US20150358311A1
公开(公告)日:2015-12-10
申请号:US14667238
申请日:2015-03-24
申请人: CAVIUM, INC.
IPC分类号: H04L29/06
CPC分类号: H04L9/3268 , G06F9/45558 , G06F21/335 , G06F21/602 , G06F2009/45587 , H04L9/321 , H04L63/04 , H04L63/0485 , H04L63/06 , H04L63/0823
摘要: A new approach is proposed that contemplates systems and methods to support security management for a plurality of web services hosted in a cloud at a data center to offload their crypto operations to one or more hardware security modules (HSMs) deployed in the cloud. Each HSM is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security solution for crypto acceleration of the web services. Each HSM includes multiple partitions, wherein each HSM partition is dedicated to support one of the web service hosts/servers to offload their key management and crypto operations via one of a plurality of HSM virtual machine (VM) over the network. An HSM managing VM can also be deployed to monitor and manage the operations of the HSM-VMs to support a plurality of web services.
摘要翻译: 提出了一种新方法,其中考虑了系统和方法来支持托管在数据中心的云中的多个Web服务的安全管理,以将其加密操作卸载到部署在云中的一个或多个硬件安全模块(HSM)。 每个HSM是一种高性能的联邦信息处理标准(FIPS)140兼容的安全解决方案,用于加密Web服务。 每个HSM包括多个分区,其中每个HSM分区专用于支持一个Web服务主机/服务器,以通过网络上的多个HSM虚拟机(VM)中的一个卸载其密钥管理和加密操作。 还可以部署HSM管理VM来监视和管理HSM-VM的操作以支持多个Web服务。
-
-
-
-
-
-
-
搜索结果
8 条记录 (耗时 0.016 秒)
