公开(公告)号：GB2630336A

公开(公告)日：2024-11-27

申请号：GB202307761

申请日：2023-05-24

Applicant: IBM

Inventor： VOLKER URBAN ,  TAMAS VISEGRADY ,  REINHARD BUENDGEN ,  MICHAEL HOCKER ,  ERIC DAVID ROSSMAN

IPC: H04L9/08

Abstract: A computer-implemented method, for establishing identity-based hierarchical sessions on a hardware security module (HSM) for binding secure keys to a guest system, comprises: establishing a communication channel between the guest system and the HSM 102, wherein the communication channel is identity-based, end-to-end and encrypted, thereby establishing a session; transferring login information of the guest system through the communication channel to the HSM 104; maintaining a predefined security level throughout a hierarchy of the sessions 106, wherein no child session has a higher security level than its parent session; and performing a challenge-response protocol based on a session ownership verification with the guest 108, such that an HSM generated and secured key is bound to an associated session. The guest system may be executed on a hypervisor. Establishing the communication session may be based on a public/private key pair of said HSM and a transmitted code allowing the derivation of a symmetrical encryption/decryption key based on a Diffie-Hellman algorithm.