Identity based hierarchical sessions

    公开(公告)号:GB2630336A

    公开(公告)日:2024-11-27

    申请号:GB202307761

    申请日:2023-05-24

    Applicant: IBM

    Abstract: A computer-implemented method, for establishing identity-based hierarchical sessions on a hardware security module (HSM) for binding secure keys to a guest system, comprises: establishing a communication channel between the guest system and the HSM 102, wherein the communication channel is identity-based, end-to-end and encrypted, thereby establishing a session; transferring login information of the guest system through the communication channel to the HSM 104; maintaining a predefined security level throughout a hierarchy of the sessions 106, wherein no child session has a higher security level than its parent session; and performing a challenge-response protocol based on a session ownership verification with the guest 108, such that an HSM generated and secured key is bound to an associated session. The guest system may be executed on a hypervisor. Establishing the communication session may be based on a public/private key pair of said HSM and a transmitted code allowing the derivation of a symmetrical encryption/decryption key based on a Diffie-Hellman algorithm.

Patent Agency Ranking