News Column

Patent Issued for Virtualization of Cryptographic Keys

August 19, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- A patent by the inventor Yeh, Phil C. (Poughkeepsie, NY), filed on October 19, 2012, was published online on August 5, 2014, according to news reporting originating from Alexandria, Virginia, by VerticalNews correspondents.

Patent number 8798267 is assigned to International Business Machines Corporation (Armonk, NY).

The following quote was obtained by the news editors from the background information supplied by the inventors: "This invention relates, in general, to processing within a virtual computing environment, and in particular, to providing security within that environment.

"One aspect of providing security within the virtual environment is to protect cryptographic keys used in cryptographic operations performed by a crypto device. In one example, these keys are protected via encryption. For instance, a cryptographic key is encrypted under a master key providing an encrypted cryptographic key. The master key is kept inside the security boundary of the crypto device. The encrypted cryptographic key can be stored outside the security boundary of the crypto device and is then used in cryptographic operations.

"A single processor system has one set of master keys associated therewith. That is, the single processor system has a master key for each type of cryptographic keys. However, in a partitioned environment, there is one set of master keys for each zone or partition."

In addition to the background information obtained for this patent, VerticalNews journalists also obtained the inventor's summary information for this patent: "Although each partition in a partitioned system has its own set of master keys, those keys are traditionally shared by all virtual systems within that partition. As used herein, each virtual system is a computing system running in a virtual environment. It includes, for instance, the resources (e.g., one or more CPUs, memory, I/O, etc.) under control of a guest operating system, such as Linux. Thus, the term 'guest' refers to a virtual system. In an effort to enhance security, it is desired that each guest has its own set of virtual master keys. Thus, a need exists for a capability to provide separate virtual keys for each guest executing within a partition.

"Additionally, a need exists for a capability to virtualize keys other than master keys, such as other cryptographic keys or other keys.

"The shortcomings of the prior art are overcome and additional advantages are provided through the provision of a computer program product for virtualizing cryptographic keys in a virtual computing environment having a hierarchy including a host and one or more layers of guests, wherein a layer corresponds to a virtualization level. The computer program product comprises a non-transitory storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes, for instance, obtaining, by a processor, a cryptographic key; and generating a virtual cryptographic key using an operation, the cryptographic key and a mask, wherein the mask used is dependent on the virtualization level of a guest for which the virtual cryptographic key is being generated.

"Methods and systems relating to one or more aspects of the present invention are also described and claimed herein. Further, services relating to one or more aspects of the present invention are also described and may be claimed herein.

"Additional features and advantages are realized through the techniques of the present invention. Other embodiments and aspects of the invention are described in detail herein and are considered a part of the claimed invention."

URL and more information on this patent, see: Yeh, Phil C.. Virtualization of Cryptographic Keys. U.S. Patent Number 8798267, filed October 19, 2012, and published online on August 5, 2014. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=8798267.PN.&OS=PN/8798267RS=PN/8798267

Keywords for this news article include: Information Technology, Information and Cryptography, International Business Machines Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters