Deploying a system-specific secret in a highly resilient computer system

Assignee

• International Business Machines Corporation · US

Inventors

• Reinhard T. Buendgen · Lörrach, DE
• Brian W. Stocker · Port Ewen, US
• Nicolas Maeding · Holzgerlingen, DE
• Jonathan D. Bradbury · Poughkeepsie, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3247
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A computer-implemented method for providing a system-specific secret to a computing system having a plurality of computing components is disclosed. The method includes storing permanently a component-specific import key as part of a computing component and storing the component-specific import key in a manufacturing-side storage system. Upon a request for the system-specific secret for a computing system, the method includes identifying the computing component comprised in the computing system, retrieving a record relating to the identified computing component, determining the system-specific secret protected by a hardware security module and determining a system-specific auxiliary key. Furthermore, the method includes encrypting the system-specific auxiliary key with the retrieved component-specific import key, thereby creating a auxiliary key bundle, encrypting the system-specific secret and storing the auxiliary key bundle and a system record in a storage medium of the computing system.