Controlled use of a hardware security module

Assignee

• International Business Machines Corporation · US

Inventors

• Volker Boenisch · Eppelheim, DE
• Reinhard T. Buendgen · Lörrach, DE
• Franziska Geisert · Altdorf, DE
• Jakob C. Lang · Altdorf, DE
• Mareike Lattermann · Stuttgart, DE
• Angel Nunez-Mencias · Eppelheim, DE

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/062
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Methods are provided for using a hardware module connectable to multiple computer systems, where the multiple computer systems are connectable to a server within a common network. The method includes: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module; providing a private key in the persistent memory of the hardware security module; and based on the hardware security module being connectable to one of the computer systems, the method includes: establishing a secure connection between the hardware security module and the server; retrieving, via the secure connection, a wrapping key from the server and storing it in volatile memory of the hardware security module; and decrypting the encrypted secret entity with the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module.