Management of secret data items used for server authentication

Assignee

• International Business Machines Corporation · US

Inventors

• Michael Baentsch · Thalwil, CH
• Harold D. Dykeman · Thalwil, CH
• Michael Charles Osborne · Richterswil, CH
• Tamas Visegrady · Zürich, CH

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/76
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A security device (6) is provided for facilitating management of secret data items such as cryptographic keys which are used by a remote server (2) to authenticate operations of the server (2). The device (6) has a user interface (13), control logic (16) and a computer interface (11) for connecting the device (6) to a local user computer (5) for communication with the remote server (2) via a data communications network (3). The control logic is adapted to establish via the user computer (5) a mutually-authenticated connection for encrypted end-to-end communications between the device (6) and server (2). In a backup operation, the secret data items are received from the server (2) via this connection. The control logic interacts with the user via the user interface (13) to obtain user authorization to backup secret data items and, in response, stores the secret data items in memory (10). To restore secret data items to the server, the control logic interacts with the user via the user interface (13) to obtain user authorization to restore secret data items and, in response, sends the secret data items to the server (2) via said connection.