主权项 |
1. A method of negotiating a session key to secure a user session executed in a host computer, the method comprising:
generating, by an electronic hardware security module (HSM) located in the host computer, a first session key; generating, by an electronic smart card, a second session key that matches the first session key; encrypting a copy of the second session key based on encryption information provided by the HSM to generate an encrypted session key and communicating the encrypted session key to an electronic host application module installed in the host computer; decrypting, by the electronic host application module, the encrypted session key to obtain the copy of the second session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another; generating, by the electronic smart card, a non-ephemeral ECC key having a smart card private portion and a smart card public portion; generating, by the electronic host application module, a first ephemeral ECC key having a host application public portion and a host application private portion; and generating, by the electronic HSM, a second ephemeral ECC key having a HSM public portion and an HSM private portion, wherein the second session key is based on the smart card private portion, the smart card public portion and the HSM public portion, and the first session key is based on the smart card public portion, the HSM public portion and the HSM private portion. |