主权项 |
1. A system for offloading key storage, management, and crypto operations for cloud-based web services, comprising:
a hardware security module (HSM), comprising one or more HSM partitions, wherein each of the HSM partitions is configured to perform key management and crypto operations for a web service host; an HSM managing virtual machine (VM) running on a host, which in operation, is configured to create one or more HSM virtual machines (HSM-VMs), wherein each of the HSM-VMs is authenticated by and dedicated to one of the HSM partitions of the HSM in a one-to-one correspondence; said one or more HSM-VMs running on a host, which in operation, is each configured to:
establish a secured communication channel over a network between the web service host and the HSM-VM to be served by an HSM partition dedicated to the HSM-VM;receive and provide a request and/or data from the web service host to the HSM partition via the secured communication channel; andprovide results of the key management and crypto operations by the HSM partition back to the web service host via the secured communication channel. |