DUNDANTEN UND FLEXIBELEN DIENSTEN

摘要

A cryptographic system (200) providing redundant and resilient cryptographic services to a computer system (120). Upon receiving a request for cryptographic services, a cryptographic services interface (207) running on a first operating environment (210) processes the request. The cryptographic services interface (207) is initialized with information specific to available operating environments (220, 230, 240) connected to the first operating environment (210) over a secure connection (124) and maintains communication protocols for various communication interfaces in the other alternate operating environments (220, 230, 240) accessible over the secure connection (124). The cryptographic services interface (207) communicates with the alternate operating environments (220, 230, 240) over communication dialogs (e.g. TCP protocol) (245, 249, 251). When processing the cryptographic service requests, the cryptographic services interface (207) facilitates the creation of cryptographic services sessions (261, 263, 265, 267) between the requestor (203, 205) and the desired cryptographic services (223, 224, 243) running on the alternate operating environments (220, 230, 240). In turn, the cryptographic services perform cryptographic functions, such as encryption, decryption, digital signing, verification, message digest creation, and random number generation on received requests. Once processed, requests are communicated back over the secure connection (124) to the requestor (203, 205) for use. The cryptographic system further monitors and stores information about the processing performed by the cryptographic services (223, 224, 243) that utilize state information when processing. Monitoring may entail processing such that if cryptographic services fail or malfunction during processing, the failed request may be re-submitted to the cryptographic services interface (207) to establish a new independent cryptographic services session (267) with cryptographic services (243) performing the same cryptographic function running on another available operating environment (240). This process allows for distributed, redundant, and resilient processing of requests for cryptographic services.