Abstract: The solutions disclosed enable security credentials to be shared between two entities. Embodiments of the present invention can be used to facilitate the transfer security credentials associated with a first level of permission of a first entity to a second entity that does not have the security credentials associated with the first level of permission in response to receiving a request to share security credentials between two entities.

Abstract: The solutions disclosed enable security credentials to be shared between two entities. Embodiments of the present invention can be used to facilitate the transfer security credentials associated with a first level of permission of a first entity to a second entity that does not have the security credentials associated with the first level of permission in response to receiving a request to share security credentials between two entities.

Abstract: The solutions disclosed enable security credentials to be shared between two entities. Embodiments of the present invention can be used to facilitate the transfer security credentials associated with a first level of permission of a first entity to a second entity that does not have the security credentials associated with the first level of permission in response to receiving a request to share security credentials between two entities.

Abstract: Embodiments are directed to a computer-implemented method and system, and for setting a minimum key strength in a key hierarchy. The method and system can include the use of a key strength keyword that set a minimum key strength for a plurality of key classes. The setting of a key strength lower than that set forth in the key strength command is prohibited. The key classes can include DES keys, AES keys, HMAC keys, RSA PKI keys, RSA usage keys, RSA key generation keys, ECC PKI keys, ECC usage keys, and ECC key generation keys. A multi-dimension key hierarchy, including a master key and a key that is derived through the use of a key derivation function is also described herein.

Abstract: Embodiments are directed to a computer-implemented method and system for generating a transport key. A method can include generating, using a processor, a key agreement pair comprising a public agreement key and a private agreement key in a second element. Thereafter, generating, using the processor, a transport key based on the public agreement key in a first element. Then sending, using the processor, an information blob to the second element. Finally, independently generating, using the processor, the transport key in the second element using the information blob and the private agreement key. The transport key can thereafter be used to send information securely between the first and second elements.

Abstract: Embodiments are directed to a computer-implemented method, computer system, and computer program product for creating a public key token. A public key and private key are generated, using a master key. A set of permissions is received for the public key and private key that note the allowable uses for the public key and private key. Thereafter, the set of permissions, encrypted public key, and other associated information is placed in a public key token.

Abstract: Embodiments include method, systems and computer program products for secure logging of host security module. In some embodiments, an event may be received. The event may include data to be written to a secure log file. A hash may be generated using data of the event. The hash may be stored in a first field of an event record associated with the event. The event record may be stored in the secure log file. The hash may be stored in a second field of a next event record in the secure log file.

Abstract: Embodiments are directed to a computer-implemented method and system for generating a transport key. A method can include generating, using a processor, a key agreement pair comprising a public agreement key and a private agreement key in a second element. Thereafter, generating, using the processor, a transport key based on the public agreement key in a first element. Then sending, using the processor, an information blob to the second element. Finally, independently generating, using the processor, the transport key in the second element using the information blob and the private agreement key. The transport key can thereafter be used to send information securely between the first and second elements.

Abstract: The solutions disclosed enable security credentials to be shared between two entities. Embodiments of the present invention can be used to facilitate the transfer security credentials associated with a first level of permission of a first entity to a second entity that does not have the security credentials associated with the first level of permission in response to receiving a request to share security credentials between two entities.

Abstract: The solutions disclosed enable security credentials to be shared between two entities. Embodiments of the present invention can be used to facilitate the transfer security credentials associated with a first level of permission of a first entity to a second entity that does not have the security credentials associated with the first level of permission in response to receiving a request to share security credentials between two entities.

Abstract: Embodiments are directed to a computer-implemented method and system, and for setting a minimum key strength in a key hierarchy. The method and system can include the use of a key strength keyword that set a minimum key strength for a plurality of key classes. The setting of a key strength lower than that set forth in the key strength command is prohibited. The key classes can include DES keys, AES keys, HMAC keys, RSA PKI keys, RSA usage keys, RSA key generation keys, ECC PKI keys, ECC usage keys, and ECC key generation keys. A multi-dimension key hierarchy, including a master key and a key that is derived through the use of a key derivation function is also described herein.

Abstract: Embodiments include method, systems and computer program products for secure logging of host security module. In some embodiments, an event may be received. The event may include data to be written to a secure log file. A hash may be generated using data of the event. The hash may be stored in a first field of an event record associated with the event. The event record may be stored in the secure log file. The hash may be stored in a second field of a next event record in the secure log file.

Abstract: Embodiments are directed to a computer-implemented method, computer system, and computer program product for creating a public key token. A public key and private key are generated, using a master key. A set of permissions is received for the public key and private key that note the allowable uses for the public key and private key. Thereafter, the set of permissions, encrypted public key, and other associated information is placed in a public key token.

Abstract: Embodiments are directed to a computer-implemented method, computer system, and computer program product for creating a public key token. A public key and private key are generated, using a master key. A set of permissions is received for the public key and private key that note the allowable uses for the public key and private key. Thereafter, the set of permissions, encrypted public key, and other associated information is placed in a public key token.

Abstract: A session key is negotiated to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: A session key is negotiated to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.