Abstract: Method, apparatus and program storage device that provides a distributed file serving architecture with metadata storage virtualization and data access at the data server connection speed is provided. A host issues a file access request including data target locations. The file access request including data target locations is processed. Remote direct memory access (RDMA) channel endpoint connection are issued in response to the processing of the file access request. An RDMA transfer of the file-block data associated with the file access request is made directly between a memory at the host and a data server.

Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: A method, computer program product, and system for selecting and generating a key to perform a cryptographic operation are described. The method includes receiving one or more inputs representing criteria for the key, the one or more inputs excluding an explicit identification of the key and one of the one or more inputs specifying the cryptographic operation; retrieving, from a memory device, information corresponding with the one or more inputs; selecting and generating the key based on the one or more inputs and the information; and performing the cryptographic operation using the key.

Abstract: According to one embodiment, a method for implementing secure key management is provided. The method includes populating a section of information associated with a key, the section being populated with information relating to how the key was created. The method also includes populating the section with information relating to how the key was acquired by a secure module; and binding the section to the key, wherein the key is encrypted.

Abstract: According to one embodiment, a method for implementing computer security is provided. The method includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method. The method also includes wrapping the key material and binding key control information to the key material in the token, wherein the key control information includes information relating to usage and management of the key material.

Abstract: A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.

Abstract: Embodiments relate to wrapping of a common cryptographic architecture (CCA) key token. An aspect includes wrapping, by an exporting computer, the CCA key token using a key wrapping export function, the CCA key token comprising a CCA key data section and an unencrypted control vector. Another aspect includes splitting the control vector into a first control vector portion and a second control vector portion. Another aspect includes encrypting the CCA key data section and the first control vector portion using an key encrypting key (KEK) to generate a wrapped key block. Another aspect includes binding the second control vector portion to the wrapped key block to form an associated data section, wherein the associated data section is not encrypted, and wherein the wrapped key block and the associated data section comprise a wrapped key token.

Abstract: Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another.

Abstract: A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block.

Abstract: Embodiments relate to wrapping of a common cryptographic architecture (CCA) key token. An aspect includes wrapping, by an exporting computer, the CCA key token using a key wrapping export function, the CCA key token comprising a CCA key data section and an unencrypted control vector. Another aspect includes splitting the control vector into a first control vector portion and a second control vector portion. Another aspect includes encrypting the CCA key data section and the first control vector portion using an key encrypting key (KEK) to generate a wrapped key block. Another aspect includes binding the second control vector portion to the wrapped key block to form an associated data section, wherein the associated data section is not encrypted, and wherein the wrapped key block and the associated data section comprise a wrapped key token.

Abstract: A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for performing a method. The method includes initially verifying a presence of parameters passed to a parameter database and that a selected group of the parameters are greater than or equal to zero, parsing optional block data to validate the optional block data, determine a length thereof and a number of optional blocks contained therein and proceeding with one of a secondary info-parsing and a secondary data-parsing operation with respect to the optional block data in accordance with content of the parameters passed to the parameter database.

Abstract: A system includes a processor configured to perform a method, the method comprising receiving a first key token, second key token and a request to combine the first key token with the second key token, identifying a key type of the first key token and a key type of the second key token, determining whether the key type of the first key token may be combined with the key type of the second key token, combining the first key token with the second key token to create a third key token responsive to determining that the key type of the first key token may be combined with the key type of the second key token, and outputting the third key token.

Abstract: A method for creating a key token includes receiving a first key token, second key token and a request to combine the first key token with the second key token, identifying a key type of the first key token and a key type of the second key token, determining whether the key type of the first key token may be combined with the key type of the second key token, combining the first key token with the second key token to create a third key token responsive to determining that the key type of the first key token may be combined with the key type of the second key token, and outputting the third key token.

Abstract: Secure key management includes populating a section of information associated with a key, the section of information being populated with information relating to a level of protection of the key accumulated over time. Secure key management further includes securely binding the section of information to the key, wherein the key is encrypted.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material.

Abstract: A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method. The method includes creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to management of the key material populating one or more key management fields that define attributes that limit distribution of the key material.

Abstract: A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block.