Browse Prior Art Database

Method and System for Providing a Signing Service

IP.com Disclosure Number: IPCOM000249354D
Publication Date: 2017-Feb-20
Document File: 3 page(s) / 53K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method and system is disclosed that provides a signing service that is built on top of a web service and a hardware security module (HSM). The signing service enables users to create RSA signatures and to download X.509 certificates via RESTful Web Service Application Programming Interface (API) available on the server.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

1

Method and System for Providing a Signing Service

Usually, users store RSA private keys in a local file defined by PKCS #12. PKCS# 12 defined the file format to store RSA private keys in the file system.

In another scenario, users utilize a hardware security module (HSM) for storing the private keys. The HSM is not designed to be used in a distributed environment. The signing performance is also confined by CPU performance on the system which performs the operation.

However, when users in different geography sites want to share the private keys, it is difficult to maintain the private keys in a file or a HSM. In the case of HSM, users have to purchase multiple crypto cards for each site which is more powerful and secure for storing the private keys. Also, the HSM device sometimes can only be installed in certain architectures that limits usage of HSM technology and is difficult to scale due to higher cost.

Thus, there is a need for a method and system that provides a signing service to resolve the aforementioned problems.

Disclosed is method and system that provides a signing service that is built on top of a web service and HSM. The signing service enables users to create RSA signatures and to download X.509 certificates via RESTful Web Service Application Programming Interface (API) available on the server.

A Peripheral Component Interconnect Express (PCIe) card stores the private keys and performs the signing operation. Users can choose any preferred programming languages for the signing service as long as it supports Hypertext Transfer Protocol Secure (HTTPS).

Figures 1 and 2 illustrate the various components of the method and system disclosed herein in accordance with an embodiment.

2

Figure 1

Figure 2

As illustrated in Figures 1 and 2, the signing server is accessed by multiple users and includes three components namely, a web service application, a CNM JNI and PCIe crypto ca...