Securing content—in particular in enterprise computing—continues to be one of the most important topics on a CIO's (chief information officer) agenda. In the meantime, encryption of data—in particular in cloud computing environments—has become standard now. However, in order to re-access the data—e.g., the encrypted data—a decryption key is required. Therefore, the decryption key becomes the security bottleneck. Once a decryption key has gotten into the wrong hands, the previously protected data may no longer be protected, because unwanted access via a stolen key may be possible. Central management of encryption and decryption keys may be one option to address the problem; however, it may also represent a vulnerability, because it may provide an obvious target for intruders.
In some environments, data access keys in the form of protected keys are used to secure the data access keys themselves. Protected keys are keys encrypted by a volatile key encryption key (KEK) of a CPU/firmware (FW) which cannot be accessed in plaintext form by the operating system and which becomes invalid at certain events (e.g., system boot).
Currently, (re-)generating protected keys in a secure manner requires a hardware security module (HSM) that is tightly coupled to the CPU/FW which may be implemented together with an IBM z System and an IBM Crypto Express adapter. However, tightly coupled HSMs are expensive and are restricted in number, e.g., by a limited number of I/O slots for crypto adapters in a computing system, in particular in mainframe computing systems. Thus, there continues to be a need for a trusted management system for protected keys, without a central point of control which may be vulnerable to intrusion attempts.