One or more aspects relate generally to assigning at least one out of a plurality of hardware security modules to a guest system, and particularly to an assignment method, a related assignment system, and a computer program product.
In today's computer systems and information transport networks, cryptographic elements are important technological components. Information may be stored or transmitted in a cryptographically secured form in order to avoid unauthorized access to the information stored or transmitted. In some cases, pure software-based techniques may be used and, in other cases, hardware support and security specific elements may be used to perform such data protection. In some cases, these specific elements are named hardware security modules (HSMs) which may be used as part of a computer or an information transmission system. Such a hardware security module may include specific circuitries in order to provide functions for data encryption and data decryption. The function may also include generating and storing cryptographic keys for a use of guest systems.
There are several disclosures related to a method for assigning at least one out of a plurality of hardware security modules to a guest system. For example, document U.S. Pat. No. 8,811,223 B2, which is hereby incorporated by reference herein in its entirety, discloses systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines and operate on a multi-core processing system.
A typical limitation of conventional technologies is that a mapping of hardware security modules to functions and programs is assumed to be a given fact. A manual assignment process may be required.