Patent attributes
A cryptography service provides an interface layer between an application and a cryptographic device, such as a hardware security module, trusted platform module, or cryptoprocessor that includes non-exportable tamper-resistant memory. A translation layer is provided between the customer application and the load-balancing service that accepts requests from the client application in a first protocol, such as KMIP, and converts the requests into a second protocol that is compatible with the cryptographic device. Results that are returned from the cryptographic device are translated and returned in accordance with the first protocol. In an embodiment, the cryptographic devices may be arranged in a cluster configuration where each cryptographic device stores a matching set of cryptographic keys, and a load-balancing service acts as an interface to the cluster of cryptographic devices.
