Method of manufacturing secure boxes in a key management system

Abstract

A method of manufacturing a secure box in a Key Management System that includes a plurality of functionally distinct secure boxes initializes a first manufacturing box if one does not exist. The method creates in a manufacturing box at least one logical security domain including encryption keys needed to perform Key Management System processes within the domain, and provides a target secure box with the capability to perform at least one Key Management System function from a plurality of functions required by the Key Management System. The method authenticates the target secure box to the manufacturing box, installs a unique secure box identification in the target secure box, and creates at least one logical security domain in the target secure box corresponding to a logical security domain in the manufacturing box. The method sends a command from a Key Management System computer to initialize the target secure box to perform a domain process for at least one of Key Management System functions provided within the target secure box, and initializes the target secure box in each domain process indicated in the command from the Key Management System computer. The method installs in the target secure box the encryption keys required to perform a key generation process within the domain. For example, target secure box may be provided with at least one of a key verification function, a key installation function, a token verification function, a key registration function, or a secure box manufacturing function.