System for providing end-to-end protection against network-based attacks
First Claim
Patent Images
1. A system for double-encrypting data comprising:
- a node system, wherein the node system comprises an encryption key management system, a first user encryption key management system, and a processing server, wherein the first user encryption key management system comprises a first enterprise key management system that stores a first set of encryption keys, a first local key management system that manages transfers of the first set of encryption keys to a first self-encrypting drive, and the first self-encrypting drive, and wherein the encryption key management system comprises a second enterprise key management system that stores a second set of encryption keys;
a network manager system comprising computer hardware, wherein the network manager system is external to the node system and is in communication with the node system via a private network, and wherein the network manager system serves as an interface between the private network and a public network; and
a user system in communication with the network manager via the public network, wherein the user system is external to the node system and comprises a second user encryption key management system that communicates with the first user encryption key management system to facilitate key exchange between the first user encryption key management system and the second user encryption key management system, and wherein the second user encryption key management system comprises a third enterprise key management system that stores the first set of encryption keys, a second local key management system that manages transfers of the first set of encryption keys to a second self-encrypting drive, and the second self-encrypting drive,wherein the user system comprises first instructions that, when executed, cause the user system to;
encrypt user data stored in the second self-encrypting drive using an encryption key in the first set of encryption keys provided by the third enterprise key management system to form encrypted user data, andtransmit the encrypted user data to the network manager system via the public network, andwherein the network manager system comprises second instructions that, when executed, cause the network manager system to;
encrypt the encrypted user data using a second encryption key in the second set of encryption keys provided by the second enterprise key management system via the private network to form double-encrypted user data, andtransmit the double-encrypted user data to the node system via the private network.
2 Assignments
0 Petitions
Accused Products
Abstract
A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data.
-
Citations
20 Claims
-
1. A system for double-encrypting data comprising:
-
a node system, wherein the node system comprises an encryption key management system, a first user encryption key management system, and a processing server, wherein the first user encryption key management system comprises a first enterprise key management system that stores a first set of encryption keys, a first local key management system that manages transfers of the first set of encryption keys to a first self-encrypting drive, and the first self-encrypting drive, and wherein the encryption key management system comprises a second enterprise key management system that stores a second set of encryption keys; a network manager system comprising computer hardware, wherein the network manager system is external to the node system and is in communication with the node system via a private network, and wherein the network manager system serves as an interface between the private network and a public network; and a user system in communication with the network manager via the public network, wherein the user system is external to the node system and comprises a second user encryption key management system that communicates with the first user encryption key management system to facilitate key exchange between the first user encryption key management system and the second user encryption key management system, and wherein the second user encryption key management system comprises a third enterprise key management system that stores the first set of encryption keys, a second local key management system that manages transfers of the first set of encryption keys to a second self-encrypting drive, and the second self-encrypting drive, wherein the user system comprises first instructions that, when executed, cause the user system to; encrypt user data stored in the second self-encrypting drive using an encryption key in the first set of encryption keys provided by the third enterprise key management system to form encrypted user data, and transmit the encrypted user data to the network manager system via the public network, and wherein the network manager system comprises second instructions that, when executed, cause the network manager system to; encrypt the encrypted user data using a second encryption key in the second set of encryption keys provided by the second enterprise key management system via the private network to form double-encrypted user data, and transmit the double-encrypted user data to the node system via the private network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for double-encrypting data comprising:
-
a node system, wherein the node system comprises a processing server, a first enterprise key management system that stores a first set of encryption keys, and a second enterprise key management system that stores a second set of encryption keys; a network manager system comprising computer hardware, wherein the network manager system is external to the node system and is in communication with the node system via a private network, and wherein the network manager system serves as an interface between the private network and a public network; and a user system in communication with the network manager via the public network, wherein the user system is external to the node system and comprises a third enterprise key management system that stores the first set of encryption keys and a self-encrypting drive, wherein the third enterprise key management system communicates with the first enterprise key management system to facilitate key exchange between the third enterprise key management system and the first enterprise key management system, and wherein the first enterprise key management system is associated with the user system, wherein the user system comprises first instructions that, when executed, cause the user system to; encrypt user data stored in the self-encrypting drive using an encryption key in the first set of encryption keys provided by the third enterprise key management system to form encrypted user data, and transmit the encrypted user data to the network manager system via the public network, and wherein the network manager system comprises second instructions that, when executed, cause the network manager system to; encrypt the encrypted user data using a second encryption key in the second set of encryption keys provided by the second enterprise key management system via the private network to form double-encrypted user data, and transmit the double-encrypted user data to the node system via the private network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification