System for providing end-to-end protection against network-based attacks

US 10,601,790 B2
Filed: 06/24/2019
Issued: 03/24/2020
Est. Priority Date: 10/16/2015
Status: Active Grant

First Claim

Patent Images

1. A system for double-encrypting data comprising:

a node system, wherein the node system comprises a security key management system, a first key management system, and a processing server, wherein the first key management system stores a first set of security keys, and wherein the security key management system stores a second set of security keys; and

a user system external to the node system that comprises a second key management system that communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the second key management system stores the first set of security keys,wherein the user system comprises first instructions that, when executed, cause the user system to;

encrypt user data stored locally in the user system using a security key in the first set of security keys provided by the second key management system to form encrypted user data, andtransmit the encrypted user data to a network manager system via a public network, wherein the network manager system is configured to encrypt the encrypted user data using a second security key in the second set of security keys provided by the security key management system via a private network to form double-encrypted user data for transmission to the node system via the private network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data.

Citations

20 Claims

1. A system for double-encrypting data comprising:
- a node system, wherein the node system comprises a security key management system, a first key management system, and a processing server, wherein the first key management system stores a first set of security keys, and wherein the security key management system stores a second set of security keys; and
  
  a user system external to the node system that comprises a second key management system that communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the second key management system stores the first set of security keys,wherein the user system comprises first instructions that, when executed, cause the user system to;
  
  encrypt user data stored locally in the user system using a security key in the first set of security keys provided by the second key management system to form encrypted user data, andtransmit the encrypted user data to a network manager system via a public network, wherein the network manager system is configured to encrypt the encrypted user data using a second security key in the second set of security keys provided by the security key management system via a private network to form double-encrypted user data for transmission to the node system via the private network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein the first instructions, when executed, further cause the user system to transmit an instruction to the node system to process the user data.
  - 3. The system of claim 2, wherein second instructions, when executed, cause the node system to:
    - decrypt the double-encrypted user data using the second security key provided by the security key management system to form second encrypted user data;
      
      decrypt the second encrypted user data using a third security key in the first set of security keys provided by the first key management system to form decrypted user data; and
      
      process, by the processing server, the decrypted user data in response to receiving the instruction to form processed user data.
  - 4. The system of claim 3, wherein the second instructions, when executed, further cause the node system to:
    - encrypt the processed user data using the third security key to form encrypted processed user data;
      
      encrypt the encrypted processed user data using the second security key to form double-encrypted processed user data; and
      
      transmit the double-encrypted processed user data to the network manager system via the private network.
  - 5. The system of claim 4, wherein the network manager system is further configured to decrypt the double-encrypted processed user data using the second security key to form single-encrypted processed user data for transmission to the user system via the public network.
  - 6. The system of claim 3, wherein the third security key is the security key.
  - 7. The system of claim 6, wherein the second key management system transmits the security key to the first key management system via the public network and the private network.
  - 8. The system of claim 6, wherein the second key management system transmits information associated with the security key to the first management system via the public network and the private network such that the first key management system can generate the security key.
  - 9. The system of claim 2, wherein the instruction comprises one of an instruction to aggregate the user data, an instruction to identify trends in the user data, or an instruction to filter the user data.
  - 10. The system of claim 1, wherein network manager system is further configured to block data packets from being transmitted via the private network if the data packets are not encrypted.
  - 11. The system of claim 1, wherein the first key management system is associated with the user system.
  - 12. The system of claim 1, further comprising:
    - a second user system in communication with the network manager via the public network, wherein the second user system comprises a third key management system, wherein the second user system comprises second instructions that, when executed, cause the second user system to;
      
      encrypt second user data stored locally in the second user system using a third security key provided by the third key management system to form encrypted second user data, andtransmit the encrypted second user data to the network manager system.
  - 13. The system of claim 12, wherein the network manager system is further configured to encrypt the encrypted second user data using the second security key to form double-encrypted second user data for transmission to the node system.

14. A computer-implemented method for double-encrypting data, the computer-implemented method comprising:
- encrypting user data stored locally in a user system using a security key in a first set of security keys provided by a first key management system of the user system to form encrypted user data, wherein the first key management system stores the first set of security keys; and
  
  transmitting the encrypted user data to an intermediary system via a public network, wherein the intermediary system is configured to encrypt the encrypted user data using a second security key in a second set of security keys provided by a security key management system of a node system via a private network to form double-encrypted user data for transmission to the node system via the private network,wherein the node system comprises the security key management system, a second key management system, and a processing server, wherein the second key management system stores the first set of security keys and communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the security key management system stores the second set of security keys.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer-implemented method of claim 14, further comprising transmitting an instruction to the node system to process the user data.
  - 16. The computer-implemented method of claim 15, wherein the node system is configured to:
    - decrypt the double-encrypted user data using the second security key provided by the security key management system to form second encrypted user data;
      
      decrypt the second encrypted user data using a third security key in the first set of security keys provided by the second key management system to form decrypted user data; and
      
      process, by the processing server, the decrypted user data in response to receiving the instruction to form processed user data.
  - 17. The computer-implemented method of claim 16, wherein the node system is further configured to:
    - encrypt the processed user data using the third security key to form encrypted processed user data;
      
      encrypt the encrypted processed user data using the second security key to form double-encrypted processed user data; and
      
      transmit the double-encrypted processed user data to the intermediary system via the private network.
  - 18. The computer-implemented method of claim 17, wherein the intermediary system is further configured to decrypt the double-encrypted processed user data using the second security key to form single-encrypted processed user data for transmission to the user system via the public network.
  - 19. The computer-implemented method of claim 16, wherein the third security key is the security key.

20. Non-transitory, computer-readable storage media comprising computer-executable instructions that, when executed, cause a user system to:
- encrypt user data stored locally in the user system using a security key in a first set of security keys provided by a first key management system of the user system to form encrypted user data, wherein the first key management system stores the first set of security keys; and
  
  transmit the encrypted user data to an intermediary system via a public network, wherein the intermediary system is configured to encrypt the encrypted user data using a second security key in a second set of security keys provided by a security key management system of a node system via a private network to form double-encrypted user data for transmission to the node system via the private network,wherein the node system comprises the security key management system, a second key management system, and a processing server, wherein the second key management system stores the first set of security keys and communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the security key management system stores the second set of security keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ORock Technologies, Inc.
Original Assignee
ORock Technologies, Inc.
Inventors
Leon, John
Primary Examiner(s)
Tran, Tri M

Application Number

US16/450,597
Publication Number

US 20190312850A1
Time in Patent Office

274 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 63/06   for supporting key manageme...

H04L 67/1097   for distributed storage of ...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3252   using DSA or related signat...

H04L 9/3263   involving certificates, e.g...

System for providing end-to-end protection against network-based attacks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for providing end-to-end protection against network-based attacks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links