System for providing end-to-end protection against network-based attacks
First Claim
Patent Images
1. A system for double-encrypting data comprising:
- a node system, wherein the node system comprises a security key management system, a first key management system, and a processing server, wherein the first key management system stores a first set of security keys, and wherein the security key management system stores a second set of security keys; and
a user system external to the node system that comprises a second key management system that communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the second key management system stores the first set of security keys,wherein the user system comprises first instructions that, when executed, cause the user system to;
encrypt user data stored locally in the user system using a security key in the first set of security keys provided by the second key management system to form encrypted user data, andtransmit the encrypted user data to a network manager system via a public network, wherein the network manager system is configured to encrypt the encrypted user data using a second security key in the second set of security keys provided by the security key management system via a private network to form double-encrypted user data for transmission to the node system via the private network.
0 Assignments
0 Petitions
Accused Products
Abstract
A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data.
-
Citations
20 Claims
-
1. A system for double-encrypting data comprising:
-
a node system, wherein the node system comprises a security key management system, a first key management system, and a processing server, wherein the first key management system stores a first set of security keys, and wherein the security key management system stores a second set of security keys; and a user system external to the node system that comprises a second key management system that communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the second key management system stores the first set of security keys, wherein the user system comprises first instructions that, when executed, cause the user system to; encrypt user data stored locally in the user system using a security key in the first set of security keys provided by the second key management system to form encrypted user data, and transmit the encrypted user data to a network manager system via a public network, wherein the network manager system is configured to encrypt the encrypted user data using a second security key in the second set of security keys provided by the security key management system via a private network to form double-encrypted user data for transmission to the node system via the private network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method for double-encrypting data, the computer-implemented method comprising:
-
encrypting user data stored locally in a user system using a security key in a first set of security keys provided by a first key management system of the user system to form encrypted user data, wherein the first key management system stores the first set of security keys; and transmitting the encrypted user data to an intermediary system via a public network, wherein the intermediary system is configured to encrypt the encrypted user data using a second security key in a second set of security keys provided by a security key management system of a node system via a private network to form double-encrypted user data for transmission to the node system via the private network, wherein the node system comprises the security key management system, a second key management system, and a processing server, wherein the second key management system stores the first set of security keys and communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the security key management system stores the second set of security keys. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. Non-transitory, computer-readable storage media comprising computer-executable instructions that, when executed, cause a user system to:
-
encrypt user data stored locally in the user system using a security key in a first set of security keys provided by a first key management system of the user system to form encrypted user data, wherein the first key management system stores the first set of security keys; and transmit the encrypted user data to an intermediary system via a public network, wherein the intermediary system is configured to encrypt the encrypted user data using a second security key in a second set of security keys provided by a security key management system of a node system via a private network to form double-encrypted user data for transmission to the node system via the private network, wherein the node system comprises the security key management system, a second key management system, and a processing server, wherein the second key management system stores the first set of security keys and communicates with the first key management system to facilitate key exchange between the first key management system and the second key management system, and wherein the security key management system stores the second set of security keys.
-
Specification