SYSTEMS AND METHODS FOR IDENTITY ENCAPSULATED CRYPTOGRAHY
First Claim
1. A method comprising:
- generating a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud;
receiving a user key in response to the first request;
transmitting a second request for a country key, the country key assigned to a country of a user;
receiving a country key in response to the second request;
encrypting session data resulting from the use of the service hosted within the public cloud using the user key;
encrypting, using one or more processors, the user key using the country key; and
transmitting the encrypted session data and the encrypted user key to the public cloud.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system to provide identity encapsulated cryptography are provided. A method may comprise receiving a user key to access a service. The service may be provided by an enterprise and hosted within a public cloud. A request for a country key assigned to a country of a user is transmitted and the country key is received. Session data resulting from the use of the service hosted within the public cloud is encrypted using the user key and the user key is encrypted using the country key. The encrypted session data and the encrypted user key are stored in the public cloud. The country key may be provided to a legal agency of the country of the user to decrypt session data of the user and to not decrypt session data of other users of another country.
31 Citations
22 Claims
-
1. A method comprising:
-
generating a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud; receiving a user key in response to the first request; transmitting a second request for a country key, the country key assigned to a country of a user; receiving a country key in response to the second request; encrypting session data resulting from the use of the service hosted within the public cloud using the user key; encrypting, using one or more processors, the user key using the country key; and transmitting the encrypted session data and the encrypted user key to the public cloud. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory machine-readable storage medium having instructions embodied thereon, the instructions executable by one or more processors to perform a method, the method comprising:
-
assigning a first country key to a first country of a plurality of first users who are provided a service hosted by a cloud; assigning a second country key to a second country of a plurality of second users who are provided the service hosted by the cloud; transmitting the first country key in response to a first request for the first country key from a first user of the plurality of first users, the first user to encrypt a first user key using the first country key and to store the encrypted first user key in the cloud; transmitting the second country key in response to a second request for the second country key from a second user of the plurality of second users, the second user to encrypt a second user key using the second country key and to store the encrypted second user key in the cloud; and providing the first country key to a first legal agency of the first country, the first country key to decrypt session data of the plurality of the first users and to not decrypt session data of the plurality of second users.
-
-
14. A system comprising:
-
a non-transitory memory to store one or more information claims containers, the one or more information claims containers including one or more claims and one or more key references; and one or more processors to; generate a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud; receive a user key in response to the first request; transmit a second request for a country key, the country key assigned to a country of a user; receive a country key in response to the second request; encrypt session data resulting from the use of the service hosted within the public cloud using the user key; encrypt the user key using the country key; and transmit the encrypted session data and the encrypted user key to the public cloud. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method comprising:
-
receiving a first request for a user key to access a service, the service provided by an enterprise and hosted within a public cloud, the user key for encrypting session data resulting from the user of the service hosted within the public cloud, and for encrypting, using one or more processors, a country key assigned to a country of the user; transmitting the user key in response to the first request; receiving a second request for the country key; transmitting the country key in response to the second request; and receiving the encrypted session data and the encrypted user key for transmission to the public cloud.
-
Specification