METHODS, DEVICES, AND MEDIA FOR SECURE KEY MANAGEMENT IN A NON-SECURED, DISTRIBUTED, VIRTUALIZED ENVIRONMENT WITH APPLICATIONS TO CLOUD-COMPUTING SECURITY AND MANAGEMENT
First Claim
1. A method for secure key management, the method comprising the steps of:
- (a) receiving an encryption request for protecting an original key at a first encryption location in a network computing-environment;
(b) initially encrypting said original key with a first location-specific secure-key, said first location-specific secure-key located at a second encryption location, to create a location-specific initially-encrypted key; and
(c) finally encrypting said location-specific initially-encrypted key with a second location-specific secure-key, said second location-specific secure-key located at a third encryption location, to create a finally-encrypted key which may then be used in any way in a cipher-location;
wherein said locations are regions of memory located in computing devices operationally connected to said network computing-environment; and
wherein each of said location-specific secure-keys is protected from compromise by any owner of other location-specific secure keys using an appropriate technique in respective said locations.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention discloses methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management. Methods include the steps of: receiving an encryption request for protecting an original key at a first encryption location in a network computing-environment; initially encrypting the original key with a first location-specific secure-key, located at a second encryption location, to create a location-specific initially-encrypted key; and finally encrypting the location-specific initially-encrypted key with a second location-specific secure-key, located at a third encryption location, to create a finally-encrypted key which may then be used in any way in a cipher-location; wherein the locations are regions of memory located in computing devices operationally connected to the network computing-environment; and wherein each of the location-specific secure-keys is protected from compromise by any owner of other location-specific secure keys using an appropriate technique in the respective locations.
-
Citations
26 Claims
-
1. A method for secure key management, the method comprising the steps of:
-
(a) receiving an encryption request for protecting an original key at a first encryption location in a network computing-environment; (b) initially encrypting said original key with a first location-specific secure-key, said first location-specific secure-key located at a second encryption location, to create a location-specific initially-encrypted key; and (c) finally encrypting said location-specific initially-encrypted key with a second location-specific secure-key, said second location-specific secure-key located at a third encryption location, to create a finally-encrypted key which may then be used in any way in a cipher-location; wherein said locations are regions of memory located in computing devices operationally connected to said network computing-environment; and wherein each of said location-specific secure-keys is protected from compromise by any owner of other location-specific secure keys using an appropriate technique in respective said locations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A device for secure key management, the device comprising:
-
(a) a server including; (i) a CPU for performing computational operations; (ii) a memory module for storing data; and (iii) a network connection for communicating across a network; and (b) a protection module, residing on said server, configured for; (i) receiving an encryption request for protecting an original key at a first encryption location in a network computing-environment; (ii) initially encrypting, on any computing device operationally connected to said network computing-environment, said original key with a first location-specific secure-key, said first location-specific secure-key located at a second encryption location, to create a location-specific initially-encrypted key; and (iii) finally encrypting, on any computing device operationally connected to said network computing-environment, said location-specific initially-encrypted key with a second location-specific secure-key, said second location-specific secure-key located at a third encryption location, to create a finally-encrypted key which may then be used in any way in a cipher-location; wherein said locations are regions of memory located in computing devices operationally connected to said network computing-environment; and wherein each of said location-specific secure-keys is protected from compromise by any owner of other location-specific secure keys using an appropriate technique in respective said locations. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer-readable storage medium having computer-readable code embodied on the computer-readable storage medium, the computer-readable code comprising:
-
(a) program code for receiving an encryption request for protecting an original key at a first encryption location in a network computing-environment; (b) program code for initially encrypting said original key with a first location-specific secure-key, said first location-specific secure-key located at a second encryption location, to create a location-specific initially-encrypted key; and (c) program code for finally encrypting said location-specific initially-encrypted key with a second location-specific secure-key, said second location-specific secure-key located at a third encryption location, to create a finally-encrypted key which may then be used in any way in a cipher-location; and wherein said locations are regions of memory located in computing devices operationally connected to said network computing-environment; and wherein each of said location-specific secure-keys is protected from compromise by any owner of other location-specific secure keys using an appropriate technique in respective said locations.
-
Specification