CLOUD KEY MANAGEMENT

US 20140019753A1
Filed: 07/10/2012
Published: 01/16/2014
Est. Priority Date: 07/10/2012
Status: Abandoned Application

First Claim

Patent Images

1. A system for managing encryption keys within a domain, the system comprising:

a client computer coupled to a cloud key management server over a network, the client computer being configured to supply a request for an encryption key, the request comprising an object identifier associated with the encryption key; and

a cloud key management service comprising the cloud key management server, the cloud key management service being configured to;

store a plurality of encryption keys in association with a plurality of object identifiers;

receive the request from the client computer;

identify an encryption key of the stored encryption keys associated with the object identifier of the request; and

send the identified encryption key to the client computer in response to the request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for managing encryption keys within a domain includes: a client computer coupled to a cloud key management server over a network, the client computer being configured to supply a request for an encryption key, the request including an object identifier associated with the encryption key; and a cloud key management service comprising the cloud key management server, the cloud key management service being configured to: store a plurality of encryption keys in association with a plurality of object identifiers; receive the request from the client computer; identify an encryption key of the stored encryption keys associated with the object identifier of the request; and send the identified encryption key to the client computer in response to the request.

131 Citations

22 Claims

1. A system for managing encryption keys within a domain, the system comprising:
- a client computer coupled to a cloud key management server over a network, the client computer being configured to supply a request for an encryption key, the request comprising an object identifier associated with the encryption key; and
  
  a cloud key management service comprising the cloud key management server, the cloud key management service being configured to;
  
  store a plurality of encryption keys in association with a plurality of object identifiers;
  
  receive the request from the client computer;
  
  identify an encryption key of the stored encryption keys associated with the object identifier of the request; and
  
  send the identified encryption key to the client computer in response to the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the object identifier is associated with an encrypted file, an encrypted email, encrypted network traffic, an encrypted removable medium, or an encrypted fixed medium.
  - 3. The system of claim 1, wherein the cloud key management server is further configured to determine whether the client is authorized to access the requested encryption key.
  - 4. The system of claim 3, wherein the cloud key management server is further configured to deny access to the requested encryption key if the client is not within the domain.
  - 5. The system of claim 3, wherein the request further comprises user credentials, andwherein the cloud key management server is further configured to deny access to the requested encryption key if the user credentials are not authorized to access the requested encryption key.
  - 6. The system of claim 5, wherein the request further comprises information regarding device identity, device credentials, device capabilities, and physical location of the device.
  - 7. The system of claim 1, wherein the cloud key management server is further configured to receive the request via another cloud key management server within another domain, the client being coupled to the another domain.
  - 8. The system of claim 1, wherein the cloud key management server is further configured to store a log, the log comprising:
    - a timestamp associated with the request;
      
      the object identifier; and
      
      a client identifier associated with the client computer.
  - 9. The system of claim 8, wherein the log further comprises a user credential associated with the request.
  - 10. The system of claim 9, wherein the user credential is a username.
  - 11. The system of claim 8, wherein the log further comprises metadata related to the object identifier, the metadata comprising at least one element selected from the group consisting of a file type, a file size, a description, a source, an access control list, and any context supplied or derived at the time of the request.
  - 12. The system of claim 1, wherein the cloud key management service is further configured to generate the encryption key.

13. A method of managing and supplying encryption keys within a domain, the method comprising:
- storing a plurality of encryption keys in association with a plurality of object identifiers;
  
  receiving a request from a client computer for an encryption key, the request comprising an object identifier;
  
  identifying an encryption key of the stored encryption keys associated with the object identifier of the request; and
  
  sending the encryption key associated with the object identifier to the client computer in response to the request.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The method of claim 13, wherein the object identifier is associated with an encrypted file, an encrypted email, encrypted network traffic, an encrypted removable medium, or an encrypted fixed medium.
  - 15. The method of claim 13, further comprising determining whether the client is authorized to access the requested encryption key.
  - 16. The method of claim 15, further comprising denying access to the requested encryption key if the client computer is not within the domain.
  - 17. The method of claim 15, wherein the request further comprises user credentials, andwherein the method further comprises denying access to the requested encryption key if the user credentials are not authorized to access the requested encryption key.
  - 18. The method of claim 13, further comprising receiving the request via a cloud key management server connected to another domain, the client computer being coupled to the another domain.
  - 19. The method of claim 13, further comprising storing a log, the log comprising:
    - a timestamp associated with the request;
      
      the object identifier; and
      
      a client identifier associated with the client computer.
  - 20. The method of claim 19, wherein the log further comprises a user credential associated with the request.
  - 21. The method of claim 20, wherein the user credential is a username or any other identifier commonly associated with a user, for example, an email address or employee number.
  - 22. The method of claim 13, further comprising generating the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Original Assignee
Raytheon BBN Technlogies Corp. (Rtx Corporation)
Inventors
Rubin, Jonathan A., Lowry, John Houston

Application Number

US13/545,805
Publication Number

US 20140019753A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/1097   for distributed storage of ...

H04L 67/52   specially adapted for the l...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

CLOUD KEY MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

131 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD KEY MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links