REMOTE KEY MANAGEMENT IN A CLOUD-BASED ENVIRONMENT
First Claim
1. A key service engine for facilitating remote key management services in a collaborative cloud-based environment, the key service engine comprising:
- a processor;
a key service proxy device configured to initiate a remote key request responsive to a determination that a data item indicated by a content request is associated with remote key management functionality, wherein the remote key request includes a reason code enumerating a reason associated with the content request;
a reason engine configured to direct the processor to process the content request to identify the reason associated with the content request and responsively generate the corresponding reason code.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is used by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.
47 Citations
23 Claims
-
1. A key service engine for facilitating remote key management services in a collaborative cloud-based environment, the key service engine comprising:
-
a processor; a key service proxy device configured to initiate a remote key request responsive to a determination that a data item indicated by a content request is associated with remote key management functionality, wherein the remote key request includes a reason code enumerating a reason associated with the content request; a reason engine configured to direct the processor to process the content request to identify the reason associated with the content request and responsively generate the corresponding reason code. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. The key service engine of claim I, further comprising:
-
a cloud-based platform interface configure to receive the content request, wherein the cloud-based platform is in communication with a data store to direct the data store to store or access a local or remote key encryption keys associated with an encryption key.
-
-
9. A collaboration system for facilitating remote key management services in a collaborative cloud-based environment, the system comprising:
-
a processor; a memory unit having instructions stored thereon which when executed by the processor, causes the collaboration system to; encrypt a content item indicated by a content request using an encryption key; encrypt the encryption key using a local key encryption key (KEK); determine if the content item is associated with remote key management functionality; and if the content item is associated with remote key management functionality, determine a reason code associated with the content request; and initiate a remote key encryption request including the encrypted encryption key and the reason code. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A collaboration system for facilitating remote key management services in a collaborative cloud-based environment, the system comprising:
-
a processor; a memory unit having instructions stored thereon which when executed by the processor, causes the collaboration system to; determine if a content item associated with a received content request is associated with remote key management functionality; and if the content item is associated with the remote key management functionality, identify a reason code associated with the content request and generate a reason code enumerating the reason for the content request; access a twice encrypted encryption key from a data store; and initiate a remote key decryption request including the twice encrypted encryption key and the reason code. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A machine-readable storage medium including executable instructions, which when executed by a processor, causes the processor to:
-
receive a remote key request including a reason code enumerating a reason associated with a content request, wherein the remote key request includes a request to encrypt or decrypt an encrypted encryption key; access a set of pre-configured rules from a rule store; determine whether to accept or reject the remote key request based the set of pre-configured rules and the reason. - View Dependent Claims (21, 22, 23)
-
Specification