METHODS AND DEVICES FOR SECURING KEYS FOR A NONSECURED, DISTRIBUTED ENVIRONMENT WITH APPLICATIONS TO VIRTUALIZATION AND CLOUD-COMPUTING SECURITY AND MANAGEMENT
First Claim
1. A method for securing keys for a non-secure computing-environment, the method comprising the steps of:
- (a) providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item in the computing-environment, for repetitively encrypting, either iteratively, in parallel, or in combination thereof, said secret item with each of a set of N location-specific secure-keys, wherein each said location-specific secure-key of said set corresponds to a respective encryption location, to create an encrypted item;
wherein said locations are regions of memory located in computing resources operationally connected to the computing-environment; and
(b) concealing through encryption at least one said location-specific secure-key such that said step of concealing is configured;
(i) to prevent said at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during said encrypting; and
(ii) to allow useful mathematical operations, wherein said useful mathematical operations include at least one operation selected from the group consisting of;
XOR, addition, subtraction, multiplication, division, modular addition, modular subtraction, modular multiplication, modular division, and combinations thereof, performed as part of said encrypting and said step of concealing, to be performed while said at least one location-specific secure-key is in its concealed form.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention discloses methods and devices for securing keys for a non-secure computing-environment. Methods include the steps of: providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item, for repetitively encrypting the secret item with each of a set of N location-specific secure-keys, wherein each location-specific secure-key corresponds to a respective encryption location, to create an encrypted item; wherein the locations are regions of memory located in computing resources operationally connected to the computing-environment; and concealing through encryption at least one location-specific secure-key such that the concealing is configured: to prevent at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during the encrypting; and to allow mathematical operations, performed as part of the encrypting and concealing, to be performed while at least one location-specific secure-key is in its concealed form.
-
Citations
15 Claims
-
1. A method for securing keys for a non-secure computing-environment, the method comprising the steps of:
-
(a) providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item in the computing-environment, for repetitively encrypting, either iteratively, in parallel, or in combination thereof, said secret item with each of a set of N location-specific secure-keys, wherein each said location-specific secure-key of said set corresponds to a respective encryption location, to create an encrypted item;
wherein said locations are regions of memory located in computing resources operationally connected to the computing-environment; and(b) concealing through encryption at least one said location-specific secure-key such that said step of concealing is configured; (i) to prevent said at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during said encrypting; and (ii) to allow useful mathematical operations, wherein said useful mathematical operations include at least one operation selected from the group consisting of;
XOR, addition, subtraction, multiplication, division, modular addition, modular subtraction, modular multiplication, modular division, and combinations thereof, performed as part of said encrypting and said step of concealing, to be performed while said at least one location-specific secure-key is in its concealed form. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A device for securing keys for a non-secure computing-environment, the device comprising:
-
(a) a server including; (i) a CPU for performing computational operations; (ii) a memory module for storing data; and (iii) a network connection for communicating across a network; and (b) a protection module, residing on said server, configured for; (i) providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item in the computing-environment, for repetitively y encrypting, either iteratively, in parallel, or in combination thereof, said secret item with each of a set of N location-specific secure-keys, wherein each said location-specific secure-key of said set corresponds to a respective encryption location, to create an encrypted item;
wherein said locations are regions of memory located in computing resources operationally connected to the computing-environment; and(ii) concealing through encryption at least one said location-specific secure key such that said concealing is configured; (A) to prevent said at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during said encrypting; and (B) to allow useful mathematical operations, wherein said useful mathematical operations include at least one operation selected from the group consisting of;
XOR, addition, subtraction, multiplication, division, modular addition, modular subtraction, modular multiplication, modular division, and combinations thereof, performed as part of said encrypting and said concealing, to be performed while said at least one location-specific secure-key is in its concealed form. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium, having computer-readable code embodied on the non-transitory computer-readable medium, the computer-readable code comprising:
-
(a) program code for providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item in the computing-environment, for repetitively encrypting, either iteratively, parallel, or in combination thereof said secret item with each of a set of N location-specific secure-keys, wherein each said location-specific secure-key of said set corresponds to a respective encryption location, to create an encrypted item;
wherein said locations are regions of memory located in computing resources operationally connected to the computing-environment; and(b) program code for concealing through encryption at least one said location-specific secure-key such that said concealing is configured; (i) to prevent said at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during said encrypting; and (ii) to allow useful mathematical operations, wherein said useful mathematical operations include at least one operation selected from the group consisting of;
XOR, addition, subtraction, multiplication, division, modular addition, modular subtraction, modular multiplication, modular division, and combinations thereof, performed as part of said encrypting and said concealing, to be performed while said at least location-specific secure-key is in its concealed form. - View Dependent Claims (12, 13, 14, 15)
-
Specification