METHOD AND SYSTEM FOR PROVIDING A SECURE SECRETS PROXY AND DISTRIBUTING SECRETS
First Claim
1. A system for providing a secure secrets proxy and distributing secrets comprising:
- at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing a secure secrets proxy and distributing secrets, the process for providing a secure secrets proxy and distributing secrets including;
providing a secure secrets proxy in a first computing environment, the secure secrets proxy being a virtual asset instantiated in the first computing environment, the secure secrets proxy including secure secrets proxy authentication data;
providing a secrets distribution management system in a second computing environment, the secrets distribution management system having access to secrets data representing one or more secrets and configured to control the distribution of the one or more secrets in accordance with one or more secrets distribution policies;
providing, by the secure secrets proxy, the secure secrets proxy authentication data to the secrets distribution management system;
providing secrets distribution policy data representing one or more secrets distribution factors used to control the distribution of one or more secrets;
receiving, at the secrets distribution management system, secrets request data from a requesting virtual asset for secrets data necessary to access a resource of a resource type;
obtaining, by the secrets distribution management system, requesting virtual asset profile data associated with the requesting virtual asset;
authenticating, by the secrets distribution management system, the secure secrets proxy as a trusted virtual asset eligible to cache secrets data in a secure secrets cache;
authenticating, by the secrets distribution management system, the requesting virtual asset;
analyzing the requesting virtual asset profile data using one or more of the one or more secrets distribution factors to generate authorized secrets data for the requesting virtual asset;
providing, by the secrets distribution system to the secure secrets proxy in response to the secrets request data, authorized secrets data representing one or more requested secrets;
providing, from the secure secrets proxy to the requesting virtual asset, authorized secrets data for the requesting virtual asset.
0 Assignments
0 Petitions
Accused Products
Abstract
A secure secrets proxy is instantiated in a first computing environment and includes secure secrets proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache secrets data in a secure secrets cache outside the second computing environment. A virtual asset requests one or more secrets, triggering a process to authenticate the requesting virtual asset, gathering authorized secrets data representing secrets the virtual asset is allowed to have. The secure secrets proxy is provided data representing the requested secrets and stores that secrets data in the secure secrets cache of the proxy.
-
Citations
28 Claims
-
1. A system for providing a secure secrets proxy and distributing secrets comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing a secure secrets proxy and distributing secrets, the process for providing a secure secrets proxy and distributing secrets including; providing a secure secrets proxy in a first computing environment, the secure secrets proxy being a virtual asset instantiated in the first computing environment, the secure secrets proxy including secure secrets proxy authentication data; providing a secrets distribution management system in a second computing environment, the secrets distribution management system having access to secrets data representing one or more secrets and configured to control the distribution of the one or more secrets in accordance with one or more secrets distribution policies; providing, by the secure secrets proxy, the secure secrets proxy authentication data to the secrets distribution management system; providing secrets distribution policy data representing one or more secrets distribution factors used to control the distribution of one or more secrets; receiving, at the secrets distribution management system, secrets request data from a requesting virtual asset for secrets data necessary to access a resource of a resource type; obtaining, by the secrets distribution management system, requesting virtual asset profile data associated with the requesting virtual asset; authenticating, by the secrets distribution management system, the secure secrets proxy as a trusted virtual asset eligible to cache secrets data in a secure secrets cache; authenticating, by the secrets distribution management system, the requesting virtual asset; analyzing the requesting virtual asset profile data using one or more of the one or more secrets distribution factors to generate authorized secrets data for the requesting virtual asset; providing, by the secrets distribution system to the secure secrets proxy in response to the secrets request data, authorized secrets data representing one or more requested secrets; providing, from the secure secrets proxy to the requesting virtual asset, authorized secrets data for the requesting virtual asset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for providing an encryption proxy and distributing encryption keys comprising:
-
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing an encryption proxy, the process for providing an encryption proxy including; providing an encryption proxy in a first computing environment, the encryption proxy being a virtual asset instantiated in the first computing environment, the encryption proxy including encryption proxy authentication data, the encryption proxy authentication data; providing a secrets distribution management system, the secrets distribution management system being in a second computing environment, the secrets distribution management system having access to encryption key data representing one or more encryption keys and configured to control the distribution of the one or more encryption keys in accordance with one or more encryption key distribution policies; providing, by the encryption proxy, the encryption proxy authentication data to the secrets distribution management system; providing secrets distribution policy data representing one or more secrets distribution factors used to control the distribution of one or more encryption keys; receiving, at the secrets distribution management system, encryption key request data from a requesting virtual asset for encryption key data necessary to access a resource of a resource type; obtaining, by the secrets distribution management system, requesting virtual asset profile data associated with the requesting virtual asset; authenticating, by the secrets distribution management system, the encryption proxy and identifying the encryption proxy as a trusted virtual asset eligible to cache encryption key data in an remote encryption key cache outside the second computing environment; analyzing the requesting virtual asset profile data using one or more of the one or more secrets distribution factors to generate authorized encryption key data for the requesting virtual asset; providing, by the secrets distribution system to the secure secrets proxy in response to the secrets request data, authorized encryption key data representing one or more requested encryption keys; providing, from the secure secrets proxy to the requesting virtual asset, the authorized encryption key data for the requesting virtual asset. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
Specification