Cloud Encryption Key Broker Apparatuses, Methods and Systems

US 20160241390A1
Filed: 02/17/2016
Published: 08/18/2016
Est. Priority Date: 02/17/2015
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method for use in cryptographic operations, comprising:

storing, by one or more data processors, a first portion of a key that is used in a cryptographic operation;

receiving a remote request for retrieval of the first portion of the key;

performing security analysis upon the request; and

transmitting the first portion of the key to the requester after security analysis criteria has been satisfied;

wherein a complete key is generated by combining the first portion of the key with a second portion of a key;

wherein the complete key is used to perform a cryptographic operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-implemented systems and methods are disclosed herein for use in cryptographic operations over a cloud-based service. The cloud-based service securely stores and transmits parts of encryption/decryption keys. Split key processing can include splitting the key in two and storing one of them on a remote secure server.

35 Citations

View as Search Results

21 Claims

1. A processor-implemented method for use in cryptographic operations, comprising:
- storing, by one or more data processors, a first portion of a key that is used in a cryptographic operation;
  
  receiving a remote request for retrieval of the first portion of the key;
  
  performing security analysis upon the request; and
  
  transmitting the first portion of the key to the requester after security analysis criteria has been satisfied;
  
  wherein a complete key is generated by combining the first portion of the key with a second portion of a key;
  
  wherein the complete key is used to perform a cryptographic operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein a cloud-based service is used for the storing of the first portion of the key.
  - 3. The method of claim 1, wherein the cloud-based service is provided by a payment processing entity.
  - 4. The method of claim 1, wherein the complete key is generated by combining the first portion of the key with a second portion of the key and with one or more additional portions of the key.
  - 5. The method of claim 1, wherein the cryptographic operation is an encryption operation.
  - 6. The method of claim 1, wherein the cryptographic operation is a decryption operation.
  - 7. The method of claim 1, wherein the security analysis includes IP checks, risk analysis of requests, IP blocking, and access rule restrictions.
  - 8. The method of claim 7, wherein the security analysis criteria includes the security analysis not detecting any unauthorized access or malicious activity associated with the remote request.
  - 9. The method of claim 1, wherein a client tool transmits the remote request to a remote server on the cloud to provide the necessary key portions to complete a data encryption key.
  - 10. The method of claim 9, wherein the first portion of the key parts is transmitted in an encrypted form;
    - wherein the complete key is stored on the client only in temporary memory or other secure type memory.

11. A processor-implemented system for use with cryptographic operations, comprising:
- a memory; and
  
  one or more processors disposed in communication with the memory and configured to issue processing instructions stored in the memory to;
  
  store a first portion of a key that is used in a cryptographic operation;
  
  receive a remote request for retrieval of the first portion of the key;
  
  perform security analysis upon the request; and
  
  transmit the first portion of the key to the requester after security analysis criteria has been satisfied;
  
  wherein a complete key is generated by combining the first portion of the key with a second portion of a key;
  
  wherein the complete key is used to perform a cryptographic operation.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein a cloud-based service is used for the storing of the first portion of the key.
  - 13. The system of claim 11, wherein the cloud-based service is provided by a payment processing entity.
  - 14. The system of claim 11, wherein the complete key is generated by combining the first portion of the key with a second portion of the key and with one or more additional portions of the key.
  - 15. The system of claim 11, wherein the cryptographic operation is an encryption operation.
  - 16. The system of claim 11, wherein the cryptographic operation is a decryption operation.
  - 17. The system of claim 11, wherein the security analysis includes IP checks, risk analysis of requests, IP blocking, and access rule restrictions.
  - 18. The system of claim 17, wherein the security analysis criteria includes the security analysis not detecting any unauthorized access or malicious activity associated with the remote request.
  - 19. The system of claim 11, wherein a client tool transmits the remote request to a server on the cloud to provide the necessary key portions to complete a data encryption key.
  - 20. The system of claim 19, wherein the first portion of the key parts is transmitted in an encrypted form;
    - wherein the complete key is stored on the client only in temporary memory or other secure type memory.

21. A processor-readable non-transitory medium storing processor-issuable instructions to:
- store a first portion of a key that is used in a cryptographic operation;
  
  receive a remote request for retrieval of the first portion of the key;
  
  perform security analysis upon the request; and
  
  transmit the first portion of the key to the requester after security analysis criteria has been satisfied;
  
  wherein a complete key is generated by combining the first portion of the key with a second portion of a key;
  
  wherein the complete key is used to perform a cryptographic operation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Harris, Theodore, Edington, Scott

Granted Patent

US 10,547,444 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

H04L 63/06   for supporting key manageme...

H04L 9/083   involving central third par...

H04L 9/085   Secret sharing or secret sp...

Cloud Encryption Key Broker Apparatuses, Methods and Systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud Encryption Key Broker Apparatuses, Methods and Systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links