MULTI-TENANCY ARCHITECTURE

US 20180082084A1
Filed: 11/28/2017
Published: 03/22/2018
Est. Priority Date: 03/29/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a security device, configured for cryptographic processing, coupled to receive incoming data from a plurality of data sources, wherein the incoming data includes first data from a first data source;

a controller configured to select a first set of keys from a plurality of key sets, each of the key sets corresponding to one of the plurality of data sources, wherein the first set of keys is used by the security device to encrypt the first data; and

a common encrypted data storage, coupled to receive the encrypted first data from the security device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a security device, configured for cryptographic processing, coupled to receive incoming data from a plurality of data sources (e.g., data from different customers), wherein the incoming data includes first data from a first data source; a controller (e.g., an external key manager) configured to select a first set of keys from a plurality of key sets, each of the key sets corresponding to one of the plurality of data sources, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device.

32 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a security device, configured for cryptographic processing, coupled to receive incoming data from a plurality of data sources, wherein the incoming data includes first data from a first data source;
  
  a controller configured to select a first set of keys from a plurality of key sets, each of the key sets corresponding to one of the plurality of data sources, wherein the first set of keys is used by the security device to encrypt the first data; and
  
  a common encrypted data storage, coupled to receive the encrypted first data from the security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the security device includes the controller.
  - 3. The system of claim 1, wherein the controller is an internal key manager of the security device.
  - 4. The system of claim 1, wherein the controller is an external key manager coupled to provide keys to the security device via an application programming interface.
  - 5. The system of claim 1, wherein the first data source corresponds to a first user, and an external key manager receives commands from the first user to control access to the first set of keys by the security device.
  - 6. The system of claim 1, wherein the cryptographic processing comprises encryption of data packets written to the common encrypted data storage, and decryption of data packets read from the common encrypted data storage.
  - 7. The system of claim 1, wherein the first data is a first data packet, and the security device is configured to detect a tag of the first data packet that identifies the first data source, and wherein the controller selects the first set of keys based on the detection of the tag.
  - 8. The system of claim 1, wherein the security device further comprises a key cache and a cryptographic core, and the first set of keys is loaded into the cryptographic core from the key cache.
  - 9. The system of claim 8, wherein the security device further comprises a packet input engine, coupled to provide a signal used by the key cache in selecting the first set of keys for use by the cryptographic core in encrypting the first data.
  - 10. The system of claim 1, wherein each of the plurality of data sources is located at a different physical location for a respective user using the common encrypted data storage to store data sent over a network to the security device.

11. A system, comprising:
- a plurality of security devices, each configured for cryptographic processing, coupled to receive incoming data from at least one data source; and
  
  a plurality of key managers, each key manager associated with a user, each key manager coupled to a respective one of the security devices, and each key manager configured to provide a set of keys to the security device for encryption of incoming data associated with the respective user, wherein the incoming data is to be stored in a common encrypted data storage after the encryption.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, further comprising a switch coupled to receive the incoming data from the at least one data source, and configured to route the incoming data to one of the security devices.
  - 13. The system of claim 11, wherein the plurality of security devices includes a first security device, the plurality of key managers includes a first key manager, the first security device comprises a key cache configured to store a first set of keys received from the first key manager, and the first set of keys is for use to encrypt a first data packet.

14. A security device, comprising:
- a plurality of cryptographic cores including an input core configured to perform encryption for a first data packet;
  
  at least one key cache configured to store a plurality of key sets, wherein a first set of keys is to be selected from the plurality of key sets to encrypt the first data packet by the input core; and
  
  a packet input engine configured to detect a header of the first data packet and to address the first set of keys.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The security device of claim 14, further comprising a processor configured to verify that the packet input engine is authorized to address the first set of keys.
  - 16. The security device of claim 14, further comprising a key loader controller configured to load keys from an external key manager via an application programming interface, the key loader controller further configured to load the first set of keys for storage in the at least one key cache prior to receipt of the first data packet by the security device.
  - 17. The security device of claim 16, wherein the at least one key cache is configured so that a key cache failure causes the at least one key cache to be zeroized.
  - 18. The security device of claim 16, further comprising a packet output engine configured to provide the encrypted first data packet from the input core to a common data storage, wherein the packet output engine is configured to detect a header of the first data packet when reading from the common data storage and to address a second set of keys in the at least one key cache when decrypting the first data packet by an output core of the plurality of cryptographic cores.
  - 19. The security device of claim 18, wherein the output core is coupled to provide the decrypted first data packet to the packet input engine.
  - 20. The security device of claim 19, wherein the at least one key cache comprises an input cache configured to store the first set of keys and an output cache configured to store the second set of keys, and the security device is configured to zeroize the input core, the input cache, and the key loader controller after encrypting the first data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Secturion Systems, Inc.
Original Assignee
Secturion Systems, Inc.
Inventors
TAKAHASHI, RICHARD J.

Granted Patent

US 10,902,155 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/72   in cryptographic circuits

H04L 9/083   involving central third par...

MULTI-TENANCY ARCHITECTURE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-TENANCY ARCHITECTURE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links