Secure Information Storage

US 20190034643A1
Filed: 07/27/2017
Published: 01/31/2019
Est. Priority Date: 07/27/2017
Status: Active Grant

First Claim

Patent Images

1. A method of secure storage, comprising:

receiving a request to securely store data;

generating an initialization vector to be used during encryption of the data;

transmitting the data and the initialization vector to an encryption service for encryption using a private key stored on a remote key vault;

receiving encrypted information comprising the data from the encryption service; and

storing an encrypted version of the data in a secure data store.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

20 Citations

View as Search Results

20 Claims

1. A method of secure storage, comprising:
- receiving a request to securely store data;
  
  generating an initialization vector to be used during encryption of the data;
  
  transmitting the data and the initialization vector to an encryption service for encryption using a private key stored on a remote key vault;
  
  receiving encrypted information comprising the data from the encryption service; and
  
  storing an encrypted version of the data in a secure data store.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein generating the initialization vector comprises randomly generating the initialization vector in response to receiving the request.
  - 3. The method of claim 1, further comprising:
    - encrypting the data using an additional key prior to transmitting the data to the encryption service.
  - 4. The method of claim 3, wherein the request comprises the additional key.
  - 5. The method of claim 3, wherein the additional key comprises a public key.
  - 6. The method of claim 3, wherein the received encrypted information is encrypted using both the private key and the additional key.
  - 7. The method of claim 6, further comprising:
    - decrypting the received information using the additional key to generate the encrypted version of the data.
  - 8. The method of claim 1, wherein the encrypted version of the data is stored with the initialization vector.
  - 9. The method of claim 1, wherein the request further specifies a limitation on decryption access to the data.
  - 10. The method of claim 1, wherein the request further specifies the private key or the key vault.

11. A method of secure storage, comprising:
- receiving, from a product service, a request to decrypt encrypted data;
  
  retrieving the encrypted data and an associated initialization vector from a secure data store;
  
  transmitting the encrypted data and the associated initialization vector to an encryption service for decryption using a private key stored in a remote key vault;
  
  receiving information comprising the decrypted data from the encryption service; and
  
  transmitting the decrypted data to the product service.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein transmitting the decrypted data comprises transmitting the decrypted data to the product service via a connector component.
  - 13. The method of claim 12, further comprising:
    - re-encrypting the decrypted data using an additional key associated with the connector component prior to transmitting.
  - 14. The method of claim 11, wherein the information is received encrypted by an additional key.
  - 15. The method of claim 14, further comprising:
    - decrypting the information using the additional key to extract the decrypted data.
  - 16. The method of claim 14, wherein the additional key comprises a public key.
  - 17. The method of claim 11, wherein the request to decrypt the encrypted data is received from the product service via a connector component.
  - 18. The method of claim 11, further comprising:
    - deleting the information comprising the decrypted data from a local memory after transmitting the decrypted data to the product service.
  - 19. The method of claim 11, further comprising:
    - authenticating the product service to verify that it has permission to access the encrypted data.

20. A device, comprising:
- a memory; and
  
  one or more processors configured to;
  
  receive, from a product service, a request to decrypt encrypted data;
  
  retrieve the encrypted data and an associated initialization vector from a secure data store;
  
  transmit the encrypted data and the associated initialization vector to an encryption service for decryption using a private key stored in a remote key vault;
  
  receive information comprising the decrypted data from the encryption service; and
  
  transmit the decrypted data to the product service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kludy, Thomas M., Feijoo, Ricardo Fernando

Granted Patent

US 10,438,006 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06Q 20/00   Payment architectures, sche...

G06Q 20/363   with the personal data of a...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 67/1097   for distributed storage of ...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0894   Escrow, recovery or storing...

H04W 12/068   using credential vaults, e....

Secure Information Storage

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Information Storage

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links