Secure Information Storage
First Claim
1. A method of secure storage, comprising:
- receiving a request to securely store data;
generating an initialization vector to be used during encryption of the data;
transmitting the data and the initialization vector to an encryption service for encryption using a private key stored on a remote key vault;
receiving encrypted information comprising the data from the encryption service; and
storing an encrypted version of the data in a secure data store.
7 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.
20 Citations
20 Claims
-
1. A method of secure storage, comprising:
-
receiving a request to securely store data; generating an initialization vector to be used during encryption of the data; transmitting the data and the initialization vector to an encryption service for encryption using a private key stored on a remote key vault; receiving encrypted information comprising the data from the encryption service; and storing an encrypted version of the data in a secure data store. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of secure storage, comprising:
-
receiving, from a product service, a request to decrypt encrypted data; retrieving the encrypted data and an associated initialization vector from a secure data store; transmitting the encrypted data and the associated initialization vector to an encryption service for decryption using a private key stored in a remote key vault; receiving information comprising the decrypted data from the encryption service; and transmitting the decrypted data to the product service. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A device, comprising:
-
a memory; and one or more processors configured to; receive, from a product service, a request to decrypt encrypted data; retrieve the encrypted data and an associated initialization vector from a secure data store; transmit the encrypted data and the associated initialization vector to an encryption service for decryption using a private key stored in a remote key vault; receive information comprising the decrypted data from the encryption service; and transmit the decrypted data to the product service.
-
Specification