Data security
First Claim
1. A method comprising:
- requesting, at a host, at least one key from a remote authority located in a remote server over a communication network, the at least one key being generated and authorized by the remote authority;
performing cryptographic operations on data using the at least one key, the cryptographic operations being performed in response, at least in part, to a request to store the data in storage of the host or to retrieve the data from the storage;
receiving, from the remote authority, an indication of revoking the at least one key;
subsequent to receipt of the indication, receiving an additional request to access the data in the storage; and
in response to the additional request, issuing a message to indicate that the additional request is unauthorizedwherein the encrypting and/or the decrypting is performed, at least in part, by circuitry in the host, the circuitry being geographically remote from and communicatively coupled to the remote authority in the remote server, the circuitry periodically requesting that the remote authority indicate whether the at least one key has been revoked.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.
-
Citations
28 Claims
-
1. A method comprising:
- requesting, at a host, at least one key from a remote authority located in a remote server over a communication network, the at least one key being generated and authorized by the remote authority;
performing cryptographic operations on data using the at least one key, the cryptographic operations being performed in response, at least in part, to a request to store the data in storage of the host or to retrieve the data from the storage; receiving, from the remote authority, an indication of revoking the at least one key;
subsequent to receipt of the indication, receiving an additional request to access the data in the storage; andin response to the additional request, issuing a message to indicate that the additional request is unauthorized wherein the encrypting and/or the decrypting is performed, at least in part, by circuitry in the host, the circuitry being geographically remote from and communicatively coupled to the remote authority in the remote server, the circuitry periodically requesting that the remote authority indicate whether the at least one key has been revoked. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- requesting, at a host, at least one key from a remote authority located in a remote server over a communication network, the at least one key being generated and authorized by the remote authority;
-
9. An apparatus comprising:
- a host to send a first request for at least one key from a remote authority located in a remote server over a communication link, the at least one key generated and authorized by the remote authority; and
circuitry coupled to the host to perform cryptographic operations on data with the at least one key, the circuitry to perform the cryptographic operations in response, at least in part, to a second request to store the data in storage of the host or to retrieve the data from the storage, wherein the circuitry is to receive a third request to access the data in the storage, the third request received subsequent to an indication from the remote authority that the at least one key has been revoked, in response to the third request, the circuitry is to issue a message to indicate that the third request is unauthorized wherein the circuitry is geographically remote from and communicatively coupled to the remote authority in the remote server, the circuitry to periodically request that the remote authority indicate whether the at least one key has been revoked. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- a host to send a first request for at least one key from a remote authority located in a remote server over a communication link, the at least one key generated and authorized by the remote authority; and
-
17. One or more storage media storing instructions that when executed by one or more machines result in the following:
-
requesting, at a host, at least one key from a remote authority located in a remote server over a communication network, the at least one key being generated and authorized by the remote authority and used for both encryption and decryption of data; and performing cryptographic operations on data using the at least one key, the cryptographic operations being performed in response, at least in part, to a request to store the data in storage of the host or to retrieve the data from the storage; receiving, from the remote authority, an indication of revoking the at least one key; subsequent to receipt of the indication, receiving an additional request to access the data in the storage; and in response to the additional request, issuing a message to indicate that the additional request is unauthorized, wherein the encrypting and/or the decrypting is performed, at least in part, by circuitry in the host, the circuitry being geographically remote from and communicatively coupled to the remote authority in the remote server, the circuitry periodically requesting that the remote authority indicate whether the at least one key has been revoked. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A system comprising:
- a host to send a first request for at least one key from a remote authority over a communication network, the at least one key generated and authorized by the remote authority and used for both encryption and decryption of data; and
a circuit board coupled to the host, the circuit board comprising a circuit card slot and a circuit card that is capable of being inserted into the circuit card slot, the circuit card comprising circuitry to; perform cryptographic operations on data with the at least one key, the circuitry to perform the cryptographic operations in response, at least in part, to a second request to store the data in storage of the host or to retrieve the data from the storage; receive a third request to access the data in the storage, the third request received subsequent to an indication from the remote authority that the at least one key has been revoked; and
in response to the third request, issue a message to indicate that the third request is unauthorized,wherein the circuitry is geographically remote from and communicatively coupled to the remote authority in the remote server, the circuitry to periodically request that the remote authority indicate whether the at least one key has been revoked. - View Dependent Claims (26, 27, 28)
- a host to send a first request for at least one key from a remote authority over a communication network, the at least one key generated and authorized by the remote authority and used for both encryption and decryption of data; and
Specification