Encryption in the cloud with customer controlled keys
First Claim
Patent Images
1. A method for encryption in a cloud computing platform with customer controlled keys, the method comprising:
- uploading, from a customer computing platform to a key store of the cloud computing platform, a cloud-based encryption key based on a customer-based encryption key, the cloud-based encryption key and customer-based encryption key being able to encrypt or decrypt customer data used by an application server running on the cloud computing platform;
retrieving the customer-based encryption key stored on the customer computing platform;
unlocking, by one or more processors executing a key unlocking mechanism using the customer-based encryption key, the cloud-based encryption key from the key store;
storing, by one or more processors, the unlocked cloud-based encryption key in a secure store of a main memory associated with the customer computing platform; and
accessing, by one or more processors executing an encryption or decryption mechanism, the unlocked cloud-based encryption key to encrypt or decrypt customer data stored on a database of the main memory and used by the application server.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for encryption in a cloud computing platform with customer controlled keys is disclosed. A cloud-based encryption key is uploaded from a customer computing platform to a key store of the cloud computing platform, based on a customer-based encryption key. The cloud-based encryption key and customer-based encryption key is able to encrypt or decrypt customer data used by an application server running on the cloud computing platform. Next, the cloud-based encryption key is unlocked from the key store, and then stored in a secure store of a main memory associated with the customer computing platform. Then, according to encryption or decryption mechanism, the unlocked cloud-based encryption key is accessed to encrypt or decrypt customer data stored on a database of the main memory and used by the application server.
7 Citations
9 Claims
-
1. A method for encryption in a cloud computing platform with customer controlled keys, the method comprising:
-
uploading, from a customer computing platform to a key store of the cloud computing platform, a cloud-based encryption key based on a customer-based encryption key, the cloud-based encryption key and customer-based encryption key being able to encrypt or decrypt customer data used by an application server running on the cloud computing platform; retrieving the customer-based encryption key stored on the customer computing platform; unlocking, by one or more processors executing a key unlocking mechanism using the customer-based encryption key, the cloud-based encryption key from the key store; storing, by one or more processors, the unlocked cloud-based encryption key in a secure store of a main memory associated with the customer computing platform; and accessing, by one or more processors executing an encryption or decryption mechanism, the unlocked cloud-based encryption key to encrypt or decrypt customer data stored on a database of the main memory and used by the application server. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product comprising a non-transitory machine-readable medium storing instructions that, when executed by at least one programmable processor, cause the at least one programmable processor to perform operations comprising:
-
uploading, from a customer computing platform to a key store of the cloud computing platform, a cloud-based encryption key based on a customer-based encryption key, the cloud-based encryption key and customer-based encryption key being able to encrypt or decrypt customer data used by an application server running on the cloud computing platform; retrieving the customer-based encryption key stored on the customer computer platform; unlocking, according to a key unlocking mechanism using the customer-based encryption key, the cloud-based encryption key from the key store; storing the unlocked cloud-based encryption key in a secure store of a main memory associated with the customer computing platform; and accessing, according to an encryption or decryption mechanism, the unlocked cloud-based encryption key to encrypt or decrypt customer data stored on a database of the main memory and used by the application server.
-
-
6. A system comprising:
-
at least one programmable processor; and a machine-readable medium storing instructions that, when executed by the at least one processor, cause the at least one programmable processor to perform operations comprising; uploading, from a customer computing platform to a key store of the cloud computing platform, a cloud-based encryption key based on a customer-based encryption key, the cloud-based encryption key and customer-based encryption key being able to encrypt or decrypt customer data used by an application server running on the cloud computing platform; retrieving the customer-based encryption key stored on the customer computing platform; unlocking, according to a key unlocking mechanism using the customer-based encryption key, the cloud-based encryption key from the key store; storing the unlocked cloud-based encryption key in a secure store of a main memory associated with the customer computing platform; and accessing, according to an encryption or decryption mechanism, the unlocked cloud-based encryption key to encrypt or decrypt customer data stored on a database of the main memory and used by the application server. - View Dependent Claims (7, 8, 9)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSAP SE
-
Original AssigneeSAP AG (SAP SE)
-
InventorsBuehl, Matthias
-
Primary Examiner(s)LEMMA, SAMSON B
-
Application NumberUS13/624,069Publication NumberTime in Patent Office851 DaysField of Search713/171, 713/189, 713/193, 380/277, 380/281, 726/2US Class Current713/189CPC Class CodesG06F 12/14 Protection against unauthor...G06F 21/62 Protecting access to data v...G06F 21/70 Protecting specific interna...H04L 63/062 for key distribution, e.g. ...
