Cloud key management system
First Claim
Patent Images
1. A method for encrypted email key management, comprising:
- creating, by a key agent executing on a processor, a secure tunnel between the key agent and a cloud key service executing on a processor;
receiving, by the cloud key service from the key agent, a request for key generation for the email sender, the request including email sender credentials;
verifying, by the cloud key service, the request for key generation;
identifying, by the cloud key service, a tenant location on the cloud key service, the tenant location being associated with the email sender;
creating, by the cloud key service, a key pair and corresponding digital certificate for the email sender;
encrypting, by the cloud key service, the key pair and corresponding digital certificate with a key controlled by the key agent;
storing the encrypted key pair and corresponding digital certificate at the identified tenant location;
transmitting a public key from the key pair and the corresponding digital certificate to an email address specified in the digital certificate; and
closing the secure tunnel.
17 Assignments
0 Petitions
Accused Products
Abstract
This invention uses a cloud-based key management system to store, retrieve, generate, and perform other key operations. The cloud-based system ensures security of the keys while preventing their loss or destruction. Using this invention, a company can now manage, audit, and maintain control and security around their keys. Security event auditing permits evaluation of the operations to ensure that each step is completely secure.
16 Citations
33 Claims
-
1. A method for encrypted email key management, comprising:
-
creating, by a key agent executing on a processor, a secure tunnel between the key agent and a cloud key service executing on a processor; receiving, by the cloud key service from the key agent, a request for key generation for the email sender, the request including email sender credentials; verifying, by the cloud key service, the request for key generation; identifying, by the cloud key service, a tenant location on the cloud key service, the tenant location being associated with the email sender; creating, by the cloud key service, a key pair and corresponding digital certificate for the email sender; encrypting, by the cloud key service, the key pair and corresponding digital certificate with a key controlled by the key agent; storing the encrypted key pair and corresponding digital certificate at the identified tenant location; transmitting a public key from the key pair and the corresponding digital certificate to an email address specified in the digital certificate; and closing the secure tunnel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for using keys in an email system, comprising:
-
receiving a request for key generation at a key agent executing on a processor from an email server, the request associated with an email sender; creating a first secure tunnel between the key agent and a cloud key service executing on a processor; communicating the first request to the cloud key service over the first secure tunnel; generating a key pair at the cloud key service; storing the generated key in an encrypted store on a segmented location on the cloud key service, where the encrypted store is encrypted using a store key controlled by the key agent; receiving a request for a key operation at the key agent from the email server and for the email sender; create a second secure tunnel between the key agent and the cloud key service; communicating the request for a key operation to the cloud key service of the second secure tunnel; assessing the segmented location on the cloud key service; decrypting the generated key stored at the segmented location using the key controlled by the key agent; and performing the key operation by the cloud key service. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A system for email key management, comprising:
-
a key agent comprising a computer processor and computer readable memory storing instructions that cause the key agent to receive a request for key services for an email sender from a mail server and transmit the request to a cloud key service; a cloud key service comprising; an encrypted key store located on a segmented location of the cloud key service, the encrypted key store comprising computer readable memory configured to store keys and wherein the encrypted key store is encrypted using a store key controlled by the key agent; a multi-tenancy manager comprising a computer processor and computer readable memory storing instructions that cause the multi-tenancy manager to route a request from the key agent and identify a tenant store in the cloud key service, wherein the tenant store is associated with the email sender; and a server manager comprising a computer processor and computer readable memory storing instructions that cause the server manager to perform a key service associated with a key stored at the tenant store. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. An apparatus for providing cloud-based email key services, comprising:
-
a processor; and non-transitory memory storing computer executable instructions that, when executed by the processor, cause the apparatus to at least; accept requests for use of a key associated with an email sender, the requests being made by an email server through a key agent; validate an identity of the email sender; identify that a key associated with the email sender does not exist at a tenant location on the cloud key service; in response to determining that a key associated with the email sender does not exist, generate a key for the email sender; identify a tenant location on the cloud key service for storing the key; encrypting the key using a store key, wherein the store key is controlled by the key agent; and verify that the key generation is performed correctly. - View Dependent Claims (31, 32, 33)
-
Specification