Method and apparatus for providing key management for data encryption for cloud-based big data environments

US 9,660,969 B2
Filed: 03/31/2015
Issued: 05/23/2017
Est. Priority Date: 03/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method for providing key management for encryption of data, the method comprising:

utilizing at least one interface to ingest of one or more encrypted datasets to at least one server;

causing, at least in part, the ingestion, utilizing a processor, including a storage of the one or more encrypted datasets;

receiving a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets,wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server;

causing, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof;

causing, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication; and

causing, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for key management for data encryption. A key management platform receives a request from at least one client for one or more private keys for decrypting one or more datasets. The one or more private keys are encrypted in at least one key repository associated with at least one server. The key management platform also causes, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof. The key management platform further causes, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication. The key management platform further causes, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization.

14 Citations

View as Search Results

20 Claims

1. A method for providing key management for encryption of data, the method comprising:
- utilizing at least one interface to ingest of one or more encrypted datasets to at least one server;
  
  causing, at least in part, the ingestion, utilizing a processor, including a storage of the one or more encrypted datasets;
  
  receiving a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets,wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server;
  
  causing, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof;
  
  causing, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication; and
  
  causing, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - causing, at least in part, a transmission of the at least one master key to the at least one client based on another authentication process,wherein the decryption of the one or more private keys is performed by the at least one client using the at least one master key.
  - 3. The method of claim 1, wherein the one or more secure credentials is a Secure Sockets Layer (SSL) certificate, and wherein the request, the decrypted one or more private keys, or a combination thereof is transmitted using an SSL protocol.
  - 4. The method of claim 3, wherein the at least one client and the at least one server communicate using a two-way Secure Sockets Layer (SSL) connection of the SSL protocol.
  - 5. The method of claim 1, further comprising:
    - determining the authentication of the request, the authorization of the at least one client, the decryption of the one or more private keys, or a combination thereof based on one or more access control policies.
  - 6. The method of claim 1, wherein the one or more private keys are associated with at least one asymmetric encryption, the method further comprising:
    - causing, at least in part, a storage of one or more public keys of the at least one asymmetric encryption for retrieval by the at least one client using one or more access control policies.
  - 7. The method of claim 1, further comprising:
    - determining whether to grant access to the one or more datasets by the at least one client based on one or more access control policies.
  - 8. The method of claim 1,wherein the ingestion comprises retrieving the one or more private keys, one or more public keys, or a combination thereof from the at least one key repository to encrypt one or more datasets.
  - 9. The method of claim 8, wherein the at least one interface includes at least one Secure Sockets Layer (SSL) tunnel.
  - 10. The method of claim 8, wherein an access to the at least one interface, the ingestion of the one or more datasets, or a combination is based on one or more access control policies.

11. An apparatus for providing key management for encryption of data, the apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code for one or more programs,the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following,utilize at least one interface to ingest one or more encrypted datasets to at least one server,cause, at least in part, the ingestion including a storage of the one or more encrypted datasets,receive a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets,wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server,cause, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof,cause, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication, andcause, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The apparatus of claim 11, wherein the apparatus is further caused to:
    - cause, at least in part, a transmission of the at least one master key to the at least one client based on another authentication process,wherein the decryption of the one or more private keys is performed by the at least one client using the at least one master key.
  - 13. The apparatus of claim 11, wherein the one or more secure credentials is a Secure Sockets Layer (SSL) certificate, and wherein the request, the decrypted one or more private keys, or a combination thereof is transmitted using an SSL protocol.
  - 14. The apparatus of claim 13, wherein the at least one client and the at least one server communicate using a two-way Secure Sockets Layer (SSL) connection of the SSL protocol.
  - 15. The apparatus of claim 11, wherein the apparatus is further caused to:
    - determine the authentication of the request, the authorization of the at least one client, the decryption of the one or more private keys, or a combination thereof based on one or more access control policies.
  - 16. The apparatus of claim 11, wherein the one or more private keys are associated with at least one asymmetric encryption, and wherein the apparatus is further caused to:
    - cause, at least in part, a storage of one or more public keys of the at least one asymmetric encryption for retrieval by the at least one client using one or more access control policies.
  - 17. The apparatus of claim 11, wherein the apparatus is further caused to:
    - determine whether to grant access to the one or more datasets by the at least one client based on one or more access control policies,wherein the ingestion comprises retrieving the one or more private keys, one or more public keys, or a combination thereof from the at least one key repository to encrypt one or more datasets.

18. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to perform a method for providing key management for encryption of data, the method comprising:
- utilizing at least one interface to ingest one or more encrypted datasets to at least one server;
  
  causing, at least in part, the ingestion including a storage of the one or more encrypted datasets;
  
  receiving a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets,wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server;
  
  causing, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof;
  
  causing, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication; and
  
  causing, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization.
- View Dependent Claims (19, 20)
- - 19. The computer-readable storage medium of claim 18, wherein the apparatus is further caused to perform:
    - causing, at least in part, a transmission of the at least one master key to the at least one client based on another authentication process,wherein the decryption of the one or more private keys is performed by the at least one client using the at least one master key,wherein the ingestion comprises retrieving the one or more private keys, one or more public keys, or a combination thereof from the at least one key repository to encrypt one or more datasets.
  - 20. The computer-readable storage medium of claim 18, wherein the one or more secure credentials is a Secure Sockets Layer (SSL) certificate, and wherein the request, the decrypted one or more private keys, or a combination thereof is transmitted using an SSL protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HERE Global B.V. (Nokia Corporation)
Original Assignee
HERE Global B.V. (Nokia Corporation)
Inventors
Qian, Gaoqiang, Lonial, Sumit, Ahmed, Zahid N
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US14/674,710
Publication Number

US 20160294548A1
Time in Patent Office

784 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

Method and apparatus for providing key management for data encryption for cloud-based big data environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing key management for data encryption for cloud-based big data environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links