Method and apparatus for providing key management for data encryption for cloud-based big data environments
First Claim
1. A method for providing key management for encryption of data, the method comprising:
- utilizing at least one interface to ingest of one or more encrypted datasets to at least one server;
causing, at least in part, the ingestion, utilizing a processor, including a storage of the one or more encrypted datasets;
receiving a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets,wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server;
causing, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof;
causing, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication; and
causing, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach is provided for key management for data encryption. A key management platform receives a request from at least one client for one or more private keys for decrypting one or more datasets. The one or more private keys are encrypted in at least one key repository associated with at least one server. The key management platform also causes, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof. The key management platform further causes, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication. The key management platform further causes, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization.
14 Citations
20 Claims
-
1. A method for providing key management for encryption of data, the method comprising:
-
utilizing at least one interface to ingest of one or more encrypted datasets to at least one server; causing, at least in part, the ingestion, utilizing a processor, including a storage of the one or more encrypted datasets; receiving a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets, wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server; causing, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof; causing, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication; and causing, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus for providing key management for encryption of data, the apparatus comprising:
-
at least one processor; and at least one memory including computer program code for one or more programs, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following, utilize at least one interface to ingest one or more encrypted datasets to at least one server, cause, at least in part, the ingestion including a storage of the one or more encrypted datasets, receive a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets, wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server, cause, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof, cause, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication, and cause, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer-readable storage medium carrying one or more sequences of one or more instructions which, when executed by one or more processors, cause an apparatus to perform a method for providing key management for encryption of data, the method comprising:
-
utilizing at least one interface to ingest one or more encrypted datasets to at least one server; causing, at least in part, the ingestion including a storage of the one or more encrypted datasets; receiving a request from at least one client for one or more private keys for decrypting the one or more encrypted datasets, wherein the one or more private keys are encrypted in at least one key repository associated with the at least one server; causing, at least in part, an authentication of the request using one or more secure credentials of the at least one client, the at least one server, or a combination thereof; causing, at least in part, an authorization of the at least one client to determine whether the at least one client is authorized to access the one or more private keys based on the authentication; and causing, at least in part, a decryption of the one or more private keys using at least one master key based on the authorization. - View Dependent Claims (19, 20)
-
Specification