Enhanced remote key management for an enterprise in a cloud-based environment
First Claim
1. A method for facilitating remote key management services in a collaborative cloud-based environment, the method comprising:
- processing a data item indicated by a content request to determine that the data item is associated with remote key management functionality;
identifying audit log information associated with the content request, wherein the audit log information comprises a reason code enumerating a reason associated with the content request, wherein the reason comprises at least one of;
accessing a data item request, fulfilling a maintenance request, performing a text extraction request, or fulfilling backend services;
initiating a secure key request by a HSM interface engine to a hardware security module (HSM), wherein the secure key request comprises the audit log information; and
determining whether to accept or reject the content request by processing the reason code from the secure key request based at least in part on one or more pre-configured rules by the HSM, wherein the HSM is located on a second client device that is remote from the HSM interface engine located on a first client device, the secure key request sent across a network from the first client device to the second client device for determining whether to accept or reject the content request based at least in part on the reason code.
5 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.
-
Citations
24 Claims
-
1. A method for facilitating remote key management services in a collaborative cloud-based environment, the method comprising:
-
processing a data item indicated by a content request to determine that the data item is associated with remote key management functionality; identifying audit log information associated with the content request, wherein the audit log information comprises a reason code enumerating a reason associated with the content request, wherein the reason comprises at least one of;
accessing a data item request, fulfilling a maintenance request, performing a text extraction request, or fulfilling backend services;initiating a secure key request by a HSM interface engine to a hardware security module (HSM), wherein the secure key request comprises the audit log information; and determining whether to accept or reject the content request by processing the reason code from the secure key request based at least in part on one or more pre-configured rules by the HSM, wherein the HSM is located on a second client device that is remote from the HSM interface engine located on a first client device, the secure key request sent across a network from the first client device to the second client device for determining whether to accept or reject the content request based at least in part on the reason code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for facilitating remote key management services in a collaborative cloud-based environment, the system comprising:
- one or more processors;
a memory unit having instructions stored thereon which, when executed by the one or more processors, causes the system to; process a data item indicated by a content request to determine that the data item is associated with remote key management functionality; identify audit log information associated with the content request, wherein the audit log information comprises a reason code enumerating a reason associated with the content request, wherein the reason comprises at least one of;
accessing a data item request, fulfilling a maintenance request, performing a text extraction request, or fulfilling backend services;initiate a secure key request by a HSM interface engine to a hardware security module (HSM), wherein the secure key request comprises the audit log information; and determine whether to accept or reject the content request by processing the reason code from the secure key request based at least in part on one or more pre-configured rules by the HSM, wherein the HSM is located on a second client device that is remote from the HSM interface engine located on a first client device, the secure key request sent across a network from the first client device to the second client device for determining whether to accept or reject the content request based at least in part on the reason code. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- one or more processors;
-
21. A system for facilitating remote key management services in a collaborative cloud-based environment, the system comprising:
-
a processor; a key service proxy device configured to initiate a secure key request responsive to a determination that a data item indicated by a content request is associated with remote key management functionality, wherein the secure key request comprises a reason code enumerating a reason associated with the content request, wherein the reason comprises at least one of;
accessing a data item request, fulfilling a maintenance request, performing a text extraction request, or fulfilling backend services;a reason engine configured to determine a reason code associated with the content request, wherein determining the reason code comprises directing the processor to identify a reason associated with the content request and responsively generate the reason code associated with the content request; a hardware security interface engine configured to format the secure key request according to a particular hardware security module (HSM); and the HSM configured to determine whether to accept or reject the content request by processing the reason code from the secure key request based at least in part on one or more pre-configured rules by the HSM, wherein the HSM is located on a second client device that is remote from the key service proxy device located on a first client device, the secure key request sent across a network from the first client device to the second client device for determining whether to accept or reject the content request based at least in part on the reason code. - View Dependent Claims (22, 23, 24)
-
Specification