SYSTEM FOR PROVIDING END-TO-END PROTECTION AGAINST NETWORK-BASED ATTACKS
First Claim
1. A system for double-encrypting data comprising:
- a node system, wherein the node system comprises an encryption key management system, a first user encryption key management system, and a processing server, wherein the first user encryption key management system comprises a first enterprise key management system, a first local key management system, and a first self-encrypting drive, and wherein the encryption key management system comprises a second enterprise key management system;
a network manager system comprising computer hardware, wherein the network manager system is in communication with the node system via a private network; and
a user system in communication with the network manager via a public network, wherein the user system comprises a second user encryption key management system, and wherein the second user encryption key management system comprises a third enterprise key management system, a second local key management system, and a second self-encrypting drive,wherein the user system comprises first instructions that, when executed, cause the user system to;
encrypt user data stored in the second self-encrypting drive using an encryption key provided by the third enterprise key management system to form encrypted user data, andtransmit the encrypted user data to the network manager system, andwherein the network manager system comprises second instructions that, when executed, cause the network manager system to;
encrypt the encrypted user data using a second encryption key provided by the second enterprise key management system to form double-encrypted user data, andtransmit the double-encrypted user data to the node system.
2 Assignments
0 Petitions
Accused Products
Abstract
A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data.
-
Citations
20 Claims
-
1. A system for double-encrypting data comprising:
-
a node system, wherein the node system comprises an encryption key management system, a first user encryption key management system, and a processing server, wherein the first user encryption key management system comprises a first enterprise key management system, a first local key management system, and a first self-encrypting drive, and wherein the encryption key management system comprises a second enterprise key management system; a network manager system comprising computer hardware, wherein the network manager system is in communication with the node system via a private network; and a user system in communication with the network manager via a public network, wherein the user system comprises a second user encryption key management system, and wherein the second user encryption key management system comprises a third enterprise key management system, a second local key management system, and a second self-encrypting drive, wherein the user system comprises first instructions that, when executed, cause the user system to; encrypt user data stored in the second self-encrypting drive using an encryption key provided by the third enterprise key management system to form encrypted user data, and transmit the encrypted user data to the network manager system, and wherein the network manager system comprises second instructions that, when executed, cause the network manager system to; encrypt the encrypted user data using a second encryption key provided by the second enterprise key management system to form double-encrypted user data, and transmit the double-encrypted user data to the node system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for double-encrypting data comprising:
-
a node system, wherein the node system comprises a processing server, a first enterprise key management system, and a second enterprise key management system; a network manager system comprising computer hardware, wherein the network manager system is in communication with the node system via a private network; and a user system in communication with the network manager via a public network, wherein the user system comprises a third enterprise key management system and a self-encrypting drive, and wherein the first enterprise key management system is associated with the user system, wherein the user system comprises first instructions that, when executed, cause the user system to; encrypt user data stored in the self-encrypting drive using an encryption key provided by the third enterprise key management system to form encrypted user data, and transmit the encrypted user data to the network manager system, and wherein the network manager system comprises second instructions that, when executed, cause the network manager system to; encrypt the encrypted user data using a second encryption key provided by the second enterprise key management system to form double-encrypted user data, and transmit the double-encrypted user data to the node system. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification