Enhanced remote key management for an enterprise in a cloud-based environment
Abstract
Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.
Claims
exact text as granted — not AI-modified1 . A method for facilitating remote key management services in a collaborative cloud-based environment, the method comprising:
receiving a content request for a data item; determining that the data item corresponding to the content request is associated with remote key management functionality; initiating a key request to a hardware security module (HSM), the key request corresponding to a key that is at least encrypted twice, wherein an unencrypted key is encrypted a first time to produce an encrypted key and the encrypted key while still encrypted is encrypted a second time to produce the key that is encrypted at least twice, and wherein a secure key response is received from the HSM with regards to the key that determines whether the data item is to be provided in response to the content request; and causing audit log information associated with the content request to be provided to a log monitoring system, wherein the audit log information includes a reason code enumerating a user behavior performed on the data item in the collaborative cloud-based environment.
2 . The method of claim 1 , wherein the HSM stores the audit log information.
3 . The method of claim 2 , wherein the HSM signs the audit log information with a secure key.
4 . The method of claim 1 , wherein the audit log information is included in the key request.
5 . The method of claim 1 , wherein the HSM is hosted by the collaborative cloud-based environment.
6 . The method of claim 1 , wherein the HSM is hosted by a second collaborative cloud-based environment distinct from the collaborative cloud-based environment.
7 . The method of claim 1 , wherein the HSM is hosted by a managed services provider.
8 . The method of claim 1 , wherein the HSM provides access to the collaborative cloud-based environment.
9 . The method of claim 1 , wherein the unencrypted key is encrypted with a local key encryption key by a key service engine and the encrypted key is encrypted with a remote encryption key by the HSM.
10 . The method of claim 1 , wherein the content request comprises an access request and wherein the key request includes a request to decrypt a twice encrypted encryption key.
11 . The method of claim 1 , further comprising using the reason code to determine whether to grant or deny the content request.
12 . A system for facilitating remote key management services in a collaborative cloud-based environment, the system comprising:
one or more processors; a memory unit having instructions stored thereon which, when executed by the one or more processors, causes the system to: receive a content request for a data item; determine that the data item corresponding to the content request is associated with remote key management functionality; initiate a key request to a hardware security module (HSM), the key request corresponding to a key that is at least encrypted twice, wherein an unencrypted key is encrypted a first time to produce an encrypted key and the encrypted key while still encrypted is encrypted a second time to produce the key that is encrypted at least twice, and wherein a secure key response is received from the HSM with regards to the key that determines whether the data item is to be provided in response to the content request; and cause audit log information associated with the content request to be provided to a log monitoring system, wherein the audit log information includes a reason code enumerating a user behavior performed on the data item in the collaborative cloud-based environment.
13 . The system of claim 12 , wherein the HSM stores the audit log information.
14 . The system of claim 13 , wherein the HSM signs the audit log information with a secure key.
15 . The system of claim 12 , wherein the HSM is hosted by the collaborative cloud-based environment.
16 . The system of claim 12 , wherein the HSM is hosted by a second collaborative cloud-based environment distinct from the collaborative cloud-based environment.
17 . The system of claim 12 , wherein the HSM is hosted by a managed services provider.
18 . The method of claim 12 , wherein the HSM provides access to the collaborative cloud-based environment.
19 . The system of claim 12 , wherein the unencrypted key is encrypted with a local key encryption key by a key service engine and the encrypted key is encrypted with a remote encryption key by the HSM.
20 . The system of claim 12 , wherein the content request comprises an access request and wherein the key request includes a request to decrypt a twice encrypted encryption key.
21 . The system of claim 12 , wherein the reason code is used to determine whether to grant or deny the content request.
22 . A computer program product embodied in a non-transitory computer readable medium, the computer readable medium having stored thereon a sequence of instructions which, when executed by a processor causes the processor to execute a process to facilitate remote key management services in a collaborative cloud-based environment, the method comprising:
receiving a content request for a data item; determining that the data item corresponding to the content request is associated with remote key management functionality; initiating a key request to a hardware security module (HSM), the key request corresponding to a key that is at least encrypted twice, wherein an unencrypted key is encrypted a first time to produce an encrypted key and the encrypted key while still encrypted is encrypted a second time to produce the key that is encrypted at least twice, and wherein a secure key response is received from the HSM with regards to the key that determines whether the data item is to be provided in response to the content request; and causing audit log information associated with the content request to be provided to a log monitoring system, wherein the audit log information includes a reason code enumerating a user behavior performed on the data item in the collaborative cloud-based environment.
23 . The computer program product of claim 22 , wherein the HSM stores the audit log information.
24 . The computer program product of claim 23 , wherein the HSM signs the audit log information with a secure key.
25 . The computer program product of claim 22 , wherein the HSM is hosted by the collaborative cloud-based environment.
26 . The computer program product of claim 22 , wherein the HSM is hosted by a second collaborative cloud-based environment distinct from the collaborative cloud-based environment.
27 . The computer program product of claim 22 , wherein the HSM provides access to the collaborative cloud-based environment.
28 . The computer program product of claim 22 , wherein the unencrypted key is encrypted with a local key encryption key by a key service engine and the encrypted key is encrypted with a remote encryption key by the HSM.
29 . The computer program product of claim 22 , wherein the content request comprises an access request and wherein the key request includes a request to decrypt a twice encrypted encryption key.
30 . The computer program product of claim 22 , wherein the reason code is used to determine whether to grant or deny the content request.Join the waitlist — get patent alerts
Track US2016065364A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.