首页>
外国专利>
SECURING DATA AT REST UTILIZING CLOUD PROVIDER SERVICE AGNOSTIC ENCRYPTED DATA TRANSPORTABILITY
SECURING DATA AT REST UTILIZING CLOUD PROVIDER SERVICE AGNOSTIC ENCRYPTED DATA TRANSPORTABILITY
展开▼
机译:利用云提供者服务在静态时保护数据加密的数据可传输性
展开▼
页面导航
摘要
著录项
相似文献
摘要
Securing at rest data on a cloud hosted server includes, for each cloud hosted instance of a computer program, creating a key encrypted key (KEK) using a unique customer master key (CMK) corresponding to the instance, but only an encrypted form of the KEK is persisted in a database for the corresponding instance whereas the unencrypted KEK is retained in memory of the encryption process only. Thereafter, in response to a request to persist data by a corresponding instance of the computer program, a data key (DK) is randomly generated and encrypted with the KEK in memory for the corresponding instance. The data itself also is encrypted with the DK and an envelope with the encrypted DK and the encrypted data returned to the requestor, thus ensuring that the data and the encryption keys are never moved or persisted in an un-encrypted form.
展开▼