Key management method, apparatus, computer program product, and cloud computing infrastructure in a multi-tenant computing infrastructure (key management in a multi-tenant environment)

摘要

The present invention provides a unique and different key space for controlling a key management system to a tenant of a multi-tenant shared deployment. In this way, a virtual key management area is created for each tenant (for each customer), and specific customer data is co-tenanted in the IT infrastructure of the data center (s) of the provider. Whenever it is played, stored, transmitted, or virtualized, it ensures that a particular customer's data is secured using key management material that is unique to that customer. This ensures that the entire tenant data is still secure by cryptographically separating it from other tenant applications. The virtual key management area is established using a broadcast encryption (BE) protocol, and in particular, a plurality of management key variant schemes of this protocol. Virtual key management systems (VKMS) and protocols based on broadcast encryption provide secure separation of data by tenant (as well as by application) and at all levels of co-tenanted IT infrastructure, Or it can be used across any combination of resources across all levels. [Selection] Figure 6