Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Method and system for managing security in a computing environment
US9560019B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9560019-B2 |
| Application number | US-201414183735-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 19, 2014 |
| Priority date | Apr 10, 2013 |
| Publication date | Jan 31, 2017 |
| Grant date | Jan 31, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to the received at least one message, the processor generates at least one unique encryption key for each message and sends the at least one generated encryption key to the user device, but does not store any of the generated encryption keys in the cloud. For each encryption key having been sent to the user device, the processor receives each encryption key returned from the user device. For each encryption key received from the user device, the processor stores each received encryption key in the cloud.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for managing data security in a computing environment, said method comprising: receiving, by a processor of a gateway server from a user device, at least one message, wherein each message requests that an encryption key be downloaded to the user device, and wherein the gateway server interfaces between the user device and a cloud comprising a plurality of interconnected computing systems external to the user device; in response to the received at least one message: said processor generating, for each message, at least one unique encryption key for encrypting and decrypting data, sending each encryption key of the at least one generated encryption key to the user device, and not storing any of the generated encryption keys in the cloud, wherein the at least one generated encryption key comprises a first encryption key; for each encryption key of the at least one generated encryption key having been sent to the user device, said processor receiving each sent encryption key of the at least one generated encryption key returned from the user device; for each received encryption key, said processor validating each received encryption key for use by the processor to encrypt data to be stored in the cloud, wherein said validating each received encryption key comprises storing each received encryption key in the cloud at a time specific to each received encryption key, wherein said storing each received encryption key in the cloud comprises storing the first encryption key in the cloud at a first key storage time; said processor storing first data in the cloud at a first data storage time after the first key storage time; said processor encrypting the first data, at a first data encryption time after the first data storage time, by using the first encryption key to encrypt the first data; and said processor decrypting the encrypted first data, at a first data decryption time after the first data encryption time, by using the first encryption key to decrypt the encrypted first data. 2. The method of claim 1 , wherein said receiving each encryption key returned from the user device comprises receiving a second encryption key returned from the user device, wherein said storing comprises storing the second encryption key in the cloud at a second key storage time after the first data storage time, wherein the encrypted first data is denoted as singly encrypted first data, and wherein the method further comprises: said processor encrypting the singly encrypted first data, at another first data encryption time after the second key storage time, by using the second encryption key to encrypt the singly encrypted first data to form a doubly encrypted first data; and said processor decrypting the doubly encrypted first data, by using the second encryption key to decrypt the doubly encrypted first data to form the singly encrypted first data, followed by using the first encryption key to decrypt the singly encrypted first data to form the first data unencrypted. 3. The method of claim 1 , wherein said receiving each encryption key returned from the user device comprises receiving a second encryption key returned from the user device, wherein said storing comprises storing the second encryption key in the cloud at a second key storage time after the first data storage time, and wherein the method further comprises: said processor abandoning the first encryption key at a first key abandoning time after the first data decryption time; and said processor encrypting the first data, at another first data encryption time after the first data abandoning time and after the second key storage time, by using the second encryption key to encrypt the first data. 4. The method of claim 3 , wherein the first data decryption time is simultaneous with the second key storage time. 5. The method of claim 3 , wherein the method further comprises: said processor storing second data in the cloud at a second data storage time prior to the second key storage time; said processor encrypting the second data, at a second data encryption time after the second data storage time, by using the second encryption key to encrypt the second data; and said processor decrypting the encrypted second data, at a second data decryption time after the second data encryption time, by using the second encryption key to decrypt the encrypted second data. 6. A computer program product, comprising a computer readable storage device having computer readable program code stored therein, said program code containing instructions which, upon being executed by a processor of a gateway server of a computer system implements a method for managing data security in a computing environment, said method comprising: receiving, by the processor of the gateway server from a user device, at least one message, wherein each message requests that an encryption key be downloaded to the user device, and wherein the gateway server interfaces between the user device and a cloud comprising a plurality of interconnected computing systems external to the user device; in response to the received at least one message: said processor generating, for each message, at least one unique encryption key for encrypting and decrypting data, sending each encryption key of the at least one generated encryption key to the user device, and not storing any of the generated encryption keys in the cloud, wherein the at least one generated encryption key comprises a first encryption key; for each encryption key of the at least one generated encryption key having been sent to the user device, said processor receiving each sent encryption key of the at least one generated encryption key returned from the user device; for each received encryption key, said processor validating each received encryption key for use by the processor to encrypt data to be stored in the cloud, wherein said validating each received encryption key comprises storing each received encryption key in the cloud at a time specific to each received encryption key, wherein said storing each received encryption key in the cloud comprises storing the first encryption key in the cloud at a first key storage time; said processor storing first data in the cloud at a first data storage time after the first key storage time; said processor encrypting the first data, at a first data encryption time after the first data storage time, by using the first encryption key to encrypt the first data; and said processor decrypting the encrypted first data, at a first data decryption time after the first data encryption time, by using the first encryption key to decrypt the encrypted first data. 7. The computer program product of claim 6 , wherein said receiving each encryption key returned from the user device comprises receiving a second encryption key returned from the user device, wherein said storing comprises storing the second encryption key in the cloud at a second key storage time after the first data storage time, wherein the encrypted first data is denoted as singly encrypted first data, and wherein the method further comprises: said processor encrypting the singly encrypted first data, at another first data encryption time after the second key storage time, by using the second encryption key to encrypt the singly encrypted first data to form a doubly encrypted first data; and said processor decrypting the doubly encrypted first data, by using the second encryption key to decrypt the doubly encrypted first data to form the singly encrypted first data, followed by using the first encryption key to decrypt the singly encrypted first data to form the first data unencrypted. 8. The computer program product of claim 6 , wherein said receiving each encryption key r
Assignees
Inventors
Classifications
applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9560019B2 cover?
- A method and system for managing data security in a computing environment. A processor at the gateway server receives, from a user device, at least one message. Each message requests that an encryption key be downloaded to the user device. The gateway server interfaces between the user device and a cloud that includes interconnected computing systems external to the user device. In response to …
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 31 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).