Inline data encryption

摘要

Organizations maintain and generate large amount of sensitive information that needs to be saved electronically and there is a need to store that data remotely with a data storage service provider. To prevent unauthorized access to the information stored by organizations on storage provided by the service provider special cryptographic devices, such as an Inline Data Encryptor, can be used to ensure that the information remains secret. The Inline Data Encryptor uses a fill device with secret cryptographic information to encrypt data.

主权项

1. A system, comprising:
a fill device reader configured to receive a fill device and obtain information stored on the fill device; a device interface for communicating with one or more user devices; one or more processors; and memory storing executable instructions that causes the one or more processors of the cryptographic device to collectively:
obtain cryptographic information from the fill device through the fill device reader;use the obtained cryptographic information to encrypt data received from another device received through the device interface;obtain credentials for accessing a data storage service operated by a service provider including a user private key stored on the fill device;generate a signature using the user private key; anduse the obtained credentials to transmit, to a computer system of the data storage service over a service provider network operated by the service provider, the encrypted data and the signature to the data storage service of the service provider, validation of the signature indicating authorization for at least one operation performed by the data storage service.