Method and system for providing an encryption proxy

摘要

An encryption proxy is instantiated in a first computing environment and includes encryption proxy authentication data for identifying itself to a secrets distribution management system in a second computing environment as a trusted virtual asset to receive and cache encryption key data in a secure encryption key cache outside the second computing environment. The encryption proxy requests one or more encryption keys to be cached and is then provided encryption key data representing the requested encryption keys in the encryption key cache. The encryption proxy then receives application request data from a second virtual asset instantiated in the first computing environment requesting one or more encryption keys be applied to second virtual asset data. The encryption proxy then obtains the required encryption keys from the secure secrets cache and coordinates the application of the encryption keys to the second virtual asset data.

主权项

1. A system for providing an encryption proxy comprising:
at least one processor; and at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which when executed by any set of the one or more processors, perform a process for providing an encryption proxy, the process for providing an encryption proxy including: securely decentralizing encryption key data and decreasing access latency for encryption key data by providing an encryption proxy in a cloud computing environment, the encryption proxy being a virtual asset instantiated in the cloud computing environment, the encryption proxy including encryption proxy authentication data, the encryption proxy authentication data for identifying the encryption proxy as a trusted virtual asset in the cloud computing environment, the encryption proxy authentication data including hardware identification data identifying underlying hardware on which the encryption proxy is running; providing a secrets distribution management system, the secrets distribution management system being in a second computing environment, the secrets distribution management system having access to the encryption key data representing one or more encryption keys, the secrets distribution management system controlling the distribution of the one or more encryption keys in accordance with one or more encryption key distribution policies; providing, by the encryption proxy, the encryption proxy authentication data to the secrets distribution management system; authenticating, by the secrets distribution management system, the encryption proxy by comparing the hardware identification data with data obtained via a cloud provider of the cloud computing environment; identifying, by the secrets distribution management system, the encryption proxy as a trusted virtual asset eligible to cache encryption key data in a remote encryption key cache outside the second computing environment; generating, by the encryption proxy, cache encryption key request data representing a request for data representing one or more requested encryption keys to be cached in the remote encryption key cache; providing, by the encryption proxy, the cache encryption key request data to the secrets distribution management system; and providing, by the secrets distribution management system in response to the cache encryption key request data, data representing one or more of the requested encryption keys to the remote encryption key cache.