Method and apparatus for accessing sensitive information on-demand

摘要

Exposure of sensitive tenant information is minimized in a multi-tenant/multi-user environment. A unique encryption key is provided for each tenant. The tenant encryption key is never stored in the clear and each copy of the tenant encryption key is protected by a user derived password. A secure folder is created for each tenant and encrypted by the tenant encryption key. Secure folders are mounted only on-demand, i.e. when an authenticated request is received for that tenant. The secure folders are mounted only for specific durations only. Otherwise, they are un-mounted. When a secure folder is mounted, any read/write operation to the secure folder is encrypted/decrypted on-the-fly. When the secure folder is un-mounted, all file contents in the secure folder, and the secure folder itself, are not visible in the file system and no application can browse to the secure folder without the tenant encryption key.

主权项

1. A computer implemented method for minimizing exposure of sensitive tenant information in a multi-tenant/multi-user environment, comprising:
providing a processor for generating a unique tenant encryption key (TEK) for each tenant, wherein said TEK is never stored in the clear and each copy of the TEK is protected by a user derived password; said processor creating a secure folder for each tenant; said processor using said TEK to encrypt said secure folder; said processor only mounting said secure folder to a file system on-demand, in response to an authenticated request received from said tenant; and said processor limiting the interval for which said secure folder is mounted to said file system, said secure folder remaining un-mounted at all other times; wherein when said secure folder is mounted to said file system, any read/write operation to the secure folder is encrypted/decrypted on-the-fly; and wherein when said secure folder is un-mounted from the file system, all file contents in the secure folder, and the secure folder itself, are not visible in the file system and it is not possible to browse to the secure folder without the TEK; said processor requiring an encryption key for access to a tenant's secure folder, said encryption key comprising a derived key encryption key:
KEK=PBKDF-2{access_token,user_salt} where said access_token comprises a cryptographic random number tied to a user; and wherein said salt comprises a random number generated per an operator and/or administrator; said secure folder file system filer driver mounting said requested tenant secure folder for a duration that not longer than that which is required to complete any necessary read/write operations; and said secure folder file system filer driver unmounting said requested tenant secure folder once said read/write operations are completed.