ENHANCED REMOTE KEY MANAGEMENT FOR AN ENTERPRISE IN A CLOUD-BASED ENVIRONMENT

摘要

Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.

主权项

1. A method for facilitating remote key management services in a collaborative cloud-based environment, the method comprising:
receiving a content request for a data item; determining that the data item corresponding to the content request is associated with remote key management functionality; initiating a key request to a hardware security module (HSM), the key request corresponding to a key that is at least encrypted twice, wherein an unencrypted key is encrypted a first time to produce an encrypted key and the encrypted key while still encrypted is encrypted a second time to produce the key that is encrypted at least twice, and wherein a secure key response is received from the HSM with regards to the key that determines whether the data item is to be provided in response to the content request; and causing audit log information associated with the content request to be provided to a log monitoring system, wherein the audit log information includes a reason code enumerating a user behavior performed on the data item in the collaborative cloud-based environment.