摘要 |
The present invention discloses methods and devices for securing keys for a non-secure computing-environment. Methods include the steps of: providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item, for repetitively encrypting the secret item with each of a set of N location-specific secure-keys, wherein each location-specific secure-key corresponds to a respective encryption location, to create an encrypted item; wherein the locations are regions of memory located in computing resources operationally connected to the computing-environment; and concealing through encryption at least one location-specific secure-key such that the concealing is configured: to prevent at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during the encrypting; and to allow mathematical operations, performed as part of the encrypting and concealing, to be performed while at least one location-specific secure-key is in its concealed form. |
主权项 |
1. A method for securing keys for a non-secure computing-environment, the method comprising the steps of:
(a) providing a security-key framework which is adapted, upon receiving an encryption request for protecting a secret item in the computing-environment, for repetitively encrypting, either iteratively, in parallel, or in combination thereof, said secret item with each of a set of N location-specific secure-keys, wherein each said location-specific secure-key of said set corresponds to a respective encryption location, to create an encrypted item; wherein said locations are regions of memory located in computing resources operationally connected to the computing-environment; and (b) concealing through encryption at least one said location-specific secure-key such that said step of concealing is configured:
(i) to prevent said at least one location-specific secure-key from ever being known in an unconcealed form on any computing resource in any computing-environment during said encrypting; and(ii) to allow useful mathematical operations, wherein said useful mathematical operations include at least one operation selected from the group consisting of: XOR, addition, subtraction, multiplication, division, modular addition, modular subtraction, modular multiplication, modular division, and combinations thereof, performed as part of said encrypting and said step of concealing, to be performed while said at least one location-specific secure-key is in its concealed form. |