This section is intended to provide a background or context to the invention that is recited in the claims. The description herein may include concepts that could be pursued, but are not necessarily ones that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, what is described in this section is not prior art to the description and claims in this application and is not admitted to be prior art by inclusion in this section.
Certain abbreviations that may be found in the description and/or in the Figures are herewith defined as follows:
AES advanced encryption standard
AMI amazon machine image
API application programing interface
AWS Amazon Web Services
DB database
DC domain controller
DEK data encryption key
EBS (Amazon) elastic block store
ELB (Amazon) elastic load balancer
EMR (Amazon) elastic map reduce
FIPS federal information processing standards
HSM hardware security module
ID identification
JVM java virtual memory
KEK key encryption key
KM key management
KMS key management service
PII personally identifiable information
RDS relational database service
SDK software development kit
SSH secure shell
SSL secure sockets layer
VM virtual memory
Cloud computing is an approach to sharing computing resources over the Internet. One area of cloud computing includes a host provider (for example, cloud provider) providing virtual server instances on which devices can run applications. Public Cloud Applications often need to secure sensitive information such as data encryption keys or user/system credentials. Main challenges in securing such information are to deliver ‘master keys’ to cloud applications and to establish trust to instances and applications running in public cloud environment. Examples of applications available in such a cloud environment can include social media applications, and applications provided by Yahoo®, EBay®, and Amazon® to name only a few. As these applications are run in a cloud separate from a private cloud device and its application service provider special attention needs to be given to application data security. In this regard at least a problem exists in that application data security may not be trusted to be provided by the cloud provider. This invention presents solutions to at least the above described problems.