The invention disclosed herein relates generally to encryption. More specifically, the invention relates to encryption of data stored in a shared data store.
Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Providing security to sensitive information is of great importance to businesses. One technique for protecting information involves encrypting the data so that it can only be accessed by individuals or services with knowledge of the pertinent decryption mechanism. Encryption converts plain text into what is often called cipher text, which can only be read after it has been decrypted. Many encryption algorithms use an encryption key to perform such encryption and decryption.
In order to maintain the security of encrypted data, the encryption key must be kept secretly and safely. Should the encryption keys become compromised, the security of the entire data system is put in jeopardy.
Symmetric key encryption refers to a class of algorithms for cryptography that use the same cryptographic key for both encryption and decryption. The key is maintained as a shared secret between two or more parties and is used to maintain private information. The need to provide multiple parties with access to the same secret key is a challenge of symmetric key encryption.
Many configurations have been developed for storing data. According to one configuration, data may be stored in a central, shared data store and accessed by multiple client entities—for example, a group of application servers may each have access to a central data store. When sensitive or confidential information is stored on the data store, a key encryption scheme may be used to provide secure storage on the data store.
It would be advantageous to provide improved systems and techniques for encryption in the context of shared data stores.