The present invention relates to methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management.
A trend in modern computer networking, web-, and cloud-computing, is to rely on public, group, shared, or virtualized resources. The IT (information technology) marketplace offers public, private, and hybrid solutions for “virtualization” and “cloud computing.” This growing trend is occurring at many levels: infrastructure, platform, and software.
A recurring problem hampering such solutions is the fact that “networked,” “virtualized,” and/or “cloud” solutions are by their very nature non-secured and distributed. The resources may be physically owned by different entities other than the users, or may be shared among multiple users (having existing security, privacy, and trust concerns). This may occur within one legal entity or among different entities.
For example, a file may be saved in a network “storage cloud.” Since the storage cloud is a shared resource, a user is entrusting his/her data to a resource that is routinely accessed by many other users, over which the user has no control at all.
Vendors of network, cloud, and virtualization solutions provide various mechanisms (e.g., authentication, authorization, and virtual private networks) to ameliorate this state of affairs. Such approaches are significant but incomplete. Such mechanisms do not solve various important problems (e.g., encryption at rest, protection of data in use during computation, protection of data when transmitted on the network, single point for security handling, key management, and requiring the user to trust the provider, the provider's implementation, or the provider's staff).
Of course, one solution for the security-conscious consumer is to avoid shared resources altogether. However, such an option is an unpleasant choice for the user, since modern shared resources provide many economic, operational, and technical benefits.
It would be desirable to have methods and devices for securing keys for a non-secured, distributed environment with applications to virtualization and cloud-computing security and management. Such methods and devices would, inter alia, overcome the limitations mentioned above.