MULTI-PHASE PROTECTION FOR DATA-CENTRIC OBJECTS

Aspects of the invention include protecting data objects in a computing environment based on physical location. Aspects include receiving, by a computing system, a request to access an encrypted data from an authenticated user, wherein the encrypted data includes information about a data encryption...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: SOFIA, ANTHONY THOMAS, CAFFREY, JAMES M, KATONICA, JASON G, GINADER, THOMAS
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Aspects of the invention include protecting data objects in a computing environment based on physical location. Aspects include receiving, by a computing system, a request to access an encrypted data from an authenticated user, wherein the encrypted data includes information about a data encryption key used to encrypt the encrypted data. Aspects also include providing, by the computing system, the encrypted data to the computer system where the user was authenticated, the computer system including a set of decryption keys protected by a master key stored within a hardware security module associated with the location of the hardware security module. Aspects further include decrypting, by the hardware security module, the encrypted data based on a determination that the data encryption key corresponds to one of the set of decryption keys, wherein the set of decryption keys are determined based on the location of the hardware security module.