公开(公告)号：US11050724B2

公开(公告)日：2021-06-29

申请号：US15928265

申请日：2018-03-22

Applicant: Cisco Technology, Inc.

Inventor： Fabio De Gaspari ,  Alberto Compagno ,  Luca Muscariello ,  Giovanna Carofiglio

IPC: H04L29/06 ,  H04L9/08

Abstract: A producer communicates over a network with a user application in an infrastructure-as-a-service (IaaS) and an IaaS node. The producer encrypts content with first encryption using a first key and second encryption using a second key, to produce twice encrypted content. The producer encrypts the second key with attribute-based encryption and symmetric encryption using an IaaS key, to produce a twice encrypted second key. The producer provides to the user application the twice encrypted content, the twice encrypted second key, and key information configured to remove the first encryption from the twice encrypted content. The producer provides to the IaaS node the IaaS key to enable the IaaS node to remove the symmetric encryption from the twice encrypted second key, such that the user application and the IaaS node are constrained to exchange with each other key-related information and intermediate decryption results in order to recover the content.

公开(公告)号：US20190297063A1

公开(公告)日：2019-09-26

申请号：US15928265

申请日：2018-03-22

Applicant: Cisco Technology, Inc.

Inventor： Fabio De Gaspari ,  Alberto Compagno ,  Luca Muscariello ,  Giovanna Carofiglio

IPC: H04L29/06 ,  H04L9/08

Abstract: A producer communicates over a network with a user application in an infrastructure-as-a-service (IaaS) and an IaaS node. The producer encrypts content with first encryption using a first key and second encryption using a second key, to produce twice encrypted content. The producer encrypts the second key with attribute-based encryption and symmetric encryption using an IaaS key, to produce a twice encrypted second key. The producer provides to the user application the twice encrypted content, the twice encrypted second key, and key information configured to remove the first encryption from the twice encrypted content. The producer provides to the IaaS node the IaaS key to enable the IaaS node to remove the symmetric encryption from the twice encrypted second key, such that the user application and the IaaS node are constrained to exchange with each other key-related information and intermediate decryption results in order to recover the content.