Abstract: The present invention discloses methods and devices for securing keys when key-management processes are subverted by an adversary. Methods include the steps of: upon receiving a creation request in the computing-environment, creating a secure key in at least one location in a computing environment by repetitively computing respective secure-key contributions: in at least one location; and in a set of N computing resources in the computing environment, wherein N is a non-negative integer; and applying the respective secure-key contributions to change a secure-key value, wherein: the respective secure-key contributions cannot be omitted or modified by at least one location; and the secure key is never revealed to the computing resources; thereby enabling the computing resources in the computing environment to ensure that the secure key is truly random; wherein at least one location is a region of memory located in a computing resource operationally connected to the computing-environment.
Abstract: The present invention discloses methods for trusted protocols for a non-secure computing-environment. Methods include the steps of: upon request for determining that an untrusted computing resource is trustworthy, vouching for the untrusted resource as trustworthy by a trusted computing resource upon satisfying at least one criterion of: the trusted resource was directly involved in setting up and/or activating the untrusted resource; and/or has access to a database of identifying credentials and/or information which allow the trusted resource to verify that the untrusted resource is trustworthy; and concealing at least one secret that needs to be present on any computing resource, wherein at least one secret is concealed differently on each computing resource; and transmitting at least one secret from any computing resource to any other computing resource in a way that changes the step of concealing at least one secret without any computing resource knowing at least one secret.
Abstract: The present invention discloses methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management.
Abstract: The present invention discloses methods for trusted protocols for a non-secure computing-environment. Methods include the steps of: upon request for determining that an untrusted computing resource is trustworthy, vouching for the untrusted resource as trustworthy by a trusted computing resource upon satisfying at least one criterion of: the trusted resource was directly involved in setting up and/or activating the untrusted resource; and/or has access to a database of identifying credentials and/or information which allow the trusted resource to verify that the untrusted resource is trustworthy; and concealing at least one secret that needs to be present on any computing resource, wherein at least one secret is concealed differently on each computing resource; and transmitting at least one secret from any computing resource to any other computing resource in a way that changes the step of concealing at least one secret without any computing resource knowing at least one secret.