	US 12,271,471 B2
	Detecting threats by monitoring encryption key activity
Maksim A. Yankovskiy, Mountain View, CA (US); and Tim Reilly, Pleasanton, CA (US)
Assigned to ZETTASET, INC., Mountain View, CA (US)
Filed by Zettaset, Inc., Mountain View, CA (US)
Filed on Feb. 10, 2022, as Appl. No. 17/668,593.
Claims priority of provisional application 63/148,981, filed on Feb. 12, 2021.
Prior Publication US 2022/0261478 A1, Aug. 18, 2022
Int. Cl. G06F 21/00 (2013.01); G06F 3/023 (2006.01); G06F 21/55 (2013.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01); H04L 9/40 (2022.01)

CPC G06F 21/552 (2013.01) [G06F 3/023 (2013.01); G06F 21/602 (2013.01); G06F 21/6209 (2013.01); H04L 63/20 (2013.01)]

20 Claims

1. A computer system comprising computer-readable instructions stored in a non-transitory storage medium and at least one microprocessor coupled to said storage medium when executing said computer-readable instructions, said computer system comprising:

(a) an application proxy operating on an application server and intercepting key activity generated by an application operating on said application server, said key activity destined for a key manager and involving an encryption key and a storage object associated with said encryption key;

(b) an application programming interface (API) of an activity collector for securing in a log, key activity data representing said key activity, wherein said key activity data is correlated to object data associated with said storage object;

(c) a policy engine for defining one or more security policies and for determining if said key activity is in violation of said one or more security policies; and

(d) an activity analyzer service for alerting one or both of a designated user and an application about said violation.