	US 12,375,478 B2
	Quorum-based authorization to secure sensitive cloud assets
Wayne Reed, Kemptville (CA); Robert Burns, Gainesville, FL (US); Marc Boillot, Plantation, FL (US); and Hugot Didier, Le Plessis Robinson (FR)
Assigned to THALES DIS CPL USA, INC., Austin, TX (US)
Filed by THALES DIS CPL USA, INC., Austin, TX (US)
Filed on Jul. 1, 2022, as Appl. No. 17/855,887.
Prior Publication US 2024/0007461 A1, Jan. 4, 2024
Int. Cl. H04L 9/40 (2022.01); G06F 9/54 (2006.01); G06F 21/40 (2013.01)

CPC H04L 63/0846 (2013.01) [G06F 9/547 (2013.01); G06F 21/40 (2013.01); H04L 63/107 (2013.01); H04L 63/108 (2013.01)]

11 Claims

1. A system to authenticate multiple users to secure sensitive cloud assets, the system comprising:

a Hardware Security Module (HSM) that produces or consumes data, wherein access to the HSM and the data requires multi-user authentication from multiple authorizors by way of

a service provider communicatively coupled to the HSM to provide services for the producing and consuming the data, and

an identity provider communicatively coupled to the service provider to authenticate and authorize the multiple authorizors for providing the access to the HSM;

an user device executing a device app that in response to a user requesting access to the HSM or the data:

authenticates the user and multiple authorizors,

polls votes from the multiple authorizors and determines when a quorum approval for utilizing the data is met within a constraint,

authorizes the user with a temporary access to the data for use by one of the services upon the quorum approval in accordance with temporal and physical conditions; and

enforces the temporal conditions and the physical conditions on the temporary access to the HSM;

a bridge device communicatively coupled to an in-band network and an out-of-band network connected to the HSM that transfers data there between; and

a process daemon that is configurable via the device app and controls an air-gapped switching of data between the secure in-band network and the out-of-band network responsive to the quorum approval,

wherein the HSM comprises a quorum web service Applications Programming Interface (API) to enforce quorum policy and handle quorum requests related to the quorum approval,

wherein the process daemon by way of the bridge device transfers an image from a dev-ops platform to the HSM responsive to the device app receiving the quorum approval for the user performing a code signing ceremony,

wherein the HSM securely signs the image using private keys thereon to produce a signed image during the code signing ceremony,

and thereafter, the process daemon by way of the bridge device transfers the signed image from the HSM back to the dev-ops platform;

wherein

a build server provides out-of-band resources on the out-of-band network comprising code, artifacts, audit logs, configuration files, and the image,

the dev-ops platform sourcing the image provides out-of-band services on the out-of-band network; and

the HSM hosting the code signing ceremony provides in-band resources and services on the in-band network to provide a secure computing environment with controlled ingress and egress of the image, data or artifacts.