Durable key management

US 10,003,584 B1
Filed: 09/02/2014
Issued: 06/19/2018
Est. Priority Date: 09/02/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by one or more computer systems, an application programming interface request whose fulfillment includes backing up a first cryptographic key, wherein the application programming interface request is a call to an application programming interface; and

fulfilling, by the one or more computer systems, the application programming interface request by at least;

obtaining the first cryptographic key;

determining a backup duration;

selecting, based at least in part on the backup duration, a public cryptographic key, the public cryptographic key selected from a plurality of public cryptographic keys, the plurality of public cryptographic keys having a corresponding set of private cryptographic keys stored in an offline repository;

encrypting the first cryptographic key such that the first cryptographic key is decryptable with a second cryptographic key;

encrypting the second cryptographic key using the selected public cryptographic key, the selected public cryptographic key having a corresponding private cryptographic key that is stored in the offline repository and scheduled to be destroyed at a future time; and

providing the encrypted first cryptographic key in response to the application programming interface request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data is durably backed up for a limited amount of time. The data may be encrypted under a key and the key may be encrypted under a backup key. The backup key has a limited lifetime at the end of which the backup key is destroyed. After the backup key is destroyed, recoverability of the data depends on whether the key was deleted. In some examples, the data is a set of cryptographic keys.

35 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- receiving, by one or more computer systems, an application programming interface request whose fulfillment includes backing up a first cryptographic key, wherein the application programming interface request is a call to an application programming interface; and
  
  fulfilling, by the one or more computer systems, the application programming interface request by at least;
  
  obtaining the first cryptographic key;
  
  determining a backup duration;
  
  selecting, based at least in part on the backup duration, a public cryptographic key, the public cryptographic key selected from a plurality of public cryptographic keys, the plurality of public cryptographic keys having a corresponding set of private cryptographic keys stored in an offline repository;
  
  encrypting the first cryptographic key such that the first cryptographic key is decryptable with a second cryptographic key;
  
  encrypting the second cryptographic key using the selected public cryptographic key, the selected public cryptographic key having a corresponding private cryptographic key that is stored in the offline repository and scheduled to be destroyed at a future time; and
  
  providing the encrypted first cryptographic key in response to the application programming interface request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein:
    - providing the encrypted first cryptographic key in response to the application programming interface request includes providing a backup object that encodes the encrypted first cryptographic key and an expiration for restoration of the first cryptographic key; and
      
      the method further comprises receiving a request to restore the first cryptographic key after the expiration has passed and, as a result of the expiration having passed, denying the request.
  - 3. The computer-implemented method of claim 2, wherein the backup object further comprises the encrypted second cryptographic key.
  - 4. The computer-implemented method of claim 1, further comprising:
    - destroying the private cryptographic key as scheduled; and
      
      after the private cryptographic key is destroyed,fulfilling a request to restore the first cryptographic key by using the second cryptographic key to obtain the first cryptographic key.
  - 5. The computer-implemented method of claim 4, wherein:
    - encrypting the first cryptographic key includes encrypting the first cryptographic key with one or more restrictions on the first cryptographic key; and
      
      the method further comprises;
      
      receiving a request to extend a durability duration of the first cryptographic key;
      
      decrypting the encrypted first cryptographic key to obtain the one or more restrictions;
      
      determining that extension of the durability duration complies with the one or more restrictions;
      
      encrypting the first cryptographic key together with the one or more restrictions using a third cryptographic key; and
      
      encrypting the third cryptographic key with another public cryptographic key from the plurality of public cryptographic keys, the public cryptographic key scheduled to be destroyed at a second future time later than the future time.
  - 6. The computer-implemented method of claim 1, further comprising:
    - selecting, from the set of private cryptographic keys, a subset of expired private cryptographic keys;
      
      causing the selected subset to become inaccessible; and
      
      adding, to the set of private cryptographic keys, one or more additional private cryptographic keys each with a corresponding expiration in the future.

7. A system, comprising at least one computing device that implements one or more services that:
- obtain, as a result of a call to an application programming interface, data for backup;
  
  determine a backup duration;
  
  select, based at least in part on the backup duration, a backup key from a set of keys each having a corresponding expiration, the backup key stored to be programmatically inaccessible over a network; and
  
  use a first cryptographic key to generate an encrypted backup of the data such that;
  
  for a first amount of time corresponding to the backup duration, the data is recoverable, using the selected backup key, from the encrypted backup after fulfillment of a request to delete the first cryptographic key; and
  
  after the first amount of time has passed, the data is irrecoverable from the encrypted backup after fulfillment of the request to delete the first cryptographic key, wherein;
  
  the system generates the backup for fulfillment of the call to the application programming interface by at least encrypting the data to be decryptable using the first cryptographic key and encrypting the first cryptographic key to be decryptable using a second cryptographic key scheduled to be destroyed at a future time, the second cryptographic key being a private cryptographic key that corresponds to a public cryptographic key; and
  
  destruction of the second cryptographic key causes the data to become programmatically irrecoverable from the encrypted backup after fulfillment of the request to delete the first cryptographic key.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the data for backup comprises a second cryptographic key.
  - 9. The system of claim 7, wherein the generated encrypted backup is contained in a backup object that encodes an expiration for restorability of the data such that, after the expiration, the system will deny a request to restore the data.
  - 10. The system of claim 7, wherein the backup key is stored in an offline repository.
  - 11. The system of claim 7, wherein the encrypted backup is in a backup object that specifies a policy defining a set of conditions for restoration of the data that the system is configured to enforce.
  - 12. The system of claim 7, wherein:
    - the first cryptographic key is backed up for a limited time enforced by the system; and
      
      the data is restorable using the first cryptographic key after the limited time if the request to delete the first cryptographic key has not been received.
  - 13. The system of claim 7, wherein the data is backed up by encoding the encrypted data in a backup object that includes the first cryptographic key in encrypted form, the first cryptographic key being decryptable using a second cryptographic key that is scheduled to be destroyed at a future time.

14. One or more non-transitory computer-readable storage media having stored thereon executable instructions that, when executed by one or more processors of a system, cause the system to at least:
- obtain, as a result of a call to an application programming interface, data for backup;
  
  encrypt the data such that the data is decryptable using a first cryptographic key;
  
  determine a backup duration;
  
  encrypt the first cryptographic key such that the first cryptographic key is decryptable using a second cryptographic key, the second cryptographic key managed so as to ensure a limited lifetime for the second cryptographic key corresponding to the backup duration after which the first cryptographic key is unrecoverable using the second cryptographic key, the limited lifetime being a result of the second cryptographic key being associated with a destruction time on a schedule of cryptographic key destruction, the second cryptographic key being a private cryptographic key corresponding to a public cryptographic key used to encrypt the first cryptographic key and being programmatically inaccessible over a network; and
  
  perform, an operation to fulfill the call to the application programming interface, cause the encrypted data to be persistently stored.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The one or more non-transitory computer-readable storage media of claim 14, wherein the data is a cryptographic key stored by the system for use in performing cryptographic operations.
  - 16. The one or more non-transitory computer-readable storage media of claim 14, wherein:
    - the system is operated by a service provider; and
      
      the instructions that cause the system to cause the data to be persistently stored, when executed by the one or more processors, cause the system to provide the encrypted data to a customer of the service provider to which the data corresponds.
  - 17. The one or more non-transitory computer-readable storage media of claim 14, wherein the second cryptographic key is stored in an offline repository.
  - 18. The one or more non-transitory computer-readable storage media of claim 14, wherein the instructions further include instructions that, when executed by the one or more processors, cause the system to provide the application programming interface through which the call is submitted to cause the system to delete the first cryptographic key.
  - 19. The one or more non-transitory computer-readable storage media of claim 14, wherein obtaining the data for backup, encrypting the data, encrypting the first cryptographic key, and causing the encrypted data to be persistently stored are performed as a result of the call made to the application programming interface.
  - 20. The one or more non-transitory computer-readable storage media of claim 14, wherein the data comprises multiple cryptographic keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Rubin, Gregory Alan
Primary Examiner(s)
Abedin, Shanto M

Application Number

US14/475,457
Time in Patent Office

1,386 Days
Field of Search

713150, 713164, 713193, 380277
US Class Current
CPC Class Codes

H04L 2463/062   applying encryption of the ...

H04L 63/068   using time-dependent keys, ...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0891   Revocation or update of sec...

H04L 9/0897   involving additional device...

Durable key management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Durable key management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links