Durable key management
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving, by one or more computer systems, an application programming interface request whose fulfillment includes backing up a first cryptographic key, wherein the application programming interface request is a call to an application programming interface; and
fulfilling, by the one or more computer systems, the application programming interface request by at least;
obtaining the first cryptographic key;
determining a backup duration;
selecting, based at least in part on the backup duration, a public cryptographic key, the public cryptographic key selected from a plurality of public cryptographic keys, the plurality of public cryptographic keys having a corresponding set of private cryptographic keys stored in an offline repository;
encrypting the first cryptographic key such that the first cryptographic key is decryptable with a second cryptographic key;
encrypting the second cryptographic key using the selected public cryptographic key, the selected public cryptographic key having a corresponding private cryptographic key that is stored in the offline repository and scheduled to be destroyed at a future time; and
providing the encrypted first cryptographic key in response to the application programming interface request.
1 Assignment
0 Petitions
Accused Products
Abstract
Data is durably backed up for a limited amount of time. The data may be encrypted under a key and the key may be encrypted under a backup key. The backup key has a limited lifetime at the end of which the backup key is destroyed. After the backup key is destroyed, recoverability of the data depends on whether the key was deleted. In some examples, the data is a set of cryptographic keys.
35 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by one or more computer systems, an application programming interface request whose fulfillment includes backing up a first cryptographic key, wherein the application programming interface request is a call to an application programming interface; and fulfilling, by the one or more computer systems, the application programming interface request by at least; obtaining the first cryptographic key; determining a backup duration; selecting, based at least in part on the backup duration, a public cryptographic key, the public cryptographic key selected from a plurality of public cryptographic keys, the plurality of public cryptographic keys having a corresponding set of private cryptographic keys stored in an offline repository; encrypting the first cryptographic key such that the first cryptographic key is decryptable with a second cryptographic key; encrypting the second cryptographic key using the selected public cryptographic key, the selected public cryptographic key having a corresponding private cryptographic key that is stored in the offline repository and scheduled to be destroyed at a future time; and providing the encrypted first cryptographic key in response to the application programming interface request. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising at least one computing device that implements one or more services that:
-
obtain, as a result of a call to an application programming interface, data for backup; determine a backup duration; select, based at least in part on the backup duration, a backup key from a set of keys each having a corresponding expiration, the backup key stored to be programmatically inaccessible over a network; and use a first cryptographic key to generate an encrypted backup of the data such that; for a first amount of time corresponding to the backup duration, the data is recoverable, using the selected backup key, from the encrypted backup after fulfillment of a request to delete the first cryptographic key; and after the first amount of time has passed, the data is irrecoverable from the encrypted backup after fulfillment of the request to delete the first cryptographic key, wherein; the system generates the backup for fulfillment of the call to the application programming interface by at least encrypting the data to be decryptable using the first cryptographic key and encrypting the first cryptographic key to be decryptable using a second cryptographic key scheduled to be destroyed at a future time, the second cryptographic key being a private cryptographic key that corresponds to a public cryptographic key; and destruction of the second cryptographic key causes the data to become programmatically irrecoverable from the encrypted backup after fulfillment of the request to delete the first cryptographic key. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. One or more non-transitory computer-readable storage media having stored thereon executable instructions that, when executed by one or more processors of a system, cause the system to at least:
-
obtain, as a result of a call to an application programming interface, data for backup; encrypt the data such that the data is decryptable using a first cryptographic key; determine a backup duration; encrypt the first cryptographic key such that the first cryptographic key is decryptable using a second cryptographic key, the second cryptographic key managed so as to ensure a limited lifetime for the second cryptographic key corresponding to the backup duration after which the first cryptographic key is unrecoverable using the second cryptographic key, the limited lifetime being a result of the second cryptographic key being associated with a destruction time on a schedule of cryptographic key destruction, the second cryptographic key being a private cryptographic key corresponding to a public cryptographic key used to encrypt the first cryptographic key and being programmatically inaccessible over a network; and perform, an operation to fulfill the call to the application programming interface, cause the encrypted data to be persistently stored. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification