Data security using request-supplied keys
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving a request over a network, the request specifying data and including an encrypted cryptographic key, wherein the data is not included in the request;
causing the encrypted cryptographic key to be decrypted by at least transmitting the encrypted cryptographic key to another entity for decryption, thereby resulting in a decrypted cryptographic key;
performing one or more cryptographic operations on the specified data using the decrypted cryptographic key to encrypt the specified data to fulfill the request; and
providing a result of performing the one or more cryptographic operations.
1 Assignment
0 Petitions
Accused Products
Abstract
Requests are submitted to a request processing entity where the requests include a cryptographic key to be used in fulfilling the request. The request processing entity, upon receipt of the request, extracts the key from the request and uses the key to perform one or more cryptographic operations to fulfill the request. The one or more cryptographic operations may include encryption/decryption of data that to be/is stored, in encrypted form, by a subsystem of the request processing entity. Upon fulfillment of the request, the request processing entity may perform one or more operations to lose access to the key in the request, thereby losing the ability to use the key.
217 Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
receiving a request over a network, the request specifying data and including an encrypted cryptographic key, wherein the data is not included in the request; causing the encrypted cryptographic key to be decrypted by at least transmitting the encrypted cryptographic key to another entity for decryption, thereby resulting in a decrypted cryptographic key; performing one or more cryptographic operations on the specified data using the decrypted cryptographic key to encrypt the specified data to fulfill the request; and providing a result of performing the one or more cryptographic operations. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
one or more processors; and memory including instructions that, as a result of execution by the one or more processors, cause the system to; receive, from a requestor over a network, a request whose fulfillment involves performance of one or more cryptographic operations on data specified in the request using information that comprises an encrypted cryptographic key supplied in the request, wherein the data is not included in the request; perform the one or more cryptographic operations on the specified data using the encrypted cryptographic key supplied in the request, including causing the encrypted cryptographic key supplied in the request to be decrypted by at least transmitting the encrypted cryptographic key to another entity for decryption, thereby resulting in a decrypted cryptographic key, and using the decrypted cryptographic key to encrypt the specified data; and provide a result of performing the one or more cryptographic operations. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium having stored thereon instructions that, if executed by one or more processors of a computer system, cause the computer system to:
-
receive, from a requestor over a network, a request whose fulfillment involves performance of one or more cryptographic operations on data specified in the request using information that comprises an encrypted cryptographic key supplied in the request, wherein the data is not included in the request; perform the one or more cryptographic operations on the specified data, using the encrypted cryptographic key supplied in the request, including causing the encrypted cryptographic key supplied in the request to be decrypted by at least transmitting the encrypted cryptographic key to another entity for decryption, thereby resulting in a decrypted cryptographic key, and using the decrypted cryptographic key to encrypt the specified data; and provide a result of performing the one or more cryptographic operations. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification