Probabilistic key rotation
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving a request to perform an operation, the performance of which involves an encryption operation using a first cryptographic key specified in the request;
causing a device to perform the encryption operation using the first cryptographic key;
obtaining a stochastically-generated value; and
based at least in part on the stochastically-generated value satisfying a set of key rotation criteria, causing the first cryptographic key to be replaced with a second cryptographic key, the set of key rotation criteria having a probability of being satisfied that is associated with a frequency of key rotation.
1 Assignment
0 Petitions
Accused Products
Abstract
Information, such as a cryptographic key, is used repeatedly in the performance of operations, such as certain cryptographic operations. To prevent repeated use of the information from enabling security breaches, the information is rotated (replaced with other information). To avoid the resource costs of maintaining a counter on the number of operations performed, decisions of when to rotate the information are performed based at least in part on the output of stochastic processes.
167 Citations
23 Claims
-
1. A computer-implemented method, comprising:
-
receiving a request to perform an operation, the performance of which involves an encryption operation using a first cryptographic key specified in the request; causing a device to perform the encryption operation using the first cryptographic key; obtaining a stochastically-generated value; and based at least in part on the stochastically-generated value satisfying a set of key rotation criteria, causing the first cryptographic key to be replaced with a second cryptographic key, the set of key rotation criteria having a probability of being satisfied that is associated with a frequency of key rotation. - View Dependent Claims (2, 3, 4, 5, 6, 21, 22, 23)
-
-
7. A system, comprising:
-
one or more processors; and memory storing instructions that, if executed by the one or more processors, cause the system to; determine a stochastically-generated value; based at least in part on the stochastically-generated value satisfying a set of rotation criteria, replace first information with second information, the set of rotation criteria having a probability of being satisfied associated with a frequency of key rotation; and based at least in part on the stochastically generated value failing to satisfy the set of rotation criteria, allow the first information to be used to perform an operation at least one additional time in response to a request. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable storage medium having stored thereon instructions that, if executed by one or more processors of a system, cause the system to:
-
probabilistically generate rotation determinations, each rotation determination indicating whether to replace first information with second information for processing requests, wherein a probability of a result of the generated rotation determination being positive is associated with a frequency of the first information being replaced with the second information; based at least in part on a result of a generated rotation determination being positive, cause the first information used in processing requests to be replaced with the second information; and based at least in part on a generated rotation determination being negative, allow the first information to be used for processing additional requests to be processed using the first information. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification