Multiple authority data security and access
First Claim
1. A computer-implemented method, comprising:
- under the control of one or more computer systems that execute instructions,receiving, from a customer of a computing resource service provider, a request to perform one or more operations using a managed key that is inaccessible to the customer, the request including information that enables the computing resource service provider to select the managed key from other keys managed on behalf of customers of the computing resource service provider;
providing to the customer;
a data key; and
in addition to the data key, an encrypted data key;
receiving, from the customer, data encrypted under the data key; and
storing, in persistent storage, the encrypted data key and the data encrypted under the data key, wherein a customer key and the managed key that is inaccessible to the customer are collectively sufficient, but individually insufficient, to access the data in plaintext form from the persistent storage.
1 Assignment
0 Petitions
Accused Products
Abstract
A request to perform one or more operations using a second key that is inaccessible to a customer of a computing resource service provider is received from the customer, with the request including information that enables the computing resource service provider to select the second key from other keys managed on behalf of customers of the computing resource service provider. A first key, and in addition to the first key, an encrypted first key, is provided to the customer. Data encrypted under the first key is received from the customer. The encrypted first key and the data encrypted under the first key is caused to be stored in persistent storage, such that accessing the data, in plaintext form, from the persistent storage requires use of both a third key and the second key that is inaccessible to the customer.
214 Citations
20 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems that execute instructions, receiving, from a customer of a computing resource service provider, a request to perform one or more operations using a managed key that is inaccessible to the customer, the request including information that enables the computing resource service provider to select the managed key from other keys managed on behalf of customers of the computing resource service provider; providing to the customer; a data key; and in addition to the data key, an encrypted data key; receiving, from the customer, data encrypted under the data key; and storing, in persistent storage, the encrypted data key and the data encrypted under the data key, wherein a customer key and the managed key that is inaccessible to the customer are collectively sufficient, but individually insufficient, to access the data in plaintext form from the persistent storage. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A system, comprising:
-
a first service that includes one or more first processors and first memory including first instructions that, as a result of execution by the one or more first processors, cause the first service to; receive a first request, from a customer of a computing resource service provider, to perform one or more operations using first information that is inaccessible to the customer, the request including information that enables the computing resource service provider to select the first information from other keys managed on behalf of customers of the computing resource service provider; provide to the customer; a first cryptographic key; and in addition to the first cryptographic key, an encrypted first cryptographic key; and a second service that includes one or more second processors and second memory including second instructions that, as a result of execution by the one or more second processors, cause the second service to; receive a second request, from the customer, to store data encrypted under the first cryptographic key; and store, in persistent storage, the encrypted first cryptographic key and the data encrypted under the first cryptographic key wherein second information and the first information that is inaccessible to the customer are individually insufficient for accessing the data in plaintext form from the persistent storage. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, from a customer of a computing resource service provider, a request to perform one or more operations using a second key that is inaccessible to the customer, the request including information that enables the computing resource service provider to select the second key from other keys managed on behalf of customers of the computing resource service provider; provide to the customer; a first key; and in addition to the first key, an encrypted first key; receive, from the customer, data encrypted under the first key; and cause the encrypted first key and the data encrypted under the first key to be stored in persistent storage, wherein accessing the data in plaintext form from the persistent storage involves a collective use of both; the second key that is inaccessible to the customer; and a third key. - View Dependent Claims (17, 18, 19, 20)
-
Specification