Preventing persistent storage of cryptographic information
First Claim
1. One or more non-transitory computer-readable storage media collectively stored thereon instructions that, as a result of being executed by one or more processors of a system, cause the system to:
- provide a second computer system using an image of a first computer system, the second computer system instantiated based at least in part on;
detecting a command to serialize the first computer system, the first computer system including computer system memory containing a plaintext representation of a cryptographic key;
generating and storing metadata associated with the cryptographic key, said metadata comprising functions registered by the first computing system, including operations to be performed for restoring the cryptographic key; and
executing the command by at least writing the image of the first computer system to persistent storage such that the image of the first computer system lacks the plaintext representation of the cryptographic key, the image usable to instantiate the first computer system without access to the plaintext representation of the cryptographic key;
perform at least one cryptographic operation based at least in part of the registered functions and operations to be performed for restoring the cryptographic key in the metadata, to cause the second computer system to operate with access to the plaintext representation of the cryptographic key; and
store the plaintext representation of the cryptographic key to memory of the second computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secure and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. A variety of methods may be used to protect access to keying material and prevent the keying material from being stored persistently.
-
Citations
22 Claims
-
1. One or more non-transitory computer-readable storage media collectively stored thereon instructions that, as a result of being executed by one or more processors of a system, cause the system to:
-
provide a second computer system using an image of a first computer system, the second computer system instantiated based at least in part on; detecting a command to serialize the first computer system, the first computer system including computer system memory containing a plaintext representation of a cryptographic key; generating and storing metadata associated with the cryptographic key, said metadata comprising functions registered by the first computing system, including operations to be performed for restoring the cryptographic key; and executing the command by at least writing the image of the first computer system to persistent storage such that the image of the first computer system lacks the plaintext representation of the cryptographic key, the image usable to instantiate the first computer system without access to the plaintext representation of the cryptographic key; perform at least one cryptographic operation based at least in part of the registered functions and operations to be performed for restoring the cryptographic key in the metadata, to cause the second computer system to operate with access to the plaintext representation of the cryptographic key; and store the plaintext representation of the cryptographic key to memory of the second computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for protecting cryptographic keys operated by a computing resource service provider, comprising:
-
providing a second computer system using serialized data corresponding to a first computer system, the second computer system instantiated based at least in part on; detecting that a serialization event will occur to the first computer system containing one or more plaintext cryptographic keys; storing metadata associated with the cryptographic key, the metadata comprising information corresponding to functions registered by the first computer system, including operations to be performed for restoring access to the plaintext representation of the cryptographic key; and causing one or more serialization operations corresponding to the serialization event to be performed such that the serialized data corresponding to the first computer system does not contain the one or more plaintext cryptographic keys; causing the second computer system to have access to the plaintext cryptographic key after completion of the serialization event based at least in part on at least one operation indicated in the metadata; and storing the plaintext cryptographic key on the second computer system. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system, comprising:
- one or more processors; and
memory with instructions that, as a result of being executed by the one or more processors, cause the system to;provide a second computer system using an image of a first computer system, the second computer system instantiated based at least in part on; for a first computer system that operates with access to a plaintext cryptographic key, serializing the first computer system to obtain the image of the first computer system that lacks the plaintext cryptographic key; encrypting the plaintext cryptographic key to generate an encrypted cryptographic key; storing metadata associated with the encrypted cryptographic key, said metadata comprising information corresponding to functions registered by the first computer system, including operations to be performed for restoring the cryptographic key; and causing the image of the first computer system to be persistently stored; decrypt the encrypted plaintext cryptographic key based at least in part on the metadata that indicates registered functions and operations to be performed in order to cause the second computer system to operate with access to the plaintext representation of the cryptographic key; and store the plaintext cryptographic key to memory associated with the second computer system. - View Dependent Claims (17, 18, 19, 20, 21, 22)
- one or more processors; and
Specification