Probabilistic key rotation
First Claim
Patent Images
1. A computer-implemented method, comprising:
- obtaining a request to perform an operation, the performance of which involves an encryption operation using a first cryptographic key specified in the request;
causing a device to perform the encryption operation using the first cryptographic key;
determining, based at least in part on a stochastic process, to cause a counter to be updated; and
based at least in part on the counter satisfying a set of key rotation criteria, causing the first cryptographic key to be replaced with a second cryptographic key, the set of key rotation criteria having a probability of being satisfied that is associated with a frequency of key rotation.
1 Assignment
0 Petitions
Accused Products
Abstract
Information, such as a cryptographic key, is used repeatedly in the performance of operations, such as certain cryptographic operations. To prevent repeated use of the information from enabling security breaches, the information is rotated (replaced with other information). To avoid the resource costs of maintaining a counter on the number of operations performed, decisions of when to rotate the information are performed based at least in part on the output of stochastic processes.
207 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
obtaining a request to perform an operation, the performance of which involves an encryption operation using a first cryptographic key specified in the request; causing a device to perform the encryption operation using the first cryptographic key; determining, based at least in part on a stochastic process, to cause a counter to be updated; and based at least in part on the counter satisfying a set of key rotation criteria, causing the first cryptographic key to be replaced with a second cryptographic key, the set of key rotation criteria having a probability of being satisfied that is associated with a frequency of key rotation. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
one or more processors; and memory storing instructions that, as a result of execution by the one or more processors, cause the system to; obtain a request to perform an operation, the performance of which involves an encryption operation using a first cryptographic key specified in the request; cause a device to perform the encryption operation using the first cryptographic key; determine, based at least in part on a stochastic process, to cause a counter to be updated; and based at least in part on the counter satisfying a set of key rotation criteria, cause the first cryptographic key to be replaced with a second cryptographic key, the set of key rotation criteria having a probability of being satisfied that is associated with a frequency of key rotation. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer-readable storage medium having stored thereon instructions that, as a result of execution by one or more processors of a system, cause the system to:
-
obtain a request to perform an operation, the performance of which involves an encryption operation using a first cryptographic key specified in the request; cause a device to perform the encryption operation using the first cryptographic key; determine, based at least in part on a stochastic process, to cause a counter to be updated; and based at least in part on the counter satisfying a set of key rotation criteria, cause the first cryptographic key to be replaced with a second cryptographic key, the set of key rotation criteria having a probability of being satisfied that is associated with a frequency of key rotation. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification