Key store service
First Claim
1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide a key store microservice for a multi-tenant cloud based identity management system, the providing comprising:
- receiving, over a network, a request from a client application to retrieve a tenant-specific key, the request including a tenancy identifier that identifies a tenant of a plurality of tenants of the multi-tenant cloud based identity management system, wherein the tenancy identifier comprises one of a customer tenancy type, a client tenancy type or a user tenancy type;
determining whether the key is present in a tenant-specific memory cache associated with the tenancy identifier; and
when the key is determined to be present in the tenant-specific memory cache;
retrieving the key from the tenant-specific memory cache;
retrieving a decryption key from a key wallet; and
decrypting the key retrieved from the tenant-specific memory cache using the decryption key retrieved from the key wallet;
when the key is determined not to be present in the tenant-specific memory cache;
retrieving the key from a tenant-specific database table associated with the tenancy identifier and based on a unique key property corresponding to the key, wherein the unique key property is stored in a separate column in the tenant-specific database table; and
sending, over the network, the key to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
A key store microservice is provided for a cloud based identity management system. The key store microservice receives, over a network, a request from a client application to retrieve a key, the request including a tenancy identifier, and determines whether the key is present in a tenant specific memory cache associated with the tenancy identifier. When the key is determined to be present in the tenant specific memory cache, the key store microservice retrieves the key from the tenant specific memory cache, retrieves a decryption key from a key wallet, decrypts the key retrieved from the tenant specific memory cache using the decryption key retrieved from the key wallet, and sends, over the network, the key to the client.
-
Citations
20 Claims
-
1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to provide a key store microservice for a multi-tenant cloud based identity management system, the providing comprising:
-
receiving, over a network, a request from a client application to retrieve a tenant-specific key, the request including a tenancy identifier that identifies a tenant of a plurality of tenants of the multi-tenant cloud based identity management system, wherein the tenancy identifier comprises one of a customer tenancy type, a client tenancy type or a user tenancy type; determining whether the key is present in a tenant-specific memory cache associated with the tenancy identifier; and when the key is determined to be present in the tenant-specific memory cache; retrieving the key from the tenant-specific memory cache; retrieving a decryption key from a key wallet; and decrypting the key retrieved from the tenant-specific memory cache using the decryption key retrieved from the key wallet; when the key is determined not to be present in the tenant-specific memory cache; retrieving the key from a tenant-specific database table associated with the tenancy identifier and based on a unique key property corresponding to the key, wherein the unique key property is stored in a separate column in the tenant-specific database table; and sending, over the network, the key to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing a key store microservice for a multi-tenant cloud based identity management system, the method comprising:
-
receiving, over a network, a request from a client application to retrieve a tenant-specific key, the request including a tenancy identifier that identifies a tenant of a plurality of tenants of the multi-tenant cloud based identity management system, wherein the tenancy identifier comprises one of a customer tenancy type, a client tenancy type or a user tenancy type; determining whether the key is present in a tenant-specific memory cache associated with the tenancy identifier; and when the key is determined to be present in the tenant-specific memory cache; retrieving the key from the tenant-specific memory cache; retrieving a decryption key from a key wallet; and decrypting the key retrieved from the tenant-specific memory cache using the decryption key retrieved from the key wallet; when the key is determined not to be present in the tenant-specific memory cache; retrieving the key from a tenant-specific database table associated with the tenancy identifier and based on a unique key property corresponding to the key, wherein the unique key property is stored in a separate column in the tenant-specific database table; and sending, over the network, the key to the client. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system comprising a server, coupled to a network, including a processor coupled to a memory storing instructions that, when executed by the processor, cause the processor to provide a key store microservice for a multi-tenant cloud based identity management system, the providing comprising:
-
receiving, over a network, a request from a client application to retrieve a tenant-specific key, the request including a tenancy identifier that identifies a tenant of a plurality of tenants of the multi-tenant cloud based identity management system, wherein the tenancy identifier comprises one of a customer tenancy type, a client tenancy type or a user tenancy type; determining whether the key is present in a tenant-specific memory cache associated with the tenancy identifier; and when the key is determined to be present in the tenant-specific memory cache; retrieving the key from the tenant-specific memory cache; retrieving a decryption key from a key wallet; decrypting the key retrieved from the tenant-specific memory cache using the decryption key retrieved from the key wallet; when the key is determined not to be present in the tenant-specific memory cache; retrieving the key from a tenant-specific database table associated with the tenancy identifier and based on a unique key property corresponding to the key, wherein the unique key property is stored in a separate column in the tenant-specific database table; and sending, over the network, the key to the client. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification