Data security operations with expectations
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving, from a requestor associated with a customer of a service provider, a web service request whose fulfillment includes performance of a cryptographic operation;
selecting, based at least in part on information in the web service request, a cryptographic key from a plurality of cryptographic keys managed by the service provider for a plurality of customers of the service provider;
determining a set of security expectations applicable to the web service request, the set of security expectations defining a set of conditions applicable to the selected cryptographic key that, when fulfilled and regardless of whether the selected cryptographic key is usable to perform the cryptographic operation, indicate that a result of the cryptographic operation is trusted;
evaluating the set of security expectations against the selected cryptographic key;
generating a response to the web service requests based at least in part on evaluation of the set of security expectations; and
providing the generated response.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptography service allows for management of cryptographic keys and for the evaluation of security expectations when processing incoming requests. In some contexts, the cryptography service, upon receiving a request to perform a cryptographic operation, evaluates a set of security expectations to determine whether the cryptographic key or keys usable to perform the cryptographic operation should be trusted. A response to the request is dependent on evaluation of the security expectations.
-
Citations
22 Claims
-
1. A computer-implemented method, comprising:
-
receiving, from a requestor associated with a customer of a service provider, a web service request whose fulfillment includes performance of a cryptographic operation; selecting, based at least in part on information in the web service request, a cryptographic key from a plurality of cryptographic keys managed by the service provider for a plurality of customers of the service provider; determining a set of security expectations applicable to the web service request, the set of security expectations defining a set of conditions applicable to the selected cryptographic key that, when fulfilled and regardless of whether the selected cryptographic key is usable to perform the cryptographic operation, indicate that a result of the cryptographic operation is trusted; evaluating the set of security expectations against the selected cryptographic key; generating a response to the web service requests based at least in part on evaluation of the set of security expectations; and providing the generated response. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising at least one computing device configured to implement one or more services, the one or more services configured to:
-
receive, from a client, a request to perform a cryptographic operation; determine a cryptographic key for performance of the cryptographic operation, the cryptographic key being from a set of cryptographic keys managed by the system; determine, based at least in part on information contained in the request, a set of conditions under which a result of performance of the cryptographic operation should be trusted by the client; generate, based at least in part on the cryptographic key and the determined set of conditions, a response to the request; and provide the generated response to the client. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium having stored thereon executable instructions that, when executed by one or more processors of a computer system, cause the computer system to provide a service that is configured to:
-
determine, based at least in part on information included in a request, from a requestor, whose fulfillment involves a cryptographic operation involving a cryptographic key, a set of conditions applicable to the cryptographic key for determining whether the requestor should trust a result of the cryptographic operation, the cryptographic key being from a set of cryptographic keys managed by the computer system for a plurality of entities, each with a corresponding subset of the set of cryptographic keys; evaluate the determined set of conditions to determine a manner of fulfilling the request; and as a result of evaluation of the determined set of conditions indicating the cryptographic key can be trusted, causing the cryptographic operation to be performed and the result of the cryptographic operation to be provided in response to the request. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
Specification