Key generation and rollover
First Claim
1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to generate and roll over keys for a key store of a cloud based identity management system that comprises a plurality of services, the generating and rolling over comprising:
- generating a key set including a previous key and a previous key expiration time, a current key and a current key expiration time, and a next key and a next key expiration time;
storing the key set in a database table, wherein the database table is a tenant-specific database table associated with a tenancy identifier;
storing the key set in a memory cache associated with the database table, wherein the memory cache is a tenant-specific memory cache associated with the tenancy identifier; and
at the current key expiration time, rolling over the key set to generate a rolled over key set, including;
retrieving the key set from the database table;
updating the previous key and the previous key expiration time with the current key and the current key expiration time;
updating the current key and the current key expiration time with the next key and the next key expiration time;
generating a new key and a new key expiration time;
updating the next key and the next key expiration time with the new key and the new key expiration time;
storing the rolled over key set in the database table;
determining if the key set was successfully rolled over; and
when the key set was determined to be successfully rolled over, storing the rolled over key set in the memory cache;
in response to a request from a client application to retrieve a key set, the request including the tenancy identifier, providing the key set, including the previous key and the previous key expiration time, the current key and the current key expiration time, and the next key and the next key expiration time, to the client application, wherein the client application comprises one of the plurality of services;
when the request from the client application to retrieve the key set is received during the rolling over the key set and before the key set was determined to be successfully rolled over, retrieving the key set from the tenant-specific memory cache associated with the tenancy identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
Key generation and roll over is provided for a cloud based identity management system. A key set is generated that includes a previous key and expiration time, a current key and expiration time, and a next key and expiration time, and stores the key set in a database table and a memory cache associated with the database table. At the current key expiration time, the key set is rolled over, including retrieving the key set from the database table, updating the previous key and expiration time with the current key and expiration time, updating the current key and expiration time with the next key and expiration time, generating a new key and expiration time, updating the next key and expiration time with the new key and expiration time, and updating the key set in the database table and the memory cache.
332 Citations
20 Claims
-
1. A non-transitory computer-readable medium having instructions stored thereon that, when executed by a processor, cause the processor to generate and roll over keys for a key store of a cloud based identity management system that comprises a plurality of services, the generating and rolling over comprising:
-
generating a key set including a previous key and a previous key expiration time, a current key and a current key expiration time, and a next key and a next key expiration time; storing the key set in a database table, wherein the database table is a tenant-specific database table associated with a tenancy identifier; storing the key set in a memory cache associated with the database table, wherein the memory cache is a tenant-specific memory cache associated with the tenancy identifier; and at the current key expiration time, rolling over the key set to generate a rolled over key set, including; retrieving the key set from the database table; updating the previous key and the previous key expiration time with the current key and the current key expiration time; updating the current key and the current key expiration time with the next key and the next key expiration time; generating a new key and a new key expiration time; updating the next key and the next key expiration time with the new key and the new key expiration time; storing the rolled over key set in the database table; determining if the key set was successfully rolled over; and when the key set was determined to be successfully rolled over, storing the rolled over key set in the memory cache; in response to a request from a client application to retrieve a key set, the request including the tenancy identifier, providing the key set, including the previous key and the previous key expiration time, the current key and the current key expiration time, and the next key and the next key expiration time, to the client application, wherein the client application comprises one of the plurality of services; when the request from the client application to retrieve the key set is received during the rolling over the key set and before the key set was determined to be successfully rolled over, retrieving the key set from the tenant-specific memory cache associated with the tenancy identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for generating and rolling over keys for a key store of a cloud based identity management system that comprises a plurality of services, the method comprising:
-
generating a key set including a previous key and a previous key expiration time, a current key and a current key expiration time, and a next key and a next key expiration time; storing the key set in a database table, wherein the database table is a tenant-specific database table associated with a tenancy identifier; storing the key set in a memory cache associated with the database table, wherein the memory cache is a tenant-specific memory cache associated with the tenancy identifier; and at the current key expiration time, rolling over the key set to generate a rolled over key set, including; retrieving the key set from the database table; updating the previous key and the previous key expiration time with the current key and the current key expiration time; updating the current key and the current key expiration time with the next key and the next key expiration time; generating a new key and a new key expiration time; updating the next key and the next key expiration time with the new key and the new key expiration time; storing the rolled over key set in the database table; determining if the key set was successfully rolled over; and when the key set was determined to be successfully rolled over, storing the rolled over key set in the memory cache; in response to a request from a client application to retrieve a key set, the request including the tenancy identifier, providing the key set, including the previous key and the previous key expiration time, the current key and the current key expiration time, and the next key and the next key expiration time, to the client application, wherein the client application comprises one of the plurality of services; when the request from the client application to retrieve the key set is received during the rolling over the key set and before the key set was determined to be successfully rolled over, retrieving the key set from the tenant-specific memory cache associated with the tenancy identifier. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system comprising a server, coupled to a network, including a processor coupled to a memory storing instructions that, when executed by the processor, cause the processor to generate and roll-over keys for a key store of a cloud based identity management system that comprises a plurality of services, the generating and rolling over comprising:
-
generating a key set including a previous key and a previous key expiration time, a current key and a current key expiration time, and a next key and a next key expiration time; storing the key set in a database table, wherein the database table is a tenant-specific database table associated with a tenancy identifier; storing the key set in a memory cache associated with the database table, wherein the memory cache is a tenant-specific memory cache associated with the tenancy identifier; and at the current key expiration time, rolling over the key set to generate a rolled over key set, including; retrieving the key set from the database table; updating the previous key and the previous key expiration time with the current key and the current key expiration time; updating the current key and the current key expiration time with the next key and the next key expiration time; generating a new key and a new key expiration time; updating the next key and the next key expiration time with the new key and the new key expiration time; storing the rolled over key set in the database table; determining if the key set was successfully rolled over; and when the key set was determined to be successfully rolled over, storing the rolled over key set in the memory cache; in response to a request from a client application to retrieve a key set, the request including the tenancy identifier, providing the key set, including the previous key and the previous key expiration time, the current key and the current key expiration time, and the next key and the next key expiration time, to the client application, wherein the client application comprises one of the plurality of services; when the request from the client application to retrieve the key set is received during the rolling over the key set and before the key set was determined to be successfully rolled over, retrieving the key set from the tenant-specific memory cache associated with the tenancy identifier. - View Dependent Claims (17, 18, 19, 20)
-
Specification