Secure data destruction in a distributed environment using key protection mechanisms

US 10,616,194 B2
Filed: 07/10/2017
Issued: 04/07/2020
Est. Priority Date: 11/12/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

providing a virtual machine instance with access to a cryptographic key;

storing information that indicates that the cryptographic key has been prevented from being accessible from outside of the virtual machine instance, wherein the information comprises a condition that indicates the cryptographic key is precluded from being persistently stored in a location outside of the virtual machine instance; and

making data that has been encrypted using the cryptographic key inaccessible, during a serialization operation, by at least;

processing a request to delete the data, under the control of a virtual machine manager associated with the virtual machine instance, by at least verifying the information; and

deleting, by the virtual machine manager, the cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.

81 Citations

View as Search Results

19 Claims

1. A computer-implemented method, comprising:
- providing a virtual machine instance with access to a cryptographic key;
  
  storing information that indicates that the cryptographic key has been prevented from being accessible from outside of the virtual machine instance, wherein the information comprises a condition that indicates the cryptographic key is precluded from being persistently stored in a location outside of the virtual machine instance; and
  
  making data that has been encrypted using the cryptographic key inaccessible, during a serialization operation, by at least;
  
  processing a request to delete the data, under the control of a virtual machine manager associated with the virtual machine instance, by at least verifying the information; and
  
  deleting, by the virtual machine manager, the cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein deleting the cryptographic key further comprises causing, by the virtual machine manager, the cryptographic key to be removed from a location of a memory of the virtual machine instance.
  - 3. The computer-implemented method of claim 1, wherein making data that has been encrypted using the cryptographic key inaccessible further comprises obtaining the information from storage.
  - 4. The computer-implemented method of claim 1, wherein the information indicates that the cryptographic key has not been obtained by a computing resource outside of the virtual machine instance.
  - 5. The computer-implemented method of claim 1, wherein making data inaccessible is done without, for at least an amount of time, deleting the data.
  - 6. The computer-implemented method of claim 1, further comprising deleting the cryptographic key based at least in part on a set of conditions indicated as satisfied by the information.

7. A system, comprising:
- one or more processors; and
  
  memory that stores computer-executable instructions that, as a result of being executed by the one or more processors, cause the system to;
  
  provide a computer system instance with access to a cryptographic key;
  
  maintain information that indicates whether the cryptographic key has been exposed outside of the computer system; and
  
  render plain text versions of data encrypted with the cryptographic key inaccessible, during one or more serialization operations, by at least, using a virtual machine manager associated with the computer system instance to delete the cryptographic key based at least in part on a verification of the information, wherein the information comprises a condition that indicates the cryptographic key is prevented from being persistently stored in a location outside of the computer system instance.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein memory further includes computer-executable instructions that, as a result of being executed by the one or more processors, cause the system to:
    - detect an operation performed by the computer system instance using the cryptographic key; and
      
      update the information associated with usage of the cryptographic key.
  - 9. The system of claim 7, wherein the information associated with usage of the cryptographic key includes an audit log.
  - 10. The system of claim 7, wherein the computer-executable instructions that render plain text versions of data encrypted with the cryptographic key inaccessible further comprise computer-executable instructions that, as a result of being executed by the one or more processors, cause the system to transmit a request to delete the cryptographic key to a cryptographic key management module.
  - 11. The system of claim 7, wherein the information associated with usage of the cryptographic key indicates that the cryptographic key has not been persistently stored during the one or more serialization operations.
  - 12. The system of claim 7, wherein deleting the cryptographic key based at least in part on the information further comprises determining that a set of conditions on the cryptographic key has not been violated.

13. A non-transitory computer-readable storage medium comprising stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
- provision a computer instance with a key to encrypt data;
  
  store information that indicates that the key has been prevented from being accessible from outside of the computer instance during serialization operations;
  
  obtain a request to delete data encrypted with the key; and
  
  fulfil the request by at least;
  
  processing the request, under the control of a virtual machine manager associated with the computer instance, by at least determining that a set of conditions on the key has not been violated based at least in part on the information, wherein the set of conditions comprises a first condition that indicates the key is precluded from being persistently stored in a location outside of the computer instance; and
  
  causing, by the virtual machine manager, the key to be deleted.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to:
    - detect an encryption operation performed by the computer instance; and
      
      update the information based at least in part on the encryption operation.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the instructions that cause the computer system to determine that the set of conditions on the key has not been violated further include instructions that cause the computer system to trace an audit log to obtain the information.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the instructions that cause the computer system to cause the key to be deleted further include instructions that cause the computer system to, for an interval of time, cause the key to be deleted without deleting the data encrypted with the key.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the information associated with the key indicates that the key has not been persisted during serialization operations.
  - 18. The non-transitory computer-readable storage medium of claim 17, wherein a condition of the set of conditions on the key indicates that the key is not to be persisted during serialization operations.
  - 19. The non-transitory computer-readable storage medium of claim 13, wherein a condition of the set of conditions on the key indicates that the key is to be encrypted with a second key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Cignetti, Todd Lawrence, Doane, Andrew J., Brandwine, Eric Jason, Fitzgerald, Robert Eric
Primary Examiner(s)
Lagor, Alexander
Assistant Examiner(s)
Lane, Gregory A

Application Number

US15/645,936
Publication Number

US 20180069844A1
Time in Patent Office

1,002 Days
Field of Search

713168, 713171
US Class Current
CPC Class Codes

G06F 9/45533   Hypervisors; Virtual machin...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0876   based on the identity of th...

H04L 9/3247   involving digital signatures

Secure data destruction in a distributed environment using key protection mechanisms

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data destruction in a distributed environment using key protection mechanisms

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links