Secure data destruction in a distributed environment using key protection mechanisms
First Claim
Patent Images
1. A computer-implemented method, comprising:
- providing a virtual machine instance with access to a cryptographic key;
storing information that indicates that the cryptographic key has been prevented from being accessible from outside of the virtual machine instance, wherein the information comprises a condition that indicates the cryptographic key is precluded from being persistently stored in a location outside of the virtual machine instance; and
making data that has been encrypted using the cryptographic key inaccessible, during a serialization operation, by at least;
processing a request to delete the data, under the control of a virtual machine manager associated with the virtual machine instance, by at least verifying the information; and
deleting, by the virtual machine manager, the cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.
81 Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
providing a virtual machine instance with access to a cryptographic key; storing information that indicates that the cryptographic key has been prevented from being accessible from outside of the virtual machine instance, wherein the information comprises a condition that indicates the cryptographic key is precluded from being persistently stored in a location outside of the virtual machine instance; and making data that has been encrypted using the cryptographic key inaccessible, during a serialization operation, by at least; processing a request to delete the data, under the control of a virtual machine manager associated with the virtual machine instance, by at least verifying the information; and deleting, by the virtual machine manager, the cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system, comprising:
-
one or more processors; and memory that stores computer-executable instructions that, as a result of being executed by the one or more processors, cause the system to; provide a computer system instance with access to a cryptographic key; maintain information that indicates whether the cryptographic key has been exposed outside of the computer system; and render plain text versions of data encrypted with the cryptographic key inaccessible, during one or more serialization operations, by at least, using a virtual machine manager associated with the computer system instance to delete the cryptographic key based at least in part on a verification of the information, wherein the information comprises a condition that indicates the cryptographic key is prevented from being persistently stored in a location outside of the computer system instance. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium comprising stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
provision a computer instance with a key to encrypt data; store information that indicates that the key has been prevented from being accessible from outside of the computer instance during serialization operations; obtain a request to delete data encrypted with the key; and fulfil the request by at least; processing the request, under the control of a virtual machine manager associated with the computer instance, by at least determining that a set of conditions on the key has not been violated based at least in part on the information, wherein the set of conditions comprises a first condition that indicates the key is precluded from being persistently stored in a location outside of the computer instance; and causing, by the virtual machine manager, the key to be deleted. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification