×

Key rotation with external workflows

  • US 10,630,662 B1
  • Filed: 02/24/2016
  • Issued: 04/21/2020
  • Est. Priority Date: 05/17/2012
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • generating, by a computing system for a client, a keypair for distribution to a computing resource of the computing system over an internal network to the computing system, the computing resource accessible to the client over an external network to the computing system, the keypair unavailable to the client for use on the computing resource until activation of the keypair based at least in part on a workflow;

    the keypair generated based at least in part on a security policy specifying a time-based rotation of keypairs within the computing system;

    selecting, by the computing system, a workflow template for the workflow based at least in part on a class of the keypair, the workflow template defined for the class of the keypair based at least in part on input of an administrator of the computing system, the workflow template specifying actions within the computing system to complete the activation of the keypair based at least in part on the class of the keypair;

    performing, by the computing system, the actions within the computing system to complete the workflow;

    associating, by the computing system, the keypair with an active status based at least in part on completion of the workflow;

    distributing, by the computing system based at least in part on the active status, the keypair to the computing resource over the internal network without sending the keypair to the client, the keypair distributed to the computing resource as a non-preferred keypair, the distributing comprising replacing, for the client, an existing keypair with the keypair based at least in part on the time-based rotation;

    receiving, by the computing system from the computing resource, an acknowledgement about receipt of the keypair by the computing resource; and

    providing, by the computing system to the computing resource and based at least in part on the acknowledgment, instructions about using the keypair for the client as a preferred keypair, the keypair becoming available to the client on the computing resource over the external network based at least in part on the keypair being the preferred keypair.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×