Unified management of cryptographic keys using virtual keys and referrals
First Claim
Patent Images
1. A computer-implemented method, comprising:
- obtaining a request from a computing entity to perform an operation, the request specifying a key identifier;
selecting, based at least in part on the key identifier, a key from a set of keys managed on behalf of the computing entity, the set of keys including a subset of virtual keys, the subset of virtual keys being associated with a set of cryptographic keys that is stored in a computing device;
as a result of the key being a member of the subset of virtual keys, determining configuration information usable to access a cryptographic key of the set of cryptographic keys stored in the computing device, wherein the cryptographic key is associated with the member of the subset of virtual keys;
obtaining the cryptographic key from the computing device according to the configuration information; and
performing, using the cryptographic key, the operation to fulfill the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptography service allows for management of cryptographic keys in multiple environments. The service allows for specification of policies applicable to cryptographic keys, such as what cryptographic algorithms should be used in which contexts. The cryptography service, upon receiving a request for a key, may provide a referral to another system to obtain the key.
4 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
obtaining a request from a computing entity to perform an operation, the request specifying a key identifier; selecting, based at least in part on the key identifier, a key from a set of keys managed on behalf of the computing entity, the set of keys including a subset of virtual keys, the subset of virtual keys being associated with a set of cryptographic keys that is stored in a computing device; as a result of the key being a member of the subset of virtual keys, determining configuration information usable to access a cryptographic key of the set of cryptographic keys stored in the computing device, wherein the cryptographic key is associated with the member of the subset of virtual keys; obtaining the cryptographic key from the computing device according to the configuration information; and performing, using the cryptographic key, the operation to fulfill the request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising memory storing executable instructions that, as a result of execution by one or more processors, cause the system to:
-
obtain, from an entity, a first request to perform an operation, the first request indicating a key identifier; determine the key identifier is associated with a key of a set of cryptographic keys that is stored in a computing device; determine configuration information usable to access a cryptographic key of the set of cryptographic keys; submit a second request to obtain, using the configuration information, the cryptographic key from the computing device; and execute, using the cryptographic key, the operation to fulfill the first request. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium to store executable instructions that, if executed by one or more processors of a computer system, cause the computer system to:
-
obtain, from a first computing device, a first request, the first request indicating a key identifier; determine that the first request indicates a referral to a second computing device; obtain, from the second computing device, a key associated with the key identifier; and execute, in association with the key, an operation as part of fulfillment of the first request. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification