Federated key management
First Claim
1. A first computer system, comprising:
- one or more processors; and
memory including instructions that, when executed by the one or more processors, cause the first computer system to;
store a set of one or more keys on the first computer system in association with a first key stored on a third party computer system different than the first computer system;
receive a request that requires use of the first key for fulfillment; and
as a result of the first key being held by the third party computer system, cause the third party computer system to;
use a second key from the set of one or more keys to determine whether the request should be fulfilled; and
as a result of determining that the request should be fulfilled, use the first key to perform one or more cryptographic operations.
1 Assignment
0 Petitions
Accused Products
Abstract
A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.
-
Citations
20 Claims
-
1. A first computer system, comprising:
-
one or more processors; and memory including instructions that, when executed by the one or more processors, cause the first computer system to; store a set of one or more keys on the first computer system in association with a first key stored on a third party computer system different than the first computer system; receive a request that requires use of the first key for fulfillment; and as a result of the first key being held by the third party computer system, cause the third party computer system to; use a second key from the set of one or more keys to determine whether the request should be fulfilled; and as a result of determining that the request should be fulfilled, use the first key to perform one or more cryptographic operations. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable storage media, having stored thereon instructions that, when executed by one or more processors of a first computer system, cause the first computer system to:
-
associate a set of one or more keys with a first key; use a second key from the set of one or more keys to determine whether to enable fulfillment of a request that requires the use of the first key for fulfillment; and cause a holder of the first key to use the first key in one or more cryptographic operations as a result of determining that fulfillment of the request should be enabled, wherein the holder is a third party computer system different than the first computer system. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method implemented by a first computer system, comprising:
-
associating a set of one or more keys with a first key; using a second key from the set of one or more keys to determine whether to enable fulfillment of a request that requires the use of the first key for fulfillment; and causing a holder of the first key to use the first key in one or more cryptographic operations as a result of determining that fulfillment of the request should be enabled, wherein the holder of the first key is a third party computer system different than the first computer system. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification