ENCRYPTION KEY STORAGE
First Claim
1. A computer-implemented method for encryption key storage comprising:
- associating each of a plurality of identifiers with a different one of a plurality of key fragment stores;
determining a plurality of indexes, wherein each of the plurality of indexes is based upon a handle provided by a customer, an authorization token provided by the customer, and a different one of the plurality of identifiers;
partitioning an encryption key provided by the customer into a number of encryption key fragments; and
distributing the plurality of indexes and the number of encryption key fragments to the plurality of key fragment stores.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and machine-readable and executable instructions are provided for encryption key storage. Encryption key storage may include associating each of a plurality of identifiers with a different one of a plurality of key fragment stores, determining a plurality of indexes, where each of the plurality of indexes is based upon a handle provided by a customer, an authorization token provided by the customer, and a different one of the plurality of identifiers, partitioning an encryption key provided by the customer into a number of encryption key fragments, and distributing the plurality of indexes and the number of encryption key fragments to the plurality of key fragment stores.
68 Citations
15 Claims
-
1. A computer-implemented method for encryption key storage comprising:
-
associating each of a plurality of identifiers with a different one of a plurality of key fragment stores; determining a plurality of indexes, wherein each of the plurality of indexes is based upon a handle provided by a customer, an authorization token provided by the customer, and a different one of the plurality of identifiers; partitioning an encryption key provided by the customer into a number of encryption key fragments; and distributing the plurality of indexes and the number of encryption key fragments to the plurality of key fragment stores. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A machine-readable non-transitory medium storing a set of instructions for encryption key storage executable by a machine to cause the machine to:
-
receive an encryption key provided by a customer; determine a plurality of identifiers, where each of the plurality of identifiers is individually associated with a different one of a plurality of key fragment stores; apply a first hashing algorithm to a combination of a handle provided by a customer and an authorization token provided by the customer to generate a first uniquely coded value; apply a second hashing algorithm to a combination of the first uniquely coded value and individually each of the plurality of identifiers to provide a plurality of indexes; partition the encryption key into a number of encryption key fragments with Shamir'"'"'s secret sharing algorithm; and distribute one of the plurality of indexes and one of the number of encryption key fragments to a respective key fragment store of the plurality of key fragment stores such that each of the plurality of indexes and each of the number of encryption key fragments are distributed; store the distributed number of encryption key fragments in a number of the plurality of key fragment stores; receive the handle and the authorization token from the customer to retrieve encryption key fragments; reconstruct the encryption key from the retrieved encryption key fragments; and provide the reconstructed encryption key to the customer. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computing system for encryption key storage, comprising:
-
a computing device including; a memory; a processor coupled to the memory, to; associate each of a plurality of identifiers with a different one of a plurality of key fragment stores; determine a plurality of indexes, wherein each of the plurality of indexes is based upon a handle provided by a customer, an authorization token provided by the customer, and a different one of the plurality of identifiers, wherein the authorization token is unknown to an encryption key storage provider; partition an encryption key provided by the customer into a first number, n, number of encryption key fragments with Shamir'"'"'s secret sharing, wherein the encryption key is unobtainable without a second number, k, of the number of encryption key fragments such that n is greater than k; and distribute the plurality of indexes and the number of encryption key fragments to the plurality of key fragment stores such that at least k encryption key fragments are distributed to a first geographic region and at least k encryption key fragments are distributed to one or more other geographic regions.
-
Specification