DELAYED DATA ACCESS
First Claim
1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving, to a service of a computing resource provider, a request to decrypt ciphertext using a key specified by the request, the request satisfying a set of one or more conditions sufficient for the request to be fulfilled;
at a time during which the request is pending, transmitting one or more notifications of the request to one or more computer systems of a customer corresponding to the key;
enabling the request to be aborted during pendency of the request;
decrypting the ciphertext to obtain plaintext; and
providing the plaintext as a result of at least a predetermined amount of time having passed and the request not having been aborted.
1 Assignment
0 Petitions
Accused Products
Abstract
A system uses information submitted in connection with a request to determine if and how to process the request. The information may be electronically signed by a requestor using a key such that the system processing the request can verify that the requestor has the key and that the information is authentic. The information may include information that identifies a holder of a key needed for processing the request, where the holder of the key can be the system or another, possibly third party, system. Requests to decrypt data may be processed to ensure that a certain amount of time passes before access to the decrypted data is provided, thereby providing an opportunity to cancel such requests and/or otherwise mitigate potential security breaches.
247 Citations
31 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, receiving, to a service of a computing resource provider, a request to decrypt ciphertext using a key specified by the request, the request satisfying a set of one or more conditions sufficient for the request to be fulfilled; at a time during which the request is pending, transmitting one or more notifications of the request to one or more computer systems of a customer corresponding to the key; enabling the request to be aborted during pendency of the request; decrypting the ciphertext to obtain plaintext; and providing the plaintext as a result of at least a predetermined amount of time having passed and the request not having been aborted. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, receiving an authenticated request to access plaintext, the fulfillment of which requiring one or more cryptographic operations; processing the request such that a preprogrammed delay is required before a response to the request corresponding to fulfillment of the request is provided; and providing a response to the request after the delay. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
15. A computer system, comprising:
-
one or more processors; and memory including instructions that, when executed by the one or more processors, cause the computer system to; detect a trigger in connection with an authenticated request, from a requestor, to access data, where accessing the data requires the performance of one or more cryptographic operations; and as a result of detecting the trigger, cause a preprogrammed amount of time to pass before the data is accessible to the requestor, the request being abortable by an entity different from the requestor during passage of the amount of time. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. One or more computer-readable media having collectively stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to:
-
detect a trigger in connection with an authenticated request, from a requestor, to access data, where accessing the data requires the performance of one or more cryptographic operations; and as a result of detecting the trigger, cause the request to be abortable by an entity different from the requestor, for an amount of time. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A system, comprising:
-
one or more processors; and memory including instructions that, when executed by the one or more processors, cause the system to; receive a request for a policy to be effective at a time indicated by the request; determine, based at least in part on the indicated time, whether fulfillment of the request complies with a currently effective policy; at a time between receipt of the request and the indicated time, enable another request to be received to abort the request. - View Dependent Claims (29, 30, 31)
-
Specification