SECURE DATA DESTRUCTION IN A DISTRIBUTED ENVIRONMENT USING KEY PROTECTION MECHANISMS
1 Assignment
0 Petitions
Accused Products
Abstract
Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys.
-
Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A computer-implemented method, comprising:
-
providing a virtual machine instance with access to a cryptographic key; storing information that indicates that the cryptographic key has been prevented from being accessible from outside of the virtual machine instance; and making data that has been encrypted using the cryptographic key inaccessible by at least; verifying the information; and deleting the cryptographic key. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A system comprising:
-
one or more processors; and memory that stores computer-executable instructions that, if executed, cause the one or more processors to; provide a computer system instance with access to a cryptographic key; maintain information that indicates whether the cryptographic key has been exposes to a computing; and render plain text versions of data encrypted with the cryptographic key inaccessible by at least deleting the cryptographic key based at least in part on a verification of the information. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
provision a computer instance with a key usable to encrypt data; storing information that indicates that the key has been prevented from being accessible from outside of the computer instance; receive a request to delete data encrypted with the key; and fulfil the request by at least; determining that a set of conditions on the key has not been violated based at least in part on the information; and causing the key to be deleted. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
Specification