UNIFIED MANAGEMENT OF CRYPTOGRAPHIC KEYS USING VIRTUAL KEYS AND REFERRALS
First Claim
Patent Images
1. A system comprising memory to store executable instructions that, as a result of execution by one or more processors, cause the system to:
- receive, from a client, a request to perform an operation using a cryptographic key, the request specifying a key identifier;
select, based at least in part on the key identifier, a key from a set of keys managed for an entity associated with the client, the set of keys including a subset of virtual keys, the subset of virtual keys being associated with a set of cryptographic keys that is stored in another computing device; and
provide, based at least in part on the key being a member of the subset of virtual keys, a cryptographic configuration and a reference to the computing device, the reference including information usable to cause the other computing device to perform the operation using the cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptography service allows for management of cryptographic keys in multiple environments. The service allows for specification of policies applicable to cryptographic keys, such as what cryptographic algorithms should be used in which contexts. The cryptography service, upon receiving a request for a key, may provide a referral to another system to obtain the key.
-
Citations
20 Claims
-
1. A system comprising memory to store executable instructions that, as a result of execution by one or more processors, cause the system to:
-
receive, from a client, a request to perform an operation using a cryptographic key, the request specifying a key identifier; select, based at least in part on the key identifier, a key from a set of keys managed for an entity associated with the client, the set of keys including a subset of virtual keys, the subset of virtual keys being associated with a set of cryptographic keys that is stored in another computing device; and provide, based at least in part on the key being a member of the subset of virtual keys, a cryptographic configuration and a reference to the computing device, the reference including information usable to cause the other computing device to perform the operation using the cryptographic key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method, comprising:
-
receiving, at a computer system, a request to perform an operation, the request indicating a key identifier; determining the key identifier is associated with a key of a set of cryptographic keys that is stored in another computer system; and providing a response to the request that enables submission of a second request to perform the operation using the key. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium to store executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, from a first computing device, a response to a first request, the first request indicating a key identifier; determine that the response indicates a referral to a second computing device; and transmit a second request to the second computing device to perform an operation using a cryptographic key associated with the key identifier. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification