SECURE DISTRIBUTED STORAGE OF ENCRYPTION KEYS
First Claim
1. A method of cryptographic processing across a network, the method comprising:
- securely maintaining, by a computing device, a set of correspondences between encryption keys and key identifiers;
receiving, by the computing device, a cryptographic request from a remote device received across the network, the cryptographic request including credentials, data to be cryptographically processed, and a key identifier to be used for cryptographic processing; and
in response to successfully authenticating the cryptographic request;
obtaining, by the computing device with reference to the set of correspondences, an encryption key corresponding to the key identifier;
cryptographically processing, by the computing device, the received data using the obtained encryption key to generate cryptographically-processed data; and
sending the cryptographically-processed data from the computing device across the network to the remote device.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques are presented for (a) securely maintaining, by a computing device, a set of correspondences between encryption keys and key identifiers, (b) receiving, by the computing device, a cryptographic request from a remote device received across the network, the cryptographic request including credentials, data to be cryptographically processed, and a key identifier to be used for cryptographic processing, and (c) in response to successfully authenticating the cryptographic request: (1) obtaining, by the computing device with reference to the set of correspondences, an encryption key corresponding to the key identifier, (2) cryptographically processing, by the computing device, the received data using the obtained encryption key to generate cryptographically-processed data, and (3) sending the cryptographically-processed data from the computing device across the network to the remote device. Embodiments are directed to methods, apparatuses, systems, and computer program products for performing these techniques.
-
Citations
20 Claims
-
1. A method of cryptographic processing across a network, the method comprising:
-
securely maintaining, by a computing device, a set of correspondences between encryption keys and key identifiers; receiving, by the computing device, a cryptographic request from a remote device received across the network, the cryptographic request including credentials, data to be cryptographically processed, and a key identifier to be used for cryptographic processing; and in response to successfully authenticating the cryptographic request; obtaining, by the computing device with reference to the set of correspondences, an encryption key corresponding to the key identifier; cryptographically processing, by the computing device, the received data using the obtained encryption key to generate cryptographically-processed data; and sending the cryptographically-processed data from the computing device across the network to the remote device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for cryptographic processing comprising:
-
a network; a client computing device communicatively connected to the network; and a server computing device communicatively connected to the network, the server computing device configured to; securely maintain a set of correspondences between encryption keys and key identifiers; receive a cryptographic request from the client computing device across the network, the cryptographic request including credentials, data to be cryptographically processed, and a key identifier to be used for cryptographic processing; and in response to successfully authenticating the cryptographic request; obtain, with reference to the set of correspondences, an encryption key corresponding to the key identifier; cryptographically process the received data using the obtained encryption key to generate cryptographically-processed data; and send the cryptographically-processed data across the network to the remote device; wherein the client computing device is configured to; send the cryptographic request to the server computing device across the network; receive the cryptographically-processed data from the server computing device across the network; and make use of the received cryptographically-processed data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product comprising a non-transitory computer-readable storage medium storing a set of instructions, which, when executed by a computing device, cause the computing device to:
-
securely maintain a set of correspondences between encryption keys and key identifiers; receive a cryptographic request from a remote device received across a network, the cryptographic request including credentials, data to be cryptographically processed, and a key identifier to be used for cryptographic processing; and in response to successfully authenticating the cryptographic request; obtain, with reference to the set of correspondences, an encryption key corresponding to the key identifier; cryptographically process the received data using the obtained encryption key to generate cryptographically-processed data; and send the cryptographically-processed data across the network to the remote device.
-
Specification