Encryption key management
First Claim
1. A method of performing secure operations, comprising:
- receiving, at a computing device, a request to perform a secure operation, the request identifying a secure identifier; and
selecting, based at least in part on the secure identifier and whether the request includes a version number, a secure object to be used in performing the secure operation, the secure object being identified by the secure identifier, being configured to be associated with a particular version number, and being selected such that;
as a result of the request including the particular version number, selecting the secure object is further based at least in part on the particular version number; and
as a result of the request not including any version number, selecting the secure object includes selecting a default secure object based at least in part on the secure identifier identifying the secure object.
1 Assignment
0 Petitions
Accused Products
Abstract
Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.
10 Citations
24 Claims
-
1. A method of performing secure operations, comprising:
-
receiving, at a computing device, a request to perform a secure operation, the request identifying a secure identifier; and selecting, based at least in part on the secure identifier and whether the request includes a version number, a secure object to be used in performing the secure operation, the secure object being identified by the secure identifier, being configured to be associated with a particular version number, and being selected such that; as a result of the request including the particular version number, selecting the secure object is further based at least in part on the particular version number; and as a result of the request not including any version number, selecting the secure object includes selecting a default secure object based at least in part on the secure identifier identifying the secure object. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer system for performing secure operations, comprising:
-
one or more processors; and memory, including executable instructions that, when executed by the one or more processors, cause the one or more processors to collectively at least; receive a request to perform a secure operation, the request specifying a first identifier; and select, based at least in part on the first identifier and whether the request includes a second identifier, a secure object from one or more secure objects to be used in performing the secure operation, the secure object being identified by the first identifier, being configured to be associated with a particular second identifier, and being selected such that; as a result of the request including the particular second identifier, selecting the secure object is further based at least in part on the particular second identifier; and as a result of the request not including any second identifier, selecting the secure object includes selecting a default secure object based at least in part on the first identifier identifying the secure object. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for decoding data, comprising:
-
receiving, at a computing device, a request to decode data, the data including information usable for decoding the data, the information including at least a secure identifier; selecting, based at least in part on the secure identifier and whether the request includes a version number, a secure object to be used in decoding the data, the secure object being associated with the secure identifier, being configured to be associated with a particular version number, and being selected such that; as a result of the request including the particular version number, selecting the secure object is further based at least in part on the particular version number; as a result of the request not including any version number, selecting the secure object includes selecting a default secure object based at least in part on the secure identifier being associated with the secure object; and decoding the data using at least the selected secure object and the information usable for decoding the data. - View Dependent Claims (15, 16, 17, 18)
-
-
19. One or more non-transient computer-readable storage media having collectively stored thereon instructions executable by one or more processors of a computer system that, when executed by the one or more processors, cause the computer system to at least:
-
receive a request to perform a secure operation, the request specifying a secure identifier; select, based at least in part on the secure identifier and whether the request includes a version number, a secure object from a plurality of secure objects to be used in performing the secure operation, the secure object being associated with the secure identifier, being configured to be associated with a particular version number, and being selected such that; as a result of the request including the particular version number, selecting the secure object is further based at least in part on the particular version number; and as a result of the request not including any version number, selecting the secure object includes selecting a default secure object based at least in part on the secure identifier being associated with the secure object. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification