Distributed encryption key management
First Claim
1. A system for managing secure objects for a host computer of a plurality of host computers, comprising:
- a processor; and
a memory including instructions that, when executed by the processor, cause the processor to;
assign the host computer to a host class, the host class associated with a secure function;
obtain a secure identifier for the host class, the secure identifier being associated with at least one secure object for use in performing the secure function; and
provide information regarding an update to the host computer at least in response to the update, the update identifying a change to the at least one secure object associated with the secure identifier, wherein the secure identifier has a default secure object specified to be used to perform the secure function.
2 Assignments
0 Petitions
Accused Products
Abstract
Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.
-
Citations
25 Claims
-
1. A system for managing secure objects for a host computer of a plurality of host computers, comprising:
-
a processor; and a memory including instructions that, when executed by the processor, cause the processor to; assign the host computer to a host class, the host class associated with a secure function; obtain a secure identifier for the host class, the secure identifier being associated with at least one secure object for use in performing the secure function; and provide information regarding an update to the host computer at least in response to the update, the update identifying a change to the at least one secure object associated with the secure identifier, wherein the secure identifier has a default secure object specified to be used to perform the secure function. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer-readable medium storing computer-executable instructions for managing secure objects for a host computer of a plurality of host computers that, when executed by one or more computer systems, configure the one or more computer systems to perform operations comprising:
-
receiving a request from the host computer that is assigned to a host class, the host class being associated with a secure function, wherein the secure function includes encrypting or decrypting content or a resource; obtaining a secure identifier associated with the host class assigned to the host computer from which the request was received, the secure identifier associated with a secure object to be used to perform a secure function; providing the secure identifier and the secure object to the host computer in response to the request; and distributing an algorithm to individual members of the host class, wherein individual host computers have access to the algorithm and the respective secure object is configured to encrypt or decrypt the content or the resource. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A system for managing secure objects for a host computer of a plurality of host computers, comprising:
-
a processor; and a memory including instructions that, when executed by the processor, cause the processor to; assign the host computer to a host class, the host class associated with a secure function; obtain a secure identifier for the host class, the secure identifier being associated with at least one secure object for use in performing the secure function; and provide information regarding an update to the host computer at least in response to the update, the update identifying a change to the at least one secure object associated with the secure identifier, wherein the secure identifier has a default secure object specified to be used to perform the secure function. - View Dependent Claims (13, 14)
-
-
15. A computer-implemented method, comprising:
-
receiving a request from the host computer that is assigned to a host class, the host class being associated with a secure function; obtaining a secure identifier associated with the host class assigned to the host computer from which the request was received, the secure identifier associated with a secure object to be used to perform a secure function; providing the secure identifier and the secure object to the host computer in response to the request; and updating the secure object with the host computer based at least in part on a change made to the secure object, wherein updating the secure object includes at least one of addition of a new secure object, deletion of the secure object, a change in a version number of the secure object to be used to perform the secure function, or a change in a current default secure object. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for managing secure objects for a host computer of a plurality of host computers, comprising:
-
a processor; a non-transitory computer-readable medium having processor-executable instructions; means for assigning the host computer to a host class, the host class associated with a secure function; means for obtaining a secure identifier for the host class, the secure identifier being associated with at least one secure object for use in performing the secure function; and means for providing information regarding an update to the host computer at least in response to the update, the update identifying a change to the at least one secure object associated with the secure identifier, wherein the secure identifier has a default secure object specified to be used to perform the secure function. - View Dependent Claims (21, 22, 23, 24, 25)
-
Specification