Redundant key management
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of one or more computer systems configured with executable instructions,receiving data objects from customers of a data storage service;
for each data object of at least a plurality of the data objects;
storing the data object in an intermediate data storage subsystem;
prior to removing the data object from the intermediate data storage subsystem to a persistent data storage subsystem, providing, to a customer associated with the data object, an identifier for the data object that includes, in encrypted form, information usable to retrieve the data object after the data object is removed from the intermediate data storage subsystem;
generating a first cryptographic key for the data object;
encrypting the data object using the first cryptographic key;
causing the first cryptographic key to be encrypted using a second cryptographic key; and
redundantly storing, in the persistent data storage subsystem, the encrypted data object and the encrypted first cryptographic key using a plurality of data storage devices used by the data storage service to persistently store the received data objects, wherein redundantly storing the encrypted data object includes storing a plurality of shards such that each shard of the plurality of shards is stored in a different data storage device of the plurality of data storage devices, the plurality of shards generated by applying a redundancy encoding scheme to the data object and encrypted using the first cryptographic key after applying the redundancy encoding scheme;
encrypting the second cryptographic key using a third cryptographic key; and
redundantly storing the encrypted second cryptographic key among the plurality of data storage devices.
1 Assignment
0 Petitions
Accused Products
Abstract
A data storage service redundantly stores data and keys used to encrypt the data. Data objects are encrypted with first cryptographic keys. The first cryptographic keys are encrypted by second cryptographic keys. The first cryptographic keys and second cryptographic keys are redundantly stored in a data storage system to enable access of the data objects, such as to respond to requests to retrieve the data objects. The second cryptographic keys may be encrypted by third keys and redundantly stored in the event access to a second cryptographic key is lost.
-
Citations
26 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems configured with executable instructions, receiving data objects from customers of a data storage service; for each data object of at least a plurality of the data objects; storing the data object in an intermediate data storage subsystem; prior to removing the data object from the intermediate data storage subsystem to a persistent data storage subsystem, providing, to a customer associated with the data object, an identifier for the data object that includes, in encrypted form, information usable to retrieve the data object after the data object is removed from the intermediate data storage subsystem; generating a first cryptographic key for the data object; encrypting the data object using the first cryptographic key; causing the first cryptographic key to be encrypted using a second cryptographic key; and redundantly storing, in the persistent data storage subsystem, the encrypted data object and the encrypted first cryptographic key using a plurality of data storage devices used by the data storage service to persistently store the received data objects, wherein redundantly storing the encrypted data object includes storing a plurality of shards such that each shard of the plurality of shards is stored in a different data storage device of the plurality of data storage devices, the plurality of shards generated by applying a redundancy encoding scheme to the data object and encrypted using the first cryptographic key after applying the redundancy encoding scheme; encrypting the second cryptographic key using a third cryptographic key; and redundantly storing the encrypted second cryptographic key among the plurality of data storage devices. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A system, comprising:
-
a second data store comprising a plurality of data storage devices; a first data store configured to store data until the data is removed for storage in the second data store; and a subsystem configured to; obtain data objects to be stored among the plurality of data storage devices; and for each data object of at least a plurality of the data objects; while the data object is in the first data store, provide an identifier that is usable to obtain the data object after the data object is removed from the first data store; encrypt the data object with a first cryptographic key; cause the first cryptographic key to be encrypted using a second cryptographic key; and redundantly store, in the second data store, the encrypted data object and the encrypted first cryptographic key among the plurality of data storage devices, wherein the subsystem redundantly stores the encrypted data object by at least storing a plurality of shards such that each shard of the plurality of shards is stored in a different data storage device, the plurality of shards generated by applying a redundancy encoding scheme to the data object and encrypted using the first cryptographic key after applying the redundancy encoding scheme. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer-implemented method, comprising:
-
obtaining data objects to be stored among a plurality of data storage devices of a second data store; and for each data object of at least a plurality of the data objects; while the data object is in a first data store configured to store data until the data is remove for storage in the second data store, providing an identifier that is usable to obtain the data object after the data object is removed from the first data store; encrypting the data object with a first cryptographic key; causing the first cryptographic key to be encrypted using a second cryptographic key; and redundantly storing, in the second data store, the encrypted data object and the encrypted first cryptographic key among the plurality of data storage devices, wherein redundantly storing the encrypted data object comprises storing a plurality of shards such that each shard of the plurality of shards is stored in a different data storage device, the plurality of shards generated by applying a redundancy encoding scheme to the data object and encrypted using the first cryptographic key after applying the redundancy encoding scheme. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable storage medium having stored thereon instructions that, as a result of being processed by one or more processors of a computer system, cause the computer system to:
-
obtain data objects to be stored among a plurality of data storage devices of a second data store; and for each data object of at least a plurality of the data objects; while the data object is in a first data store configured to store data until the data is remove for storage in the second data store, provide an identifier that is usable to obtain the data object after the data object is removed from the first data store; encrypt the data object with a first cryptographic key; cause the first cryptographic key to be encrypted using a second cryptographic key; and redundantly store, in the second data store, the encrypted data object and the encrypted first cryptographic key among the plurality of data storage devices, wherein redundantly storing the encrypted data object comprises storing a plurality of shards such that each shard of the plurality of shards is stored in a different data storage device, the plurality of shards generated by applying a redundancy encoding scheme to the data object and encrypted using the first cryptographic key after applying the redundancy encoding scheme. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification