Multiple authority data security and access

US 9,407,440 B2
Filed: 06/20/2013
Issued: 08/02/2016
Est. Priority Date: 06/20/2013
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system of a customer of a computing resource service provider, cause the computer system to:

submit, to a computing resource service provider computer system of the computing resource service provider, an application programming interface request for a first key;

receive, from the computing resource service provider computer system, the first key and, in addition to the first key, a first encrypted first key, the first encrypted first key encrypted based at least in part on a second key, the customer lacking access to the second key;

encrypt data based at least in part on the first key to form encrypted data;

obtain a second encrypted first key, the second encrypted first key encrypted based at least in part on the second key and a third key, the computing resource service provider lacking access to the third key; and

cause the encrypted data to be stored in association with the second encrypted first key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable.

Citations

26 Claims

1. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system of a customer of a computing resource service provider, cause the computer system to:
- submit, to a computing resource service provider computer system of the computing resource service provider, an application programming interface request for a first key;
  
  receive, from the computing resource service provider computer system, the first key and, in addition to the first key, a first encrypted first key, the first encrypted first key encrypted based at least in part on a second key, the customer lacking access to the second key;
  
  encrypt data based at least in part on the first key to form encrypted data;
  
  obtain a second encrypted first key, the second encrypted first key encrypted based at least in part on the second key and a third key, the computing resource service provider lacking access to the third key; and
  
  cause the encrypted data to be stored in association with the second encrypted first key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-transitory computer-readable storage medium of claim 1, wherein obtaining the first key encrypted based at least in part on the second key and the third key includes encrypting the first encrypted first key encrypted based at least in part on the second key.
  - 3. The non-transitory computer-readable storage medium of claim 1, wherein obtaining the second encrypted first key includes causing a second computing resource service provider to use the third key to encrypt the first encrypted first key.
  - 4. The non-transitory computer-readable storage medium of claim 1, wherein:
    - the instructions that cause the computer system to encrypt the data include instructions that cause the computer system to;
      
      encrypt the data based at least in part on the first key to form first encrypted data; and
      
      in response to submitting the first encrypted data to a second computing resource service provider system, receive second encrypted data, wherein the second encrypted data is the first encrypted data encrypted based at least in part on a fourth key; and
      
      the instructions that cause the encrypted data to be stored include instructions that cause the second encrypted data to be stored in association with the second encrypted first key.
  - 5. The non-transitory computer-readable storage medium of claim 1, wherein:
    - the first key is based at least in part on a first key component and a second key component;
      
      the request provides the first key component for encryption by the computing resource service provider using the second key; and
      
      obtaining the first encrypted first key includes causing the second key component to be encrypted under the third key.
  - 6. The non-transitory computer-readable storage medium of claim 1, wherein the instructions that cause the computer system to cause the encrypted data to be stored includes instructions that cause the computer system to transmit, to a data storage service operated by the computing resource service provider, the encrypted data and the second encrypted first key.

7. A computer-implemented method, comprising:
- under control of one or more computer systems configured with executable instructions,obtaining, based at least in part on first information inaccessible to a computing resource service provider and second information inaccessible to a customer of the computing resource service provider, a second encrypted copy of a first key and encrypted data, the encrypted data encrypted under the first key by at least;
  
  submitting, to the computing resource service provider a request to perform one or more operations using the second information, the request including information enabling the computing resource service provider to select the second information from other information managed on behalf of other customers of the computing resource service provider;
  
  receiving, from the computing resource service provider, a response to the request that includes the first key and, in addition to the first key, a first encrypted copy of the first key generated using the second information;
  
  using the first key to encrypt data to obtain the encrypted data; and
  
  using the first information to encrypt the first encrypted copy of the first key, thereby obtaining the second encrypted copy of the first key; and
  
  causing the encrypted data and the second encrypted copy of the first key to be persisted so that authorized decryption of the encrypted data requires use of the first information and the second information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the first information comprises a second key and the second information comprises a third key.
  - 9. The method of claim 7, wherein causing the encrypted data and the second encrypted copy of the first key to be persisted includes causing the second encrypted copy of the first key to be stored in a data storage system that lacks access to the first information.
  - 10. The method of claim 7, wherein causing the encrypted data and the second encrypted copy of the first key to be persisted includes storing at least one of the encrypted data or the second encrypted copy of the first key in a storage device inaccessible to the computing resource service provider.
  - 11. The method of claim 7, wherein:
    - the first key is determinable from a plurality of key components comprising a first key component and a second key component; and
      
      the second encrypted copy of the first key comprises;
      
      the first key component encrypted using the first information; and
      
      the second key component encrypted using the second information.
  - 12. The method of claim 7, wherein the first information is accessible to the customer.

13. A system, comprising a collection of computing resources that collectively include one or more hardware processors and memory that, as a result of execution by the one or more hardware processors, cause the system to:
- operate a first service that manages, on behalf of a plurality of entities, a plurality of keys;
  
  operate a second service that stores data, the second service being without access to the plurality of keys; and
  
  provide, to a client computing device corresponding to an entity of the plurality of entities, executable instructions that cause the client computing device to at least;
  
  submit a request to perform one or more cryptographic operations using a first key, from the plurality of keys, specified by the request;
  
  receive, in response to the request, a second key and, in addition to the second key, a result of performance of the one or more cryptographic operations that includes an encrypted copy of the second key, the encrypted copy generated based at least in part on the first key;
  
  generate, based at least in part on the result and the second key inaccessible to the system, information that includes encrypted data, the information configured such that use of at least both the first key and second key is required to decrypt the encrypted data; and
  
  transmit the information generated to the second service.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein:
    - the encrypted data is encrypted with a third key; and
      
      the information includes the third key encrypted based at least in part on the first key and second key.
  - 15. The system of claim 14, wherein the client computing device has access to the third key.
  - 16. The system of claim 13, wherein:
    - the first service and the second service each provide a corresponding web service application programming interface;
      
      the request is received through a web service interface of the first service; and
      
      transmitting the information generated includes submitting a web service call to a web service interface of the second service.
  - 17. The system of claim 13, wherein the system lacks access to the second key.
  - 18. The system of claim 13, wherein the executable instructions are in a form of a scripting language.

19. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to:
- obtain, based at least in part on first information inaccessible to a computing resource service provider and second information, an encrypted copy of a first key and data encrypted under the first key by at least causing the computer system to;
  
  submit, to the computing resource service provider a request to perform one or more operations using the second information, the request including information enabling the computing resource service provider to select the second information from other information managed on behalf of customers of the computing resource service provider;
  
  receive, from the computing resource service provider, the first key and, in addition to the first key, the encrypted copy of the first key; and
  
  use the first key to generate the data encrypted under the first key; and
  
  cause the encrypted copy of the first key and the data encrypted under the first key to be persistently stored so that authorized access to the data in plaintext form requires use of the first information and the second information.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The non-transitory computer-readable storage medium of claim 19, wherein the instructions that cause the computer system to cause the encrypted copy of the first key and the data encrypted under the first key to be persistently stored include instructions that cause the computer system to utilize a data storage service of the computing resource service provider to store at least one of the encrypted copy of the first key or the data encrypted under the first key.
  - 21. The non-transitory computer-readable storage medium of claim 20, wherein the instructions that cause the computer system to utilize the data storage service include instructions that cause the computer system to transmit a second request to the computing resource service provider, the second request transmitted to a different application programming interface than an application programming interface to which the request to perform the one or more operations using the second information was provided.
  - 22. The non-transitory computer-readable storage medium of claim 19, wherein the instructions that cause the computer system to obtain the data encrypted under the first key includes instructions that cause the computer system to cause a second computing resource service provider to perform one or more operations using the first information.
  - 23. The non-transitory computer-readable storage medium of claim 19, wherein:
    - the first information is a second key to which the computer system has access; and
      
      the instructions that cause the computer system to obtain the data encrypted under the first key include instructions that cause the computer system to perform one or more encryption operations using the second key.
  - 24. The non-transitory computer-readable storage medium of claim 19, wherein:
    - the first information is a second key and the second information is a third key; and
      
      both the second key and the third key are used to obtain the data encrypted under the first key.
  - 25. The non-transitory computer-readable storage medium of claim 19, wherein the instructions that cause the computer system to obtain the encrypted copy of the first key and the data encrypted under the first key and cause the computer system to cause encrypted copy of the first key and the data encrypted under the first key to be persistently stored are performed as a result of an instruction to a file system interface to perform a storage operation.
  - 26. The non-transitory computer-readable storage medium of claim 19, wherein:
    - the one or more operations include use of a cryptographic algorithm supporting additional authenticated data; and
      
      the request includes metadata usable by the computing resource service provider as additional authenticated data, the computing resource service provider being configured to enforce one or more policies based at least in part on the metadata.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Roth, Gregory Branchek, Wren, Matthew James
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
NGUY, CHI D

Application Number

US13/922,875
Publication Number

US 20140380054A1
Time in Patent Office

1,139 Days
Field of Search

713/165, 713/193, 380/259, 380281-282, 380284-285, 380/45
US Class Current

1/1
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 63/0435   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

Multiple authority data security and access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple authority data security and access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links