Multiple authority data security and access
First Claim
1. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system of a customer of a computing resource service provider, cause the computer system to:
- submit, to a computing resource service provider computer system of the computing resource service provider, an application programming interface request for a first key;
receive, from the computing resource service provider computer system, the first key and, in addition to the first key, a first encrypted first key, the first encrypted first key encrypted based at least in part on a second key, the customer lacking access to the second key;
encrypt data based at least in part on the first key to form encrypted data;
obtain a second encrypted first key, the second encrypted first key encrypted based at least in part on the second key and a third key, the computing resource service provider lacking access to the third key; and
cause the encrypted data to be stored in association with the second encrypted first key.
1 Assignment
0 Petitions
Accused Products
Abstract
Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable.
-
Citations
26 Claims
-
1. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system of a customer of a computing resource service provider, cause the computer system to:
-
submit, to a computing resource service provider computer system of the computing resource service provider, an application programming interface request for a first key; receive, from the computing resource service provider computer system, the first key and, in addition to the first key, a first encrypted first key, the first encrypted first key encrypted based at least in part on a second key, the customer lacking access to the second key; encrypt data based at least in part on the first key to form encrypted data; obtain a second encrypted first key, the second encrypted first key encrypted based at least in part on the second key and a third key, the computing resource service provider lacking access to the third key; and cause the encrypted data to be stored in association with the second encrypted first key. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method, comprising:
under control of one or more computer systems configured with executable instructions, obtaining, based at least in part on first information inaccessible to a computing resource service provider and second information inaccessible to a customer of the computing resource service provider, a second encrypted copy of a first key and encrypted data, the encrypted data encrypted under the first key by at least; submitting, to the computing resource service provider a request to perform one or more operations using the second information, the request including information enabling the computing resource service provider to select the second information from other information managed on behalf of other customers of the computing resource service provider; receiving, from the computing resource service provider, a response to the request that includes the first key and, in addition to the first key, a first encrypted copy of the first key generated using the second information; using the first key to encrypt data to obtain the encrypted data; and using the first information to encrypt the first encrypted copy of the first key, thereby obtaining the second encrypted copy of the first key; and causing the encrypted data and the second encrypted copy of the first key to be persisted so that authorized decryption of the encrypted data requires use of the first information and the second information. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A system, comprising a collection of computing resources that collectively include one or more hardware processors and memory that, as a result of execution by the one or more hardware processors, cause the system to:
-
operate a first service that manages, on behalf of a plurality of entities, a plurality of keys; operate a second service that stores data, the second service being without access to the plurality of keys; and provide, to a client computing device corresponding to an entity of the plurality of entities, executable instructions that cause the client computing device to at least; submit a request to perform one or more cryptographic operations using a first key, from the plurality of keys, specified by the request; receive, in response to the request, a second key and, in addition to the second key, a result of performance of the one or more cryptographic operations that includes an encrypted copy of the second key, the encrypted copy generated based at least in part on the first key; generate, based at least in part on the result and the second key inaccessible to the system, information that includes encrypted data, the information configured such that use of at least both the first key and second key is required to decrypt the encrypted data; and transmit the information generated to the second service. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system, cause the computer system to:
-
obtain, based at least in part on first information inaccessible to a computing resource service provider and second information, an encrypted copy of a first key and data encrypted under the first key by at least causing the computer system to; submit, to the computing resource service provider a request to perform one or more operations using the second information, the request including information enabling the computing resource service provider to select the second information from other information managed on behalf of customers of the computing resource service provider; receive, from the computing resource service provider, the first key and, in addition to the first key, the encrypted copy of the first key; and use the first key to generate the data encrypted under the first key; and cause the encrypted copy of the first key and the data encrypted under the first key to be persistently stored so that authorized access to the data in plaintext form requires use of the first information and the second information. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification