Supporting a fixed transaction rate with a variably-backed logical cryptographic key
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of one or more computer systems that execute instructions,providing an application programming interface through which requests may be submitted to cause performance of cryptographic operations using a cryptographic key associated with a key identifier;
determining an individual cryptographic key usage rate limit;
receiving an application pro ramming interface request specifying a key identifier usage rate associated with the key identifier;
determining, based at least in part on the individual cryptographic key usage rate limit and the key identifier usage rate, a minimum number of cryptographic keys for a set of cryptographic keys associated with the key identifier such that, as the cryptographic operations are distributed among individual cryptographic keys of the set as part of processing requests associated with the key identifier, usage rates corresponding to each individual cryptographic key of the set are at or below the individual cryptographic key usage rate limit; and
causing the set of cryptographic keys to have at least the minimum number of keys determined.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for receiving requests for performing cryptographic operations with a virtual key having a plurality of actual keys associated with the virtual key, determining which actual key of the plurality of actual keys to use for the cryptographic operation, performing the cryptographic operation using the actual key, and providing the result of performing the cryptographic operation.
-
Citations
27 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems that execute instructions, providing an application programming interface through which requests may be submitted to cause performance of cryptographic operations using a cryptographic key associated with a key identifier; determining an individual cryptographic key usage rate limit; receiving an application pro ramming interface request specifying a key identifier usage rate associated with the key identifier; determining, based at least in part on the individual cryptographic key usage rate limit and the key identifier usage rate, a minimum number of cryptographic keys for a set of cryptographic keys associated with the key identifier such that, as the cryptographic operations are distributed among individual cryptographic keys of the set as part of processing requests associated with the key identifier, usage rates corresponding to each individual cryptographic key of the set are at or below the individual cryptographic key usage rate limit; and causing the set of cryptographic keys to have at least the minimum number of keys determined. - View Dependent Claims (2, 3, 4, 5)
-
6. A system, comprising:
-
one or more processors; memory including instructions that, when executed by the one or more processors, cause the system to; determine a key identifier usage rate corresponding to a key identifier; determine a plurality of keys such that each key of the plurality of keys has a corresponding individual key usage rate limit, and an aggregate usage rate of the plurality of keys is able to meet the key identifier usage rate without any key from the plurality of keys exceeding its corresponding individual key usage rate limit; and associate the plurality of keys with the key identifier such that, when a request to perform a cryptographic operation associated with the key identifier is received, a key is selected from the plurality of keys for performing the cryptographic operation. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, causes the computer system to at least:
-
determine a usage rate corresponding to a key identifier; determine a plurality of keys, wherein each key in the plurality of keys has an individual key usage rate limit such that an aggregate usage rate of the plurality of keys is able to meet the usage rate without any key from the plurality of keys exceeding its corresponding individual key usage rate limit; and associate the plurality of keys with the key identifier such that, if a request to perform a cryptographic operation is received in association with the key identifier, a key is selected from the plurality of keys to perform the cryptographic operation. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification