Key rotation techniques
First Claim
Patent Images
1. A computer-implemented method, comprising:
- under the control of one or more computer systems having executable instructions,receiving a first request to electronically shred a first subset of a plurality of customer keys encrypted under a first cryptographic key;
performing a first process that results in each security module in a plurality of security modules being able to perform cryptographic operations with a customer key of the plurality of customer keys regardless of whether the customer key is encrypted using the first cryptographic key or a second cryptographic key at least by;
submitting a second request to a selected security module of the plurality of security modules;
receiving, from the selected security module, a response to the second request that includes the second cryptographic key, in a form of an encrypted second cryptographic key, encrypted in a manner decryptable by the plurality of security modules; and
providing at least the encrypted second cryptographic key to each other security module from the plurality of security modules;
for each customer key of a second subset of the plurality of customer keys encrypted under the first cryptographic key, the second subset being disjoint from the first subset as a result of having received the first request;
accessing, from a data storage system, the customer key;
instructing a security module from the plurality of security modules to;
use the first cryptographic key to decrypt the customer key to form a decrypted customer key;
use the second cryptographic key to encrypt the decrypted customer key; and
provide the customer key encrypted under the second cryptographic key; and
storing the customer key encrypted under the second cryptographic key in the data storage system; and
at a time after each customer key of the plurality of customer keys is encrypted under the second cryptographic key and stored in the data storage system;
determining that the first process was successful; and
performing a second process that results in each security module in the plurality of security modules losing access to the first cryptographic key but maintaining access to the second cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
A plurality of devices have common access to a cryptographic key. The cryptographic key is rotated by providing the devices simultaneous access to both the cryptographic key and a new cryptographic key and then revoking access to the cryptographic key. Keys stored externally and encrypted under the cryptographic key can be reencrypted under the new cryptographic key. Keys intended for electronic shredding can be left encrypted under the old cryptographic key.
152 Citations
28 Claims
-
1. A computer-implemented method, comprising:
under the control of one or more computer systems having executable instructions, receiving a first request to electronically shred a first subset of a plurality of customer keys encrypted under a first cryptographic key; performing a first process that results in each security module in a plurality of security modules being able to perform cryptographic operations with a customer key of the plurality of customer keys regardless of whether the customer key is encrypted using the first cryptographic key or a second cryptographic key at least by; submitting a second request to a selected security module of the plurality of security modules; receiving, from the selected security module, a response to the second request that includes the second cryptographic key, in a form of an encrypted second cryptographic key, encrypted in a manner decryptable by the plurality of security modules; and providing at least the encrypted second cryptographic key to each other security module from the plurality of security modules; for each customer key of a second subset of the plurality of customer keys encrypted under the first cryptographic key, the second subset being disjoint from the first subset as a result of having received the first request; accessing, from a data storage system, the customer key; instructing a security module from the plurality of security modules to; use the first cryptographic key to decrypt the customer key to form a decrypted customer key; use the second cryptographic key to encrypt the decrypted customer key; and provide the customer key encrypted under the second cryptographic key; and storing the customer key encrypted under the second cryptographic key in the data storage system; and at a time after each customer key of the plurality of customer keys is encrypted under the second cryptographic key and stored in the data storage system; determining that the first process was successful; and performing a second process that results in each security module in the plurality of security modules losing access to the first cryptographic key but maintaining access to the second cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A computer-implemented method, comprising:
under the control of one or more computer systems having executable instructions, selecting a subset of data objects from a set of data objects encrypted under a first cryptographic key; providing, to a plurality of devices, access to both a first cryptographic key and a second cryptographic key such that the plurality of devices are able, in response to receiving a first request, to utilize either the first cryptographic key or the second cryptographic key to perform a cryptographic operation, at least by; submitting a second request to a selected device of the plurality of devices; receiving, from the selected device, a response to the second request that includes the second cryptographic key, in a form of an encrypted second cryptographic key, encrypted in a manner decryptable by the plurality of devices; and providing at least the encrypted second cryptographic key to each other device from the plurality of devices; and for each data object of the subset of data objects encrypted under the first cryptographic key; causing a device from the plurality of devices to decrypt the data object using the first cryptographic key; causing the device to encrypt the data object under the second cryptographic key; and at a time after each data object of the subset of data objects is encrypted under the second cryptographic key; determining that each security module in the plurality of devices has access to the second cryptographic key; and causing each security module in the plurality of devices to lose access to the first cryptographic key but maintain access to the second cryptographic key. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. A system, comprising:
-
one or more processors; and memory including instructions that, as a result of execution by the one or more processors, cause the system to; store data objects usable by a plurality of devices in providing a service, the data objects encrypted under a first cryptographic key; cause the plurality of devices to have simultaneous access to the first cryptographic key and a second cryptographic key such that the plurality of devices are able, in response to receiving a first request to access a data object, to utilize either the first cryptographic key or the second cryptographic key to perform a cryptographic operation, by causing the system to at least; provide a second request, to a selected device from the plurality of devices, the second request including the second cryptographic key; receive a response to the second request, the response including an encrypted second cryptographic key; and provide the encrypted second cryptographic key to each other device of the plurality of devices such that each device from the plurality of devices can decrypt the encrypted second cryptographic key to obtain the second cryptographic key; cause the plurality of devices to decrypt a selected subset of the data objects using the first cryptographic key; cause the plurality of devices to encrypt the selected subset of the data objects under the second cryptographic key, the selected subset excluding data objects selected for electronic shredding; check that each of the plurality of devices has access to the second cryptographic key; and cause the plurality of devices to lose access to the first cryptographic key. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory computer-readable storage medium having stored thereon instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
-
cause a plurality of devices, having common access to a first cryptographic key under which a set of data objects used by the plurality of devices are encrypted, to replace the first cryptographic key with a second cryptographic key by at least causing the computer system to; submit a request to a selected device of the plurality of devices; receive, from the selected device, a response to the request that includes the second cryptographic key, in a form of an encrypted second cryptographic key, encrypted in a manner decryptable by the plurality of devices; provide at least the encrypted second cryptographic key to each other device from the plurality of devices; cause one or more devices of the plurality of devices to decrypt, using the first cryptographic key, a subset of the set of the data objects that are not selected for electronic shredding; cause the one or more devices of the plurality of devices to encrypt the subset of the set of data objects such that data objects of the subset are accessible regardless of whether the data objects of the subset are encrypted using the first cryptographic key or the second cryptographic key; and at a time after the data objects of the subset become accessible by using the second cryptographic key; check that each of the plurality of devices have common access to the second cryptographic key; and cause the plurality of devices to lose access to the first cryptographic key. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
Specification