×

Federated key management

  • US 9,705,674 B2
  • Filed: 02/12/2013
  • Issued: 07/11/2017
  • Est. Priority Date: 02/12/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • under the control of one or more computer systems configured with executable instructions,receiving, from a requestor, a request to perform a cryptographic operation, the request including first information and an electronic signature generated based at least in part on a portion of the first information, the electronic signature verifiable with a first key of a set of one or more keys corresponding to a second key;

    detecting whether the request specifies a key holder of a plurality of key holders;

    as a result of detecting that the request specifies a particular key holder of the plurality of key holders, causing the particular key holder to at least;

    determine, based at least in part on the first information and the first key, whether the electronic signature is valid; and

    determine, based at least in part on the first information, whether the first information satisfies one or more conditions for fulfilling the request;

    as a result of the particular key holder determining that the electronic signature is valid and that the first information satisfies the one or more conditions, obtaining, from the particular key holder, first response information necessary for fulfilling the request, the first response information having been generated based at least in part on one or more cryptographic operations performed using the second key;

    using the obtained first response information to provide, to the requestor, a response to the request;

    receiving a second request to perform a cryptographic operation, the second request including second information and a second electronic signature based at least in part on a portion of the second information, the electronic signature verifiable with a third key of a second set of one or more keys corresponding to a fourth key;

    determining, based at least in part on the second information and the third key, whether the second electronic signature is valid;

    determining, based at least in part on the second information, whether the second information satisfies one or more second conditions for fulfilling the second request; and

    as a result of determining that the second electronic signature is valid and that the second information satisfies the one or more second conditions, using the fourth key to perform one or more cryptographic operations to fulfill the second request.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×