Unified management of cryptographic keys using virtual keys and referrals
First Claim
Patent Images
1. A system, comprising:
- memory to store executable instructions that, if executed by one or more hardware processors, cause at least one computing device to;
receive, from a client, a request for a data key, the request specifying a key identifier;
select, based at least in part on the key identifier, a key from a set of keys managed for an entity associated with the client, the set of keys includinga subset of virtual keys, the subset of virtual keys being associated with a set of cryptographic keys that is inaccessible to the at least one computing device and managed by different computing device; and
provide, based at least in part on the key being a member of the subset of virtual keys, a cryptographic configuration and a reference to the different computing device, the reference includinginformation usable to cause the different computing device to provide the data key.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptography service allows for management of cryptographic keys in multiple environments. The service allows for specification of policies applicable to cryptographic keys, such as what cryptographic algorithms should be used in which contexts. In some contexts, the cryptography service, upon receiving a request for a key, provides a referral to another system to obtain the key.
-
Citations
21 Claims
-
1. A system, comprising:
-
memory to store executable instructions that, if executed by one or more hardware processors, cause at least one computing device to; receive, from a client, a request for a data key, the request specifying a key identifier; select, based at least in part on the key identifier, a key from a set of keys managed for an entity associated with the client, the set of keys including a subset of virtual keys, the subset of virtual keys being associated with a set of cryptographic keys that is inaccessible to the at least one computing device and managed by different computing device; and provide, based at least in part on the key being a member of the subset of virtual keys, a cryptographic configuration and a reference to the different computing device, the reference including information usable to cause the different computing device to provide the data key. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method, comprising:
-
receiving, at computer system, a request for a key, the request indicating a set of cryptographic algorithms and a key identifier of a key stored by the computer system; selecting, based at least in part on the key identifier and the set of cryptographic algorithms, a cryptographic algorithm; and providing a response to the request that comprises the key and indicates the cryptographic algorithm. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium to store executable instructions that, if executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, from a first computing device, a response to a first request, the first request specifying a key identifier; determine that the response indicates a referral to a second computing device; and transmit a second request to the second computing device to obtain a key. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification