| 发明名称 | Multiple authority data security and access | ||
| 摘要 | Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable. | ||
| 申请公布号 | US9407440(B2) | 申请公布日期 | 2016.08.02 |
| 申请号 | US201313922875 | 申请日期 | 2013.06.20 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Roth Gregory Branchek;Wren Matthew James |
| 分类号 | H04L29/06;H04L9/32;H04L9/08;H04L9/14 | 主分类号 | H04L29/06 |
| 代理机构 | Davis Wright Tremaine LLP | 代理人 | Davis Wright Tremaine LLP |
| 主权项 | 1. A non-transitory computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system of a customer of a computing resource service provider, cause the computer system to: submit, to a computing resource service provider computer system of the computing resource service provider, an application programming interface request for a first key; receive, from the computing resource service provider computer system, the first key and, in addition to the first key, a first encrypted first key, the first encrypted first key encrypted based at least in part on a second key, the customer lacking access to the second key; encrypt data based at least in part on the first key to form encrypted data; obtain a second encrypted first key, the second encrypted first key encrypted based at least in part on the second key and a third key, the computing resource service provider lacking access to the third key; and cause the encrypted data to be stored in association with the second encrypted first key. | ||
| 地址 | Seattle WA US | ||