Key generation and broadcasting

摘要

Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.

主权项

1. A method, comprising:
receiving, from a client device and via a computer network, an encrypted message having associated metadata; identifying a first key pair included in a list of key pairs based on the metadata; determining whether the first key pair is included in an active window associated with the list of key pairs, wherein the active window indicates a certain number of key pairs that are currently valid for transactions; and if the first key pair is included in the active window, then decrypting the encrypted message based on a decryption key associated with the first key pair; or if the first key pair is not included in the active window but is subsequent to a currently active key pair in the list of key pairs, then decrypting the encrypted message based on a decryption key associated with the first key pair and advancing the active window to include the first key pair; or if the first key pair is not included in the active window and is prior to a currently active key pair in the list of key pairs, then indicating a failure.