| 发明名称 |
SECURE DATA DESTRUCTION IN A DISTRIBUTED ENVIRONMENT USING KEY PROTECTION MECHANISMS |
| 摘要 |
Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys. |
| 申请公布号 |
US2016112387(A1) |
申请公布日期 |
2016.04.21 |
| 申请号 |
US201514981804 |
申请日期 |
2015.12.28 |
| 申请人 |
Amazon Technologies, Inc |
发明人 |
Cignetti Todd Lawrence;Doane Andrew J.;Brandwine Eric Jason;Fitzgerald Robert Eric |
| 分类号 |
H04L29/06;G06F9/455;H04L9/32 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method for secure data destruction in distributed systems, comprising:
under the control of one or more computer systems configured with executable instructions,
provisioning a virtual machine instance with access to a data encryption key such that a plaintext representation of the data encryption key is inaccessible outside of the virtual machine instance;encrypting data with the data encryption key;causing the encrypted data to be stored persistently outside of the virtual machine instance;receiving a request to destroy the encrypted data; andcausing the virtual machine instance to destroy the data encryption key by at least:
determining, by tracing an audit log, that the data encryption key has been handled in accordance with a set of conditions for preventing exposure of the data encryption key; anddeleting the data encryption key from memory of the virtual machine instance. |
| 地址 |
Seattle WA US |
