| 发明名称 | Probabilistic key rotation | ||
| 摘要 | Information, such as a cryptographic key, is used repeatedly in the performance of operations, such as certain cryptographic operations. To prevent repeated use of the information from enabling security breaches, the information is rotated (replaced with other information). To avoid the resource costs of maintaining a counter on the number of operations performed, decisions of when to rotate the information are performed based at least in part on the output of stochastic processes. | ||
| 申请公布号 | US9300464(B1) | 申请公布日期 | 2016.03.29 |
| 申请号 | US201313922946 | 申请日期 | 2013.06.20 |
| 申请人 | Amazon Technologies, Inc. | 发明人 | Roth Gregory Branchek |
| 分类号 | H04L9/08 | 主分类号 | H04L9/08 |
| 代理机构 | Davis Wright Tremaine LLP | 代理人 | Davis Wright Tremaine LLP |
| 主权项 | 1. A computer-implemented method for managing cryptographic keys in a distributed system, comprising: under the control of one or more computer systems configured with executable instructions, storing a first cryptographic key in each of a plurality of security modules;receiving a request to perform an operation, the performance of which involves an encryption operation using the first cryptographic key specified in the request; andas a result of receiving the request: causing a selected security module from the plurality of security modules to perform the encryption operation using the first cryptographic key;performing a stochastic process to generate a value; andwhen the value satisfies a set of key rotation criteria that limit the probability of using the same nonce multiple times with the first cryptographic key, causing each security module of the plurality of security modules to replace the first cryptographic key with a second cryptographic key. | ||
| 地址 | Seattle WA US | ||