| 发明名称 |
MULTIPLE AUTHORITY DATA SECURITY AND ACCESS |
| 摘要 |
Data is encrypted such that multiple keys are needed to decrypt the data. The keys are accessible to different entities so that no single entity has access to all the keys. At least one key is managed by a service provider. A customer computer system of the service provider may be configured with executable instructions directing the orchestration of communications between the various entities having access to the keys. As a result, security compromise in connection with a key does not, by itself, render the data decryptable. |
| 申请公布号 |
US2014380054(A1) |
申请公布日期 |
2014.12.25 |
| 申请号 |
US201313922875 |
申请日期 |
2013.06.20 |
| 申请人 |
Amazon Technologies, Inc. |
发明人 |
Roth Gregory Branchek;Wren Matthew James |
| 分类号 |
H04L9/32 |
主分类号 |
H04L9/32 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-readable storage medium having stored thereon instructions that, when executed by one or more processors of a computer system of a customer of a computing resource service provider, cause the computer system to:
cause data to be encrypted under a first key; obtain the first key encrypted based at least in part on a second key and a third key, the customer lacking access to the second key and the computing resource service provider lacking access to the third key, obtaining the first key encrypted based at least in part on the second key and the third key including:
submitting to the computing resource service provider a request to perform one or more cryptographic operations using the second key, the request including information that enables the computing resource provider to select the second key from a plurality of keys managed on behalf of customers of the computing resource service provider; and causing the data encrypted under the first key to be stored in association with the first key encrypted based at least in part on the second key and the third key. |
| 地址 |
Reno NV US |
