| 发明名称 |
DATA SECURITY USING REQUEST-SUPPLIED KEYS |
| 摘要 |
Requests are submitted to a request processing entity where the requests include a cryptographic key to be used in fulfilling the request. The request processing entity, upon receipt of the request, extracts the key from the request and uses the key to perform one or more cryptographic operations to fulfill the request. The one or more cryptographic operations may include encryption/decryption of data that to be/is stored, in encrypted form, by a subsystem of the request processing entity. Upon fulfillment of the request, the request processing entity may perform one or more operations to lose access to the key in the request, thereby losing the ability to use the key. |
| 申请公布号 |
US2015089244(A1) |
申请公布日期 |
2015.03.26 |
| 申请号 |
US201314037292 |
申请日期 |
2013.09.25 |
| 申请人 |
Amazon Technologies, Inc. |
发明人 |
Roth Gregory Branchek;Brandwine Eric Jason |
| 分类号 |
G06F21/60 |
主分类号 |
G06F21/60 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computer-implemented method, comprising:
under the control of one or more computer systems of a service provider, the one or more computer systems configured with executable instructions,
receiving, from a requestor corresponding to a customer of the service provider, a request whose fulfillment involves performance of one or more cryptographic operations on data provided with the request and use of a cryptographic key supplied in the request, the service provider lacking access to the cryptographic key for an amount of time until receipt of the request;causing the request to be fulfilled by using the supplied cryptographic key as part of performing the one or more cryptographic operations on the specified data; andproviding a result of performing the one or more cryptographic operations to a data storage system; andat a time after performing the one or more cryptographic operations, performing one or more operations that cause the service provider to lose access to the cryptographic key. |
| 地址 |
Reno NV US |
