Data encryption for virtual workspaces

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Malcolm Russell Ah Kun · Bellevue, US
• Anshuk Chakraborty · Seattle, US
• Gopala Krishna Ambareesh · Bellevue, US
• Nakul Namdeo Dhande · Seattle, US
• Nathan Bartholomew Thomas · Seattle, US
• Zhenghong Sun · Seattle, US
• Prasanna Subash · Kenmore, US
• Salman Aftab Paracha · Redmond, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2107
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Virtual workspaces can be provided using shared resources and network-attached storage. A workspace accessed under a customer account has a unique key generated using a combination of a customer master key and an encryption context. The encryption context is specific to the workspace, such as may include a hash of specific values for the workspace. When a new instance is generated, a first data volume is generated using a machine image and data snapshot encrypted under a current encryption key. The snapshot is copied to a new snapshot, and a new encryption key obtained that is based on the customer master key and the current encryption context. The snapshot is used to create a new data volume encrypted under the new encryption key. The new volume is attached to the workspace instance such that data transmitted between the workspace and the new volume is encrypted under the volume-specific encryption key.