Protection for restricted actions on critical resources

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Anuj Dhawan · Sydney, AU
• Brijesh Bhupendra Desai · Redmond, US
• Kameshwar Jayaraman · Redmond, US
• Ayla Kol · Sammamish, US
• Amit A. BAPAT · Sammamish, US
• Qi Cao · Beijing, CN
• Steven Jay LIEBERMAN · Redmond, US
• Ganesh Pandey · Redmond, US
• Parul Manek · Redmond, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/064
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Methods, systems, and computer programs are presented for protecting restricted actions on encryption keys that control the management of data stored by a service provider. In some implementations, a system of the service provider receives a request to generate a data encryption policy (DEP) for data stored by the system of the service provider for a customer, the request including a reference to a customer key and an availability key. The customer key and the availability key are root keys for encrypting a data encryption key. The data encryption key is used to encrypt the data stored by the service provider for the customer. Further, destructive changes to the availability key require receiving an approval from an account of the service provider. The system of the service provider validates the DEP. The system of the service provider stores the DEP based on the validation.