Key management in a distributed system

Assignee

• AMAZON TECHNOLOGIES, INC. · US

Inventors

• Gregory Branchek Roth · Seattle, US
• Kevin Ross O'Neill · Seattle, US
• Nathan R. Fitch · Seattle, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/062
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Secure information is managed for each host or machine in an electronic environment using cryptographic keys. In some embodiments, a globally distributed system manage and rotate keys across various nodes within the system based on a predetermined schedule of each key's lifecycle. The predetermined schedule decides when keys are created, distributed, and used with respect to each key's pre-assigned time (e.g., an expiration time, a creation time). The schedule of the key's lifecycle may be predetermined and adjusted based on various system requirements. The keys may be automatically rotated throughout the various nodes in the system in a way such that the keys are not unnecessarily exposed for too long but are accessible to the ciphertext producers and the ciphertext consumers when needed. Further, the keys are created and rotated in a way to ensure robustness of the system in the event of a global WAN outage or network partition.