Hardening tokenization security and key rotation

申请公布号：US9628274(B1)

申请号：US201414542288

申请日期：2014.11.14

申请公布日期：2017.04.18

申请人：

Amazon Technologies, Inc.

发明人：Jenks Jason;Sethi Tushaar;Low Brandon B.;Cetina Jason;Johansson Jesper Mikael;Brunette Waylon;Char Hanson;Proffit Spencer

分类号：H04L29/06;H04L9/08

主分类号：H04L29/06

代理机构：

Davis Wright Tremaine LLP

代理人：Davis Wright Tremaine LLP

地址：Seattle WA US

摘要：A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.

主权项：1. A method comprising: calling a ciphertext-to-ciphertext encryption function of an adjunct application programming interface (API), the ciphertext-to-ciphertext encryption function implemented in a hardware security module (HSM); accessing the HSM using the ciphertext-to-ciphertext encryption function of the adjunct API; receiving data from a database stored on a storage device external to the HSM; and performing key rotation of a first encrypted secret in the HSM using the ciphertext-to-ciphertext encryption function, the first encrypted secret received from the database, wherein the performing the key rotation comprises: receiving the first encrypted secret at the HSM, wherein the first encrypted secret is encrypted with a first key;decrypting, using the ciphertext-to-ciphertext encryption function within the HSM, the first encrypted secret to produce cleartext;encrypting, using the ciphertext-to-ciphertext encryption function within the HSM, the cleartext using a second key to create a second encrypted secret;storing the second encrypted secret in the database;updating a flag in the database to result in an updated flag, the updated flag indicating that the second encrypted secret is to be used for cryptographic operations; andstoring an association between the first encrypted secret and the second encrypted secret in the database, the association is used to backfill a missing first encrypted secret in the database based at least in part on the second encrypted secret in the database.

BAG-SHAPED BANDAGE

Electret process and products.

Mould for large mouldings of composite material.

Rubber compositions and articles thereof having improved metal adhesion and metal adhesion retention.

Salt of S-adenosyl-L-methionine, composition contaning such salt, preferably for pharmaceutical use, and process for preparing them.

Gyrotron device.

(A3 B1) ;ELECTROCHEMICAL STORAGE CELL

Antimicrobial latex composition shaped article produced therefrom, and method of manufacturing a shaped article.

LACTONE AND PROCESS FOR PRODUCTION THEREOF

1-BENZOXEPIN-5(2H)-ONE DERIVATIVES AND THEIR SALTS, AND PROCESSES FOR THEIR PREPARATION

PHOSPHORYLATING AGENT AND PROCESS FOR THE PHOSPHORYLATION OF ORGANIC HYDROXYL COMPOUNDS

FIELD CROP HARVESTING AND LOADING MACHINE

MOVEMENT LIMITING DEVICE FOR A PRESSURIZED INSTALLATION

3-NITRO PYRROLE COMPOUNDS,PROCESSES FOR PREPARING THEM AND PHARMACEUTICAL COMPOSITIONS CONTAINING THEM

FEEDWATER CONTROLLER

VARIOUS PROTRACTOR FOR ARBITRARY ANGLE OF SINGLE-STROKE DRAWING STRUCTURE

PICTURE PROCESSING SYSTEM

Joint manipulator

MULTIPLE ZONE FLUID-SOLIDS CONTACTING APPARATUS

Protective device