Hardening tokenization security and key rotation
申请公布号:US9628274(B1)
申请号:US201414542288
申请日期:2014.11.14
申请公布日期:2017.04.18
发明人:Jenks Jason;Sethi Tushaar;Low Brandon B.;Cetina Jason;Johansson Jesper Mikael;Brunette Waylon;Char Hanson;Proffit Spencer
分类号:H04L29/06;H04L9/08
主分类号:H04L29/06
代理人:Davis Wright Tremaine LLP
地址:Seattle WA US
摘要:A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.
主权项:1. A method comprising: calling a ciphertext-to-ciphertext encryption function of an adjunct application programming interface (API), the ciphertext-to-ciphertext encryption function implemented in a hardware security module (HSM); accessing the HSM using the ciphertext-to-ciphertext encryption function of the adjunct API; receiving data from a database stored on a storage device external to the HSM; and performing key rotation of a first encrypted secret in the HSM using the ciphertext-to-ciphertext encryption function, the first encrypted secret received from the database, wherein the performing the key rotation comprises: receiving the first encrypted secret at the HSM, wherein the first encrypted secret is encrypted with a first key;decrypting, using the ciphertext-to-ciphertext encryption function within the HSM, the first encrypted secret to produce cleartext;encrypting, using the ciphertext-to-ciphertext encryption function within the HSM, the cleartext using a second key to create a second encrypted secret;storing the second encrypted secret in the database;updating a flag in the database to result in an updated flag, the updated flag indicating that the second encrypted secret is to be used for cryptographic operations; andstoring an association between the first encrypted secret and the second encrypted secret in the database, the association is used to backfill a missing first encrypted secret in the database based at least in part on the second encrypted secret in the database.
Electret process and products.
Mould for large mouldings of composite material.
(A3 B1) ;ELECTROCHEMICAL STORAGE CELL
LACTONE AND PROCESS FOR PRODUCTION THEREOF
1-BENZOXEPIN-5(2H)-ONE DERIVATIVES AND THEIR SALTS, AND PROCESSES FOR THEIR PREPARATION
PHOSPHORYLATING AGENT AND PROCESS FOR THE PHOSPHORYLATION OF ORGANIC HYDROXYL COMPOUNDS
FIELD CROP HARVESTING AND LOADING MACHINE
MOVEMENT LIMITING DEVICE FOR A PRESSURIZED INSTALLATION
VARIOUS PROTRACTOR FOR ARBITRARY ANGLE OF SINGLE-STROKE DRAWING STRUCTURE