公开(公告)号：US12224991B1

公开(公告)日：2025-02-11

申请号：US18067533

申请日：2022-12-16

Applicant: Amazon Technologies, Inc.

Inventor： Sachin P. Joglekar ,  Temesghen Kahsai Azene ,  Kadirvel Chockalingam Vanniarajan ,  Firas Azrai ,  Charles Ward ,  David M. Wheeler

IPC: H04L9/14 ,  H04L9/08 ,  H04L9/30 ,  H04L9/40

Abstract: Systems, devices, and methods are provided for cloud-based privacy controls. User content is encrypted using a content encryption key (CEK). The CEK may be double-encrypted by the data producer—the inner envelope is encrypted using keys associated with privacy domains that are authorized to access the user content. The outer envelope is encrypted using a cloud privacy control's public key. When a data consumer requests access the user content, the cloud privacy control evaluates privacy policies and determine whether access should be permitted. If permitted, the cloud privacy control decrypts the outer envelope and provides the inner envelope with CEK to the requestor. Upon receiving the inner envelope, the data consumer may then decrypt the inner envelope with its privacy domain private key to obtain the CEK. The CEK may then be used to perform a decryption and obtain the user content.