公开(公告)号：US08848922B1

公开(公告)日：2014-09-30

申请号：US13685643

申请日：2012-11-26

Applicant: Amazon Technologies, Inc.

Inventor： Cyrus J. Durgin ,  Pratik S. Dave ,  Eric J. Martin

IPC: H04L9/12 ,  G06F21/62 ,  H04L9/14

CPC classification number: G06F21/6218 ,  G06F21/6209

Abstract: Secure information is managed for each host or machine in an electronic environment using a series of key identifiers that each represent one or more secure keys, passwords, or other secure information. Applications and services needing access to the secure information can specify the key identifier, for example, and the secure information currently associated with that identifier can be determined without any change to the code or manual input or exposure of the secure information on the respective device. Functionality such as encryption key management and rotation are inaccessible and transparent to the user. In a networked or distributed environment, the key identifiers can be associated with host classes such that at startup any host in a class can obtain the necessary secure information. Updates and key rotation can be performed in a similar fashion by pushing updates to host classes transparent to a user, application, or service.

Abstract translation: 使用一系列关键标识符，每个代表一个或多个安全密钥，密码或其他安全信息，在电子环境中为每个主机或计算机管理安全信息。 需要访问安全信息的应用和服务可以指定密钥标识符，例如，可以确定当前与该标识符相关联的安全信息，而不改变代码或手动输入或者在相应设备上的安全信息的暴露。 诸如加密密钥管理和旋转等功能对于用户来说是无法访问和透明的。 在联网或分布式环境中，密钥标识符可以与主机类相关联，使得在启动时，类中的任何主机都可以获得必要的安全信息。 通过将更新推送给用户，应用程序或服务透明的主机类，可以以类似的方式执行更新和关键循环。