公开(公告)号：US09722974B1

公开(公告)日：2017-08-01

申请号：US14575906

申请日：2014-12-18

Applicant: Amazon Technologies, Inc.

Inventor： Erik James Fuller ,  Ali Mustafa Nassaje ,  Julie Anne Margaret Sparrow ,  Volker R. A. Tilgner ,  Kerry Michael Wright

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/0822 ,  H04L9/0836 ,  H04L9/14 ,  H04L63/061 ,  H04L2209/76

Abstract: A re-encryption service module in a multi-tiered encryption system that manages key rotation policies continuously or periodically re-encrypts data. Each encryption tier in the system can include a node programmed to service encryption, decryption, and/or re-encryption requests and a key store to store encryption keys. A computing node that interfaces with a requesting device may include the re-encryption service module. The re-encryption module may receive encrypted data and a key identifier identifying the key used to encrypt the data. The re-encryption module may decrypt the encrypted data using the identified key, retrieve a new key if the identified key is exhausted, and use the new key to encrypt the decrypted data. The key identifier may be updated to identify the new key and the re-encrypted data and the updated key identifier may be transmitted to the requesting device.