CPC H04L 9/0877 (2013.01) [G06F 9/541 (2013.01); G06F 9/546 (2013.01); H04L 9/0618 (2013.01)] | 20 Claims |
1. A computer-implemented method, comprising:
obtaining, at a web server that provides an interface of a key management service, a web service application programming interface request to generate a data key pair;
at a hardware security module (HSM) of the key management service:
generating a pregenerated data key pair before the request was obtained, the pregenerated data key pair comprising a public key and a private key;
adding the pregenerated data key pair to a queue of data key pairs;
selecting the queue from a plurality of queues of different types of key pairs according to a type of data key pair specified in the request, wherein the plurality of queues comprises a first queue corresponding to a first cryptographic algorithm and a second queue corresponding to a second cryptographic algorithm;
removing the pregenerated data key pair from the selected queue; and
providing the pregenerated data key pair to be included with a response to the request; and
transmitting, from the web server, the response to the web service application programming interface request that comprises the pregenerated data key pair.
|