US 11,671,251 B1
Application programming interface to generate data key pairs
Rajkumar Copparapu, Sammamish, WA (US); Peter Da-Ming Zieske, Seattle, WA (US); Benjamin Seidenberg, Seattle, WA (US); and Justin Derby, Edmonds, WA (US)
Assigned to Amazon Technologies, Inc., Seattle, WA (US)
Filed by Amazon Technologies, Inc., Seattle, WA (US)
Filed on Nov. 29, 2019, as Appl. No. 16/699,452.
Int. Cl. H04L 9/08 (2006.01); G06F 9/54 (2006.01); H04L 9/06 (2006.01)
CPC H04L 9/0877 (2013.01) [G06F 9/541 (2013.01); G06F 9/546 (2013.01); H04L 9/0618 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method, comprising:
obtaining, at a web server that provides an interface of a key management service, a web service application programming interface request to generate a data key pair;
at a hardware security module (HSM) of the key management service:
generating a pregenerated data key pair before the request was obtained, the pregenerated data key pair comprising a public key and a private key;
adding the pregenerated data key pair to a queue of data key pairs;
selecting the queue from a plurality of queues of different types of key pairs according to a type of data key pair specified in the request, wherein the plurality of queues comprises a first queue corresponding to a first cryptographic algorithm and a second queue corresponding to a second cryptographic algorithm;
removing the pregenerated data key pair from the selected queue; and
providing the pregenerated data key pair to be included with a response to the request; and
transmitting, from the web server, the response to the web service application programming interface request that comprises the pregenerated data key pair.