| CPC H04L 9/0894 (2013.01) [H04L 9/0822 (2013.01); H04L 63/126 (2013.01)] | 20 Claims |
|
1. A computer-implemented method, the method comprising:
receiving, by a computing device of a cloud computing system, a key identification, an encrypted key-encryption key, an identity of a client device, and a request from the client device to store the key identification and the encrypted key-encryption key, wherein the encrypted key-encryption key is generated by encrypting a key-encryption key;
verifying, by a control plane of the computing device, the request based at least in part on:
validating the identity of the client device, and
validating whether the client device is authorized to store the key identification and encrypted key-encryption key;
transmitting, by the control plane of the computing device and based at least in part on verifying the request, the key identification, the encrypted key-encryption key, and the request to store the key identification and the encrypted key-encryption key to a keystore,
wherein a logical sequence number is generated based on the request to store the key identification and the encrypted key-encryption key;
polling, by a data plane of the computing device, the keystore for the logical sequence number and the encrypted key-encryption key;
reading, by the data plane of the computing device and in response to detecting the logical sequence number, the key identification and the encrypted key-encryption key from the keystore;
storing, by the data plane of the computing device, the logical sequence number, the key identification, and the encrypted key-encryption key in a storage of the computing device; and
transmitting, by the data plane of the computing device, the stored logical sequence number to the keystore.
|