| CPC H04L 63/06 (2013.01) [G06F 21/602 (2013.01); H04L 9/0822 (2013.01); H04L 9/0897 (2013.01); H04L 9/3247 (2013.01); H04L 63/062 (2013.01)] | 19 Claims |
|
1. A method comprising:
receiving, from an application, a request to perform a cryptographic operation with a specified application key, wherein the application is associated with a client identification;
identifying a gateway associated with the client identification;
identifying, by a processing device, a respective characteristic of each self-encrypting key management service of a plurality of self-encrypting key management services that correspond to the gateway, wherein each of the plurality of self-encrypting key management services is associated with a respective secure enclave of a plurality of secure enclaves, wherein the specified application key is encrypted at each of the plurality of secure enclaves by a respective secure enclave key of a plurality of secure enclave keys, and wherein the specified application key is stored in a shared storage resource accessible by each of the plurality of self-encrypting key management services;
identifying a self-encrypting key management service of the plurality of self-encrypting key management services, wherein a characteristic of the identified self-encrypting key management service satisfies a threshold criterion; and
sending the request to the identified self-encrypting key management service, wherein the request identifies, using an interface of the self-encrypting key management service, a type of cryptographic operation to be performed by a cryptographic operation component of the self-encrypting key management service.
|