CPC H04L 9/0891 (2013.01) [H04L 9/0894 (2013.01); H04L 9/14 (2013.01)] | 14 Claims |
1. A method for rotating private encryption keys for tenants of a database system, comprising:
generating three separate public-private encryption key pairs for a tenant of the database system, where each of the three separate private encryption keys has a timestamp for indicating when each private encryption key is active;
storing the three separate private encryption keys for the tenant in cloud-based storage;
creating a defined cadence to rotate the private encryption keys for the tenant, where the defined cadence is a specified time span that is determined from the timestamp of the private encryption key;
defining the three separate private encryption keys for the tenant as a past private key, a present private key and a future private key;
storing the public encryption key for the tenant in a global tenant directory;
retrieving the present private key and the public encryption key to encrypt and decrypt data from the tenant;
rotating the three separate private encryption keys if the future private key timestamp is within the specified time span of the defined cadence to rotate the private encryption keys, where
the past private key is discarded,
the present private key becomes a new past private key,
the future private key becomes a new present private key, and
a new future private key is generated; and
storing the new past private key, the new present private key and the new future private key for the tenant in cloud-based storage.
|