US 12,010,229 B2
Durability enforcement of cryptographic keys in a key management system
Vaijayanthimala K. Anand, Austin, TX (US); Wesley Leggette, Chicago, IL (US); Akila Srinivasan, Carpentersville, IL (US); Bruno Henriques, Cedar Park, TX (US); and Cameron Paul Kurotori, Austin, TX (US)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed on May 25, 2021, as Appl. No. 17/329,604.
Prior Publication US 2022/0385464 A1, Dec. 1, 2022
Int. Cl. H04L 9/14 (2006.01); G06F 9/54 (2006.01); H04L 9/08 (2006.01)
CPC H04L 9/0894 (2013.01) [G06F 9/546 (2013.01); H04L 9/14 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer implemented method comprising:
receiving, by a key management service (KMS), a first request from a data storage service or an application to encrypt a first level key, the request including the first level key and a second level key identification (ID) of a stored encrypted second level key, and a flag indicating a durability type;
determining, by the KMS, that a durability check of the encrypted second level key is required based on the durability type indicated by the flag of the request to encrypt the first level key;
determining, by the KMS, a durability status of the encrypted second level key by comparing actual storage of the encrypted second level key in one or more storage locations with predetermined storage rules for a durability type of the encrypted second level key, wherein the durability status indicates that the storage of the encrypted second level key complies with the durability type; and
sending, by the KMS, a notification regarding the durability status to the data storage service in response to the first request.