| CPC H04L 9/0894 (2013.01) [G06F 21/6209 (2013.01); H04L 9/0825 (2013.01); H04L 9/0891 (2013.01); G06F 21/62 (2013.01); G06F 21/64 (2013.01); H04L 9/0897 (2013.01); H04L 63/06 (2013.01)] | 20 Claims |
|
1. A method for managing a secret in a distributed system, the method comprising:
obtaining protection pipeline requirements for a protection pipeline to manage the secret, the secret being used to provide computer implemented services;
obtaining a protection pipeline definition using the protection pipeline requirements;
establishing the protection pipeline using the protection pipeline definition and at least one escrow agent;
escrowing at least one multiply encrypted copy of the secret with the protection pipeline;
while the at least one multiply encrypted copy of the secret is escrowed with the protection pipeline, monitoring an operation of the protection pipeline for a deviation of the operation from the protection pipeline definition, the deviation causing an impact on a level of protection for the secret, and the level of protection being specified at least in part by the protection pipeline requirements;
using the at least one multiply encrypted copy of the secret to restore access to the secret following loss of access to the secret; and
after restoring access to the secret, using the secret to continue provisioning of the computer implemented services.
|