| CPC H04L 9/0825 (2013.01) [H04L 9/0618 (2013.01); H04L 9/0894 (2013.01); H04L 9/14 (2013.01); H04L 9/3073 (2013.01)] | 20 Claims |
|
1. A method comprising:
encrypting, by a key management service in a provider network, a plaintext datum using a first symmetric key to produce a ciphertext datum;
using, by an integrated service in the provider network, a secret sharing algorithm to produce a set of N plaintext shares of the first symmetric key;
encrypting, by the key management service, each plaintext share of the set of N plaintext shares using a respective public key of a set of N asymmetric key pairs to produce a respective ciphertext share of a set of N ciphertext shares;
decrypting, by the key management service, each ciphertext share of a first set of K ciphertext shares of the set of N ciphertext shares using a respective private key of the set of N asymmetric key pairs to recover a respective plaintext share of a set of K plaintext shares of the set of N plaintext shares;
encrypting, by the key management service, each plaintext share of the set of K plaintext shares using a second symmetric key to produce a respective ciphertext share of a second set of K ciphertext shares;
decrypting, by the key management service, each ciphertext share of the second set of K ciphertext shares using the second symmetric key to recover a respective plaintext share of the set of K plaintext shares;
recovering, by the integrated service, the first symmetric key from the set of K plaintext shares; and
decrypting, by the key management service, the ciphertext datum using the first symmetric key to recover the plaintext datum.
|