| CPC H04L 9/083 (2013.01) [H04L 9/3263 (2013.01); H04L 9/3242 (2013.01)] | 20 Claims |
|
1. An application server having a custodian application running thereon, the application server comprising:
one or more processors; and
a memory, the memory storing computer-executable instructions that when executed by the one or more processors, cause the one or more processors to:
instantiate, by the custodian application, a cryptographic microservice application on the application server, the cryptographic microservice application having a unique identifier;
transmit, by the custodian application, a request message to a centralized key management system (KMS), the request message including a request for a data encryption key;
in response to the request message, receive, by the custodian application from the centralized KMS, the data encryption key, the data encryption key being encrypted via a master-level tenant key associated with the custodian application;
transmit, by the custodian application, an authorization request message to the centralized KMS, the authorization request message including the encrypted data encryption key and the unique identifier of the cryptographic microservice application;
in response to the authorization request message, receive, by the custodian application, as authorization grant from the centralized KMS;
transmit, by the custodian application, the authorization grant and the encrypted data encryption key to the cryptographic microservice application;
transmit, by the cryptographic microservice application, an authorization grant request to the centralized KMS, the authorization grant request including the authorization grant and the encrypted data encryption key; and
based on validation of a digitally signed certificate, receive, by the cryptographic microservice application, a decrypted data encryption key from the centralized KMS.
|