Event management in distributed computing system
US-12155753-B2 · Nov 26, 2024 · US
Key generation and broadcasting
US9614818B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9614818-B2 |
| Application number | US-201514810340-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 27, 2015 |
| Priority date | Aug 16, 2013 |
| Publication date | Apr 4, 2017 |
| Grant date | Apr 4, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encrypted key pairs and maintains an active window of keys to can be accepted from client devices that communicate sensitive data to the computing infrastructure. If the key consumer receives a key from a client device that is outside of the active window yet that corresponds to a future key pair in the list, the key consumer advances the active window towards the future key pair.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving, from a client device and via a computer network, an encrypted message having associated metadata; identifying a first key pair included in a list of key pairs based on the metadata; determining whether the first key pair is included in an active window associated with the list of key pairs, wherein the active window indicates a certain number of key pairs that are currently valid for transactions; and if the first key pair is included in the active window, then decrypting the encrypted message based on a decryption key associated with the first key pair; or if the first key pair is not included in the active window but is subsequent to a currently active key pair in the list of key pairs, then decrypting the encrypted message based on a decryption key associated with the first key pair and advancing the active window to include the first key pair; or if the first key pair is not included in the active window and is prior to a currently active key pair in the list of key pairs, then indicating a failure. 2. The method of claim 1 , further comprising publishing a public key corresponding to the first key pair to a key distributor. 3. The method of claim 2 , wherein the key distributor issues the public key to one or more client computers. 4. The method of claim 3 , wherein the encrypted message is received from a first client computer that is configured to encrypt a message with the public key to generate the encrypted message. 5. The method of claim 1 , further comprising downloading the list of key pairs from a key escrow. 6. The method of claim 1 , further comprising defining the active window to include a maximum number of previous key pairs preceding the currently active key pair. 7. The method of claim 1 , further comprising generating the list of key pairs, and publishing the list of key pairs to a key escrow. 8. A computing infrastructure, comprising: one more computer systems that include one or memories storing a key publisher and a key consumer, wherein the key publisher is configured to: generate a list of encrypted key pairs, designate a key pair included in the list of encrypted key pairs as a currently active key pair, publishing a public key corresponding to the currently active key pair to a key distributor, and publishing the list of encrypted key pairs to a key escrow; and wherein the key consumer is configured to: receive the list of encrypted key pairs from the key escrow, receive, via a computer network, an encrypted message from a client computer having associated metadata, identify a first key pair included in the list of key pairs based on the metadata; determine whether the first key pair is included in an active window that is associated with the list of key pairs and includes the currently active key pair, wherein the active window indicates a certain number of key pairs that are currently valid for transactions; and decrypt the encrypted message based on a decryption key associated with the first key pair and advance the active window to include the first key pair when the first key pair is not included in the active window but is subsequent to the currently active key pair in the list of key pairs. 9. The computer infrastructure of claim 8 , wherein the key consumer is further configured to decrypt the encrypted message based on the decryption key associated with the first key pair when the first key pair is included in the active window. 10. The computer infrastructure of claim 9 , wherein the key consumer is further configured to indicate a failure when the first key pair is not included in the active window and is prior to the currently active key pair in the list of key pairs. 11. The computer infrastructure of claim 8 , wherein the key distributor issues the public key to one or more client computers. 12. The computer infrastructure of claim 11 , wherein the client computer that is configured to encrypt a message with the public key to generate the encrypted message. 13. The system of claim 8 , wherein the active window includes a maximum number of previous key pairs preceding the currently active key pair. 14. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to perform the steps of: receiving a list of encrypted key pairs from a key escrow; receiving, from a client device and via a computer network, an encrypted message having associated metadata; identifying a first key pair included in the list of key pairs based on the metadata; determining whether the first key pair is included in an active window associated with the list of key pairs, wherein the active window indicates a certain number of key pairs that are currently valid for transactions; and decrypting the encrypted message based on a decryption key associated with the first key pair when the first key pair is included in the active window. 15. The non-transitory computer-readable medium of claim 14 , further comprising decrypting the encrypted message based on the decryption key associated with the first key pair and advancing the active window to include the first key pair when the first key pair is not included in the active window but is subsequent to a currently active key pair in the list of key pairs. 16. The non-transitory computer-readable medium of claim 15 , further comprising generating the list of key pairs, and publishing the list of key pairs to a key escrow. 17. The non-transitory computer-readable medium of claim 14 , further comprising indicating a failure when the first key pair is not included in the active window and is prior to a currently active key pair in the list of key pairs. 18. The non-transitory computer-readable medium of claim 14 , comprising publishing a public key corresponding to the first key pair to a key distributor. 19. The non-transitory computer-readable medium of claim 18 , wherein the key distributor issues the public key to one or more client computers. 20. The non-transitory computer-readable medium of claim 19 , wherein the encrypted message is received from a first client computer that is configured to encrypt a message with the public key to generate the encrypted message. 21. The non-transitory computer-readable medium of claim 14 , further comprising downloading the list of key pairs from a key escrow. 22. The non-transitory computer-readable medium of claim 14 , further comprising defining the active window to include a maximum number of previous key pairs preceding a currently active key pair.
Assignees
Inventors
Classifications
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
- H04L63/062Primary
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
- H04L63/0435Primary
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9614818B2 cover?
- Embodiments provide techniques generating and managing encryption keys within a computing infrastructure. Embodiments provide a key publisher that generates and maintains key pairs in a list at a configurable interval. In addition, the key publisher publishes the list to other components within the computing infrastructure. Embodiments also provide a key consumer that downloads the list of encr…
- Who is the assignee on this patent?
- Netflix Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/062. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 04 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).