SG11201903338WA - Fault tolerant automatic secret rotation - Google Patents

Fault tolerant automatic secret rotation

Info

Publication number
SG11201903338WA
SG11201903338WA SG11201903338WA SG11201903338WA SG11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA
Authority
SG
Singapore
Prior art keywords
microsoft
redmond
llc
secrets
international
Prior art date
Application number
SG11201903338WA
Inventor
Andy Ness
Manson Ng
Jeffrey E Steinbok
Jeff Mcdowell
Patrick Moulhaud
Original Assignee
Microsoft Technology Licensing Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing Llc filed Critical Microsoft Technology Licensing Llc
Publication of SG11201903338WA publication Critical patent/SG11201903338WA/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/40Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5041Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
    • H04L41/5054Automatic deployment of services triggered by the service manager, e.g. service implementation by automatic configuration of network components
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
  • Hardware Redundancy (AREA)
  • Retry When Errors Occur (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

WO 18/08095 0 Al (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 03 May 2018 (03.05.2018) WIP0 I PCT onion °nolo omm mo im loollowom oimIE (10) International Publication Number WO 2018/080950 Al (51) International Patent Classification: H04L 29/06 (2006.01) HO4L 9/08 (2006.01) H04L 12/24 (2006.01) HO4L 29/08 (2006.01) (21) International Application Number: PCT/US2017/057785 (22) International Filing Date: 23 October 2017 (23.10.2017) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 62/414,542 28 October 2016 (28.10.2016) US 15/600,129 19 May 2017 (19.05.2017) US (71) Applicant: MICROSOFT TECHNOLOGY LI- CENSING, LLC [US/US]; One Microsoft Way, Redmond, Washington 98052-6399 (US). (72) Inventors: NESS, Andy; Microsoft Technology Licens- ing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). NG, Manson; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Wash- ington 98052-6399 (US). STEINBOK, Jeffrey E.; Mi- crosoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). MCDOWELL, Jeff; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). MOUL- HAUD, Patrick; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). (74) Agent: MINHAS, Sandip S. et al.; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washing- ton 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, (54) Title: FAULT TOLERANT AUTOMATIC SECRET ROTATION (57) : The techniques discussed herein relate to providing fault tolerant automatic secret rotation for secrets maintained in a se- cret distribution infrastructure. In an implementation, an apparatus in- cludes one or more computer readable storage media and a secret rota- tion service including program instructions stored on the one or more computer readable storage media. The program instructions, when ex- 400 ecuted by one or more processing systems of a key master service (KMS) system, direct the one or more processing systems to rotate one YES or more secrets being served by the KMS system and provide other components of the secret distribution infrastructure with rotation in- formation identifying the one or more secrets. The instructions, when executed, further direct the one or more processing system to validate that the one or more secrets have been rotated at the other components of the secret distribution infrastructure and, once validated, publish the rotation information to a metadata storage service. FIGURE 4 [Continued on next page] MONITOR SECRET ROTATION SCI-EDULE 401 IDENTIFY SECRETS TO ROTATE 405 ROTATE SECRETS 407 I PROVIDE ROTATION INFORMATION TO OTHER COMPONENTS 1 VALIDATE ROTATED SECRETS 411 1. PUBLISH ROTATION INFORMATION TO METADATA STORAGE SERVICE 413 WO 2018/080950 Al MIDEDIMOMMIDIRENH 0 OIRMOIRIBINIMOVOIMIE EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(11)) as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.1 7(iii)) Published: — with international search report (Art. 21(3))
SG11201903338WA 2016-10-28 2017-10-23 Fault tolerant automatic secret rotation SG11201903338WA (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201662414542P 2016-10-28 2016-10-28
US15/600,129 US20180123781A1 (en) 2016-10-28 2017-05-19 Fault tolerant automatic secret rotation
PCT/US2017/057785 WO2018080950A1 (en) 2016-10-28 2017-10-23 Fault tolerant automatic secret rotation

Publications (1)

Publication Number Publication Date
SG11201903338WA true SG11201903338WA (en) 2019-05-30

Family

ID=62022729

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201903338WA SG11201903338WA (en) 2016-10-28 2017-10-23 Fault tolerant automatic secret rotation

Country Status (17)

Country Link
US (1) US20180123781A1 (en)
EP (1) EP3533200B1 (en)
JP (1) JP2019534512A (en)
KR (1) KR20190070332A (en)
CN (1) CN109891847A (en)
AU (1) AU2017351050A1 (en)
BR (1) BR112019005123A2 (en)
CA (1) CA3037351A1 (en)
CL (1) CL2019001042A1 (en)
CO (1) CO2019003766A2 (en)
IL (1) IL266207A (en)
MX (1) MX2019004860A (en)
PH (1) PH12019550031A1 (en)
RU (1) RU2019112870A (en)
SG (1) SG11201903338WA (en)
WO (1) WO2018080950A1 (en)
ZA (1) ZA201901670B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10320572B2 (en) * 2016-08-04 2019-06-11 Microsoft Technology Licensing, Llc Scope-based certificate deployment
US11018860B2 (en) 2016-10-28 2021-05-25 Microsoft Technology Licensing, Llc Highly available and reliable secret distribution infrastructure
CN114041275B (en) * 2019-06-26 2024-02-23 微软技术许可有限责任公司 Confidential lifecycle management on a serverless platform
US11418327B2 (en) 2019-11-14 2022-08-16 International Business Machines Corporation Automatic provisioning of key material rotation information to services
CN111698088B (en) * 2020-05-28 2022-10-18 平安科技(深圳)有限公司 Key alternation method, key alternation device, electronic equipment and medium
WO2023043564A1 (en) * 2021-09-15 2023-03-23 Microsoft Technology Licensing, Llc. Secret rotation in a cloud service
US11979496B2 (en) 2021-09-15 2024-05-07 Microsoft Technology Licensing, Llc Secret rotation in a cloud service

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6965674B2 (en) * 2002-05-21 2005-11-15 Wavelink Corporation System and method for providing WLAN security through synchronized update and rotation of WEP keys
US8379865B2 (en) * 2006-10-27 2013-02-19 Safenet, Inc. Multikey support for multiple office system
CN102238002A (en) * 2010-04-30 2011-11-09 国际商业机器公司 Dynamic encryption and decryption methods and equipment for network communication
US8908868B1 (en) * 2012-05-17 2014-12-09 Amazon Technologies, Inc. Key rotation with external workflows
US8712044B2 (en) * 2012-06-29 2014-04-29 Dark Matter Labs Inc. Key management system
US9419948B2 (en) * 2013-11-15 2016-08-16 Adobe Systems Incorporated Method and apparatus for avoiding license storming during an unplanned regional blackout
US9843446B2 (en) * 2014-10-14 2017-12-12 Dropbox, Inc. System and method for rotating client security keys
US9735961B2 (en) * 2015-11-16 2017-08-15 Verizon Patent And Licensing Inc. Managing key rotations with multiple key managers

Also Published As

Publication number Publication date
EP3533200A1 (en) 2019-09-04
EP3533200B1 (en) 2020-08-19
BR112019005123A2 (en) 2019-06-04
IL266207A (en) 2019-06-30
PH12019550031A1 (en) 2019-12-02
MX2019004860A (en) 2019-08-12
ZA201901670B (en) 2020-09-30
WO2018080950A1 (en) 2018-05-03
AU2017351050A1 (en) 2019-03-28
CN109891847A (en) 2019-06-14
CO2019003766A2 (en) 2019-06-28
CA3037351A1 (en) 2018-05-03
KR20190070332A (en) 2019-06-20
US20180123781A1 (en) 2018-05-03
RU2019112870A (en) 2020-10-26
CL2019001042A1 (en) 2019-08-30
JP2019534512A (en) 2019-11-28

Similar Documents

Publication Publication Date Title
SG11201903338WA (en) Fault tolerant automatic secret rotation
SG11201903604PA (en) Iot security service
SG11201906794TA (en) Systems and methods for issuing and tracking digital tokens within distributed network nodes
SG11201906784RA (en) Systems and methods for issuing and tracking digital tokens within distributed network nodes
SG11201901550WA (en) Method and apparatus for data processing
SG11201909999RA (en) Linked multiple blockchain system
SG11201806798XA (en) Systems and methods for allowing a user to access blocked media
SG11201811608TA (en) Systems and methods for transportation service safety assessment
SG11201809963XA (en) Application framework using blockchain-based asset ownership
SG11201804771WA (en) Systems and methods for providing financial data to financial instruments in a distributed ledger system
SG11201805532XA (en) Multivalent and multispecific 41bb-binding fusion proteins
SG11201811240XA (en) Systems and methods for route planning
SG11201806650VA (en) Systems and methods for providing a personal distributed ledger
SG11202000330XA (en) Concept for generating an enhanced sound field description or a modified sound field description using a multi-point sound field description
SG11201804022SA (en) Systems and methods for digital identity management and permission controls within distributed network nodes
SG11201811691RA (en) Systems and methods for verifying authenticity of id photo
SG11201902982PA (en) Automatic provisioning of iot devices
SG11201805648PA (en) Crypto multiple security asset creation and redemption platform
SG11201407455PA (en) Seaweed-based food packaging coating
SG11201806624XA (en) Deposition of molybdenum thin films using a molybdenum carbonyl precursor
SG11201908293QA (en) Selective application of reprojection processing on layer sub-regions for optimizing late stage reprojection power
SG11201710238QA (en) Autonomic incident triage prioritization by performance modifier and temporal decay parameters
SG11201807307VA (en) System and method for aerial system discrimination and action
SG11201811283PA (en) System and method for determining safety score of driver
SG11201905463TA (en) Abstract enclave identity