SG11201903338WA - Fault tolerant automatic secret rotation - Google Patents
Fault tolerant automatic secret rotationInfo
- Publication number
- SG11201903338WA SG11201903338WA SG11201903338WA SG11201903338WA SG11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA SG 11201903338W A SG11201903338W A SG 11201903338WA
- Authority
- SG
- Singapore
- Prior art keywords
- microsoft
- redmond
- llc
- secrets
- international
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0886—Fully automatic configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
- H04L41/5041—Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
- H04L41/5054—Automatic deployment of services triggered by the service manager, e.g. service implementation by automatic configuration of network components
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Retry When Errors Occur (AREA)
- Hardware Redundancy (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
WO 18/08095 0 Al (12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property Organization International Bureau (43) International Publication Date 03 May 2018 (03.05.2018) WIP0 I PCT onion °nolo omm mo im loollowom oimIE (10) International Publication Number WO 2018/080950 Al (51) International Patent Classification: H04L 29/06 (2006.01) HO4L 9/08 (2006.01) H04L 12/24 (2006.01) HO4L 29/08 (2006.01) (21) International Application Number: PCT/US2017/057785 (22) International Filing Date: 23 October 2017 (23.10.2017) (25) Filing Language: English (26) Publication Language: English (30) Priority Data: 62/414,542 28 October 2016 (28.10.2016) US 15/600,129 19 May 2017 (19.05.2017) US (71) Applicant: MICROSOFT TECHNOLOGY LI- CENSING, LLC [US/US]; One Microsoft Way, Redmond, Washington 98052-6399 (US). (72) Inventors: NESS, Andy; Microsoft Technology Licens- ing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). NG, Manson; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Wash- ington 98052-6399 (US). STEINBOK, Jeffrey E.; Mi- crosoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). MCDOWELL, Jeff; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). MOUL- HAUD, Patrick; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washington 98052-6399 (US). (74) Agent: MINHAS, Sandip S. et al.; Microsoft Technology Licensing, LLC, One Microsoft Way, Redmond, Washing- ton 98052-6399 (US). (81) Designated States (unless otherwise indicated, for every kind of national protection available): AE, AG, AL, AM, AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY, BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DJ, DK, DM, DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IR, IS, JO, JP, KE, KG, KH, KN, KP, KR, KW, KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, OM, PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN, TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW. (84) Designated States (unless otherwise indicated, for every kind of regional protection available): ARIPO (BW, GH, GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ, TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU, TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE, DK, (54) Title: FAULT TOLERANT AUTOMATIC SECRET ROTATION (57) : The techniques discussed herein relate to providing fault tolerant automatic secret rotation for secrets maintained in a se- cret distribution infrastructure. In an implementation, an apparatus in- cludes one or more computer readable storage media and a secret rota- tion service including program instructions stored on the one or more computer readable storage media. The program instructions, when ex- 400 ecuted by one or more processing systems of a key master service (KMS) system, direct the one or more processing systems to rotate one YES or more secrets being served by the KMS system and provide other components of the secret distribution infrastructure with rotation in- formation identifying the one or more secrets. The instructions, when executed, further direct the one or more processing system to validate that the one or more secrets have been rotated at the other components of the secret distribution infrastructure and, once validated, publish the rotation information to a metadata storage service. FIGURE 4 [Continued on next page] MONITOR SECRET ROTATION SCI-EDULE 401 IDENTIFY SECRETS TO ROTATE 405 ROTATE SECRETS 407 I PROVIDE ROTATION INFORMATION TO OTHER COMPONENTS 1 VALIDATE ROTATED SECRETS 411 1. PUBLISH ROTATION INFORMATION TO METADATA STORAGE SERVICE 413 WO 2018/080950 Al MIDEDIMOMMIDIRENH 0 OIRMOIRIBINIMOVOIMIE EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK, SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ, GW, KM, ML, MR, NE, SN, TD, TG). Declarations under Rule 4.17: as to applicant's entitlement to apply for and be granted a patent (Rule 4.17(11)) as to the applicant's entitlement to claim the priority of the earlier application (Rule 4.1 7(iii)) Published: — with international search report (Art. 21(3))
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201662414542P | 2016-10-28 | 2016-10-28 | |
US15/600,129 US20180123781A1 (en) | 2016-10-28 | 2017-05-19 | Fault tolerant automatic secret rotation |
PCT/US2017/057785 WO2018080950A1 (en) | 2016-10-28 | 2017-10-23 | Fault tolerant automatic secret rotation |
Publications (1)
Publication Number | Publication Date |
---|---|
SG11201903338WA true SG11201903338WA (en) | 2019-05-30 |
Family
ID=62022729
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
SG11201903338WA SG11201903338WA (en) | 2016-10-28 | 2017-10-23 | Fault tolerant automatic secret rotation |
Country Status (17)
Country | Link |
---|---|
US (1) | US20180123781A1 (en) |
EP (1) | EP3533200B1 (en) |
JP (1) | JP2019534512A (en) |
KR (1) | KR20190070332A (en) |
CN (1) | CN109891847A (en) |
AU (1) | AU2017351050A1 (en) |
BR (1) | BR112019005123A2 (en) |
CA (1) | CA3037351A1 (en) |
CL (1) | CL2019001042A1 (en) |
CO (1) | CO2019003766A2 (en) |
IL (1) | IL266207A (en) |
MX (1) | MX2019004860A (en) |
PH (1) | PH12019550031A1 (en) |
RU (1) | RU2019112870A (en) |
SG (1) | SG11201903338WA (en) |
WO (1) | WO2018080950A1 (en) |
ZA (1) | ZA201901670B (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10320572B2 (en) * | 2016-08-04 | 2019-06-11 | Microsoft Technology Licensing, Llc | Scope-based certificate deployment |
US11018860B2 (en) | 2016-10-28 | 2021-05-25 | Microsoft Technology Licensing, Llc | Highly available and reliable secret distribution infrastructure |
EP3991377A4 (en) * | 2019-06-26 | 2023-01-25 | Microsoft Technology Licensing, LLC | Lifecycle management of secrets on serverless platform |
US11418327B2 (en) | 2019-11-14 | 2022-08-16 | International Business Machines Corporation | Automatic provisioning of key material rotation information to services |
CN111698088B (en) * | 2020-05-28 | 2022-10-18 | 平安科技(深圳)有限公司 | Key alternation method, key alternation device, electronic equipment and medium |
US11979496B2 (en) | 2021-09-15 | 2024-05-07 | Microsoft Technology Licensing, Llc | Secret rotation in a cloud service |
WO2023043564A1 (en) * | 2021-09-15 | 2023-03-23 | Microsoft Technology Licensing, Llc. | Secret rotation in a cloud service |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6965674B2 (en) * | 2002-05-21 | 2005-11-15 | Wavelink Corporation | System and method for providing WLAN security through synchronized update and rotation of WEP keys |
US8379865B2 (en) * | 2006-10-27 | 2013-02-19 | Safenet, Inc. | Multikey support for multiple office system |
CN102238002A (en) * | 2010-04-30 | 2011-11-09 | 国际商业机器公司 | Dynamic encryption and decryption methods and equipment for network communication |
US8908868B1 (en) * | 2012-05-17 | 2014-12-09 | Amazon Technologies, Inc. | Key rotation with external workflows |
US8712044B2 (en) * | 2012-06-29 | 2014-04-29 | Dark Matter Labs Inc. | Key management system |
US9419948B2 (en) * | 2013-11-15 | 2016-08-16 | Adobe Systems Incorporated | Method and apparatus for avoiding license storming during an unplanned regional blackout |
US9843446B2 (en) * | 2014-10-14 | 2017-12-12 | Dropbox, Inc. | System and method for rotating client security keys |
US9735961B2 (en) * | 2015-11-16 | 2017-08-15 | Verizon Patent And Licensing Inc. | Managing key rotations with multiple key managers |
-
2017
- 2017-05-19 US US15/600,129 patent/US20180123781A1/en not_active Abandoned
- 2017-10-23 MX MX2019004860A patent/MX2019004860A/en unknown
- 2017-10-23 BR BR112019005123A patent/BR112019005123A2/en not_active Application Discontinuation
- 2017-10-23 CN CN201780066249.4A patent/CN109891847A/en not_active Withdrawn
- 2017-10-23 EP EP17794847.8A patent/EP3533200B1/en active Active
- 2017-10-23 RU RU2019112870A patent/RU2019112870A/en not_active Application Discontinuation
- 2017-10-23 WO PCT/US2017/057785 patent/WO2018080950A1/en unknown
- 2017-10-23 CA CA3037351A patent/CA3037351A1/en not_active Abandoned
- 2017-10-23 SG SG11201903338WA patent/SG11201903338WA/en unknown
- 2017-10-23 KR KR1020197012101A patent/KR20190070332A/en unknown
- 2017-10-23 AU AU2017351050A patent/AU2017351050A1/en not_active Abandoned
- 2017-10-23 JP JP2019519217A patent/JP2019534512A/en not_active Withdrawn
-
2019
- 2019-03-07 PH PH12019550031A patent/PH12019550031A1/en unknown
- 2019-03-18 ZA ZA2019/01670A patent/ZA201901670B/en unknown
- 2019-04-13 CO CONC2019/0003766A patent/CO2019003766A2/en unknown
- 2019-04-16 CL CL2019001042A patent/CL2019001042A1/en unknown
- 2019-04-23 IL IL266207A patent/IL266207A/en unknown
Also Published As
Publication number | Publication date |
---|---|
CA3037351A1 (en) | 2018-05-03 |
MX2019004860A (en) | 2019-08-12 |
KR20190070332A (en) | 2019-06-20 |
ZA201901670B (en) | 2020-09-30 |
IL266207A (en) | 2019-06-30 |
RU2019112870A (en) | 2020-10-26 |
CN109891847A (en) | 2019-06-14 |
US20180123781A1 (en) | 2018-05-03 |
CL2019001042A1 (en) | 2019-08-30 |
BR112019005123A2 (en) | 2019-06-04 |
EP3533200A1 (en) | 2019-09-04 |
PH12019550031A1 (en) | 2019-12-02 |
JP2019534512A (en) | 2019-11-28 |
EP3533200B1 (en) | 2020-08-19 |
AU2017351050A1 (en) | 2019-03-28 |
CO2019003766A2 (en) | 2019-06-28 |
WO2018080950A1 (en) | 2018-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
SG11201903338WA (en) | Fault tolerant automatic secret rotation | |
SG11201903604PA (en) | Iot security service | |
SG11201906794TA (en) | Systems and methods for issuing and tracking digital tokens within distributed network nodes | |
SG11201906784RA (en) | Systems and methods for issuing and tracking digital tokens within distributed network nodes | |
SG11201901550WA (en) | Method and apparatus for data processing | |
SG11201902981RA (en) | Iot provisioning service | |
SG11201909999RA (en) | Linked multiple blockchain system | |
SG11201806798XA (en) | Systems and methods for allowing a user to access blocked media | |
SG11201809963XA (en) | Application framework using blockchain-based asset ownership | |
SG11201804771WA (en) | Systems and methods for providing financial data to financial instruments in a distributed ledger system | |
SG11201805532XA (en) | Multivalent and multispecific 41bb-binding fusion proteins | |
SG11201811240XA (en) | Systems and methods for route planning | |
SG11201806650VA (en) | Systems and methods for providing a personal distributed ledger | |
SG11202000330XA (en) | Concept for generating an enhanced sound field description or a modified sound field description using a multi-point sound field description | |
SG11201804022SA (en) | Systems and methods for digital identity management and permission controls within distributed network nodes | |
SG11201811691RA (en) | Systems and methods for verifying authenticity of id photo | |
SG11201902982PA (en) | Automatic provisioning of iot devices | |
SG11201805648PA (en) | Crypto multiple security asset creation and redemption platform | |
SG11201407455PA (en) | Seaweed-based food packaging coating | |
SG11201806624XA (en) | Deposition of molybdenum thin films using a molybdenum carbonyl precursor | |
SG11201908293QA (en) | Selective application of reprojection processing on layer sub-regions for optimizing late stage reprojection power | |
SG11201710238QA (en) | Autonomic incident triage prioritization by performance modifier and temporal decay parameters | |
SG11201807307VA (en) | System and method for aerial system discrimination and action | |
SG11201811283PA (en) | System and method for determining safety score of driver | |
SG11201905463TA (en) | Abstract enclave identity |