公开(公告)号：US10819513B2

公开(公告)日：2020-10-27

申请号：US15948405

申请日：2018-04-09

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L29/06 ,  H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US20210014056A1

公开(公告)日：2021-01-14

申请号：US17031720

申请日：2020-09-24

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US20190173674A1

公开(公告)日：2019-06-06

申请号：US15948405

申请日：2018-04-09

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L9/08

CPC classification number: H04L9/0891 ,  H04L9/0822 ,  H04L9/0894

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.

公开(公告)号：US11374749B2

公开(公告)日：2022-06-28

申请号：US17031720

申请日：2020-09-24

Applicant: Oracle International Corporation

Inventor： Amit Agarwal ,  Rohit Koul ,  Srikant Krishnapuram Tirumalai ,  Jie Wang ,  Xinnong Wang

IPC: H04L29/06 ,  H04L9/08

Abstract: An example method facilitates enabling Key Encryption Key (KEK) rotation for a running multi-tenant system without requiring system downtime or interruption. The example method facilitates decrypting a set of one or more DEKs using a preexisting KEK; using a new KEK to re-encode the DEKs using the new KEK, all while simultaneously enabling servicing of tenant requests. This is enabled in part, by strategic caching of tenant DEKs in a secure local memory, wherein the cached tenant DEKs are maintained in the clear and are readily accessible to running processes that are using the DEKs to decrypt and access tenant data, irrespective of the state of a background process used to implement the KEK rotation to the new KEK.