Obtaining quorum approval to perform an operation with a cryptographic item of a key management system
地域:
CA
CA Mountain View
摘要
A request to perform an operation with a cryptographic item may be received. A request for approval to perform the requested operation with the cryptographic item may be transmitted to a set of entities based on a policy associated with the cryptographic item. Indications of approval to perform the requested operation may be received from corresponding entities of the set of entities. A determination as to whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number may be made. In response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, the requested operation may be performed with the cryptographic item.
說(shuō)明書(shū)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
Aspects of the present disclosure relate generally to a key management system, and more specifically, relate to obtaining quorum approval to perform an operation with a cryptographic item of a key management system. A key management system may reside in a secure enclave of a computing system that is cryptographically isolated from applications and operating systems executed by the computing system. The key management system may include one or more cryptographic keys, cryptographic plugins, or identifications of entities. The key management system may receive requests from applications to perform operations associated with the cryptographic keys, cryptographic plugins, or identifications of entities of the key management system.
The present disclosure relate to obtaining quorum approval to perform an operation with a cryptographic item of a key management system.
The present disclosure will be understood more fully from the detailed description given below and from the accompanying drawings of various implementations of the disclosure.
權(quán)利要求
What is claimed is:1. A system comprising:a memory; and a processing device, communicably coupled to the memory, the processing device to:receive a request to perform an operation with a cryptographic item; identify a quorum policy based on a group associated with the cryptographic item, wherein the group is further associated with a set of entities, and wherein the quorum policy identifies one or more operations to be approved by one or more entities of the set of entities; determine, based on the quorum policy, whether the requested operation requires approval; responsive to determining that the requested operation requires approval, transmit a request for approval to perform the requested operation with the cryptographic item, the request being transmitted to the set of entities based on the quorum policy associated with the cryptographic item; receive indications of approval to perform the requested operation from corresponding entities of the set of entities; determine whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number specified by the quorum policy; and in response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, perform the requested operation with the cryptographic item. 2. The system of claim 1 , wherein to determine whether the number of the received indications of approval to perform the requested operation with the cryptographic item satisfies the threshold number, the processing device is further to:determine whether at least one of a first number of the received indications of approval from a first subset of the set of entities satisfies a second threshold number or a second number of the received indications of approval from a second subset of the set of entities satisfies a third threshold number. 3. The system of claim 1 , wherein the cryptographic item comprises a cryptographic key, and wherein the operation corresponds to exporting the cryptographic key. 4. The system of claim 1 , wherein the cryptographic item comprises a cryptographic plugin that utilizes a cryptographic key to perform cryptographic operations, and wherein the operation corresponds to a modification of the cryptographic plugin. 5. The system of claim 1 , wherein the operation comprises a modification of one or more entities of the set of entities. 6. The system of claim 1 , wherein the cryptographic item comprises a first cryptographic item and a second cryptographic item and wherein to transmit the request for approval to perform the requested operation, the processing device is further to:transmit a first request for approval to perform the requested operation on the first cryptographic item to a first set of entities associated with the first cryptographic item based on a first policy associated with the first cryptographic item; and transmit a second request for approval to perform the requested operation on the second cryptographic item to a second set of entities associated with the second cryptographic item based on a second policy associated with the second cryptographic item. 7. The system of claim 1 , wherein to determine whether the number of the received indications of approval to perform the requested operation with the cryptographic item satisfies the threshold number, the processing device is further to:determine that the number of the received indications of approval to perform the requested operation with the cryptographic item does not satisfy the threshold number; and in response to determining that the number of the received indications of approval to perform the requested operation with the cryptographic item does not satisfy the threshold number, determine to not perform the requested operation with the cryptographic item. 8. A non-transitory machine-readable storage medium storing instructions that cause a processing device to:receive a request to perform an operation on a cryptographic item; identify a quorum policy based on a group associated with the cryptographic item, wherein the group is further associated with a set of entities, and wherein the quorum policy identifies one or more operations that require approval by one or more entities of the set of entities; determine, based on the quorum policy, whether the requested operation requires approval; responsive to determining that the requested operation requires approval, transmit a request for approval to perform the requested operation on the cryptographic item, the request being transmitted to the set of entities based on the quorum policy associated with the cryptographic item; receive indications of approval to perform the requested operation from corresponding entities of the set of entities; determine whether a number of the received indications of approval to perform the requested operation on the cryptographic item satisfies a threshold number specified by the quorum policy; and in response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, perform the requested operation on the cryptographic item. 9. The non-transitory machine-readable storage medium of claim 8 , wherein to determine whether the number of the received indications of approval to perform the requested operation on the cryptographic item satisfies the threshold number, the processing device is further to:determine whether at least one of a first number of the received indications of approval from a first subset of the set of entities satisfies a second threshold number or a second number of the received indications of approval from a second subset of the set of entities satisfies a third threshold number. 10. The non-transitory machine-readable storage medium of claim 8 , wherein the cryptographic item comprises a cryptographic key, and wherein the operation corresponds to exporting the cryptographic key. 11. The non-transitory machine-readable storage medium of claim 8 , wherein cryptographic item comprises a cryptographic plugin that utilizes a cryptographic key to perform cryptographic operations, and wherein the operation corresponds to a modification of the cryptographic plugin. 12. The non-transitory machine-readable storage medium of claim 8 , wherein the operation comprises a modification of one or more entities of the set of entities. 13. The non-transitory machine-readable storage medium of claim 8 , wherein the cryptographic item comprises a first cryptographic item and a second cryptographic item and wherein to transmit the request for approval to perform the requested operation, the processing device is further to:transmit a first request for approval to perform the requested operation on the first cryptographic item to a first set of entities associated with the first cryptographic item based on a first policy associated with the first cryptographic item; and transmit a second request for approval to perform the requested operation on the second cryptographic item to a second set of entities associated with the second cryptographic item based on a second policy associated with the second cryptographic item. 14. A method comprising:receiving a request to perform an operation with a cryptographic item; identifying a quorum policy based on a group associated with the cryptographic item, wherein the group is further associated with a set of entities, and wherein the quorum policy identifies one or more operations that require approval by one or more entities of the set of entities; determining, based on the quorum policy, whether the requested operation requires approval; responsive to determining that the requested operation requires approval, transmitting a request for approval to perform the requested operation with the cryptographic item, the request being transmitted to the set of entities based on the quorum policy associated with the cryptographic item; receiving indications of approval to perform the requested operation from corresponding entities of the set of entities; determining whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number specified by the quorum policy; and in response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, performing the requested operation with the cryptographic item. 15. The method of claim 14 , wherein determining whether the number of the received indications of approval to perform the requested operation with the cryptographic item satisfies the threshold number comprises:determining whether at least one of a first number of the received indications of approval from a first subset of the set of entities satisfies a second threshold number or a second number of the received indications of approval from a second subset of the set of entities satisfies a third threshold number. 16. The method of claim 14 , wherein the cryptographic item comprises a cryptographic key, and wherein the operation corresponds to exporting the cryptographic key. 17. The method of claim 14 , wherein the cryptographic item comprises a cryptographic plugin that utilizes a cryptographic key to perform cryptographic operations, and wherein the operation corresponds to a modification of the cryptographic plugin. 18. The method of claim 14 , wherein the operation comprises a modification of one or more entities of the set of entities. 19. The method of claim 14 , wherein the cryptographic item comprises a first cryptographic item and a second cryptographic item and wherein transmitting the request for approval to perform the requested operation comprises:transmitting a first request for approval to perform the requested operation on the first cryptographic item to a first set of entities associated with the first cryptographic item based on a first policy associated with the first cryptographic item; and transmitting a second request for approval to perform the requested operation on the second cryptographic item to a second set of entities associated with the second cryptographic item based on a second policy associated with the second cryptographic item. 20. The method of claim 14 , wherein determining whether the number of the received indications of approval to perform the requested operation with the cryptographic item satisfies the threshold number comprises:determining that the number of the received indications of approval to perform the requested operation with the cryptographic item does not satisfy the threshold number; and in response to determining that the number of the received indications of approval to perform the requested operation with the cryptographic item does not satisfy the threshold number, determining to not perform the requested operation with the cryptographic item.
意見(jiàn)反饋
使用該功能遇到問(wèn)題
該功能需要專業(yè)版企業(yè)版VIP權(quán)限,您可以:
您也可以聯(lián)系官方QQ: 2157717237 電話: 13264338900