Abstract: A cryptographic key management service receives a request to import a first cryptographic key. In response to the request, the service creates a public cryptographic key and a private cryptographic key. The private cryptographic key is encrypted using a second cryptographic key to create an import key token. The import key token and the public cryptographic key are provided in response to the request. The service receives an encrypted first cryptographic key, which the service decrypts using the private cryptographic key to obtain the first cryptographic key. The service stores the first cryptographic key and enables its use for the performance of cryptographic operations.

Abstract: A network-based service for the management of cryptographic key, such as a key management service (“KMS”), provides a web service application programming interface (“API”). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules (“HSM”). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request. The key management service uses the metadata to identify a cryptographic device containing the cryptographic key. The key management service generates a set of commands for fulfilling the request such that the commands are compatible with a protocol implemented by the identified cryptographic device, and the set of commands are sent to the identified cryptographic device.

Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.

Abstract: A network-based service for the management of cryptographic key, such as a key management service (“KMS”), provides a web service application programming interface (“API”). Cryptographic keys managed by the service may be stored in a one or more network-connected cryptographic devices such as network-connected hardware security modules (“HSM”). The key management service maintains metadata associated with the cryptographic keys. When a request is received by the key management service, the key management service uses an identifier provided with the request to identify metadata associated with a cryptographic key used to fulfill the request. The key management service uses the metadata to identify a cryptographic device containing the cryptographic key. The key management service generates a set of commands for fulfilling the request such that the commands are compatible with a protocol implemented by the identified cryptographic device, and the set of commands are sent to the identified cryptographic device.

Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.

Abstract: A cryptographic key management service receives a request to import a first cryptographic key. In response to the request, the service creates a public cryptographic key and a private cryptographic key. The private cryptographic key is encrypted using a second cryptographic key to create an import key token. The import key token and the public cryptographic key are provided in response to the request. The service receives an encrypted first cryptographic key, which the service decrypts using the private cryptographic key to obtain the first cryptographic key. The service stores the first cryptographic key and enables its use for the performance of cryptographic operations.

Abstract: Various approaches discussed herein enable validation of an application on a computing device, such as a mobile computing device, prior to that application being invoked by activation of a link in another application. Upon activation of the link in a calling application, the computing device determines a target application to be invoked in response to the activation. Sensitive or confidential data, such as login credentials, may be included in the link to be passed to the target application. By validating either the calling or the target application, the data may be safeguarded by confirming an identity of an application associated with the link.

Abstract: A cryptographic key management service receives a request to import a first cryptographic key. In response to the request, the service creates a public cryptographic key and a private cryptographic key. The private cryptographic key is encrypted using a second cryptographic key to create an import key token. The import key token and the public cryptographic key are provided in response to the request. The service receives an encrypted first cryptographic key, which the service decrypts using the private cryptographic key to obtain the first cryptographic key. The service stores the first cryptographic key and enables its use for the performance of cryptographic operations.

Abstract: A mobile messaging data management service is disclosed. Using a computing device, a merchant or other user of the service may transmit an operation to be run on data in a data store to an interactive computing system. In some embodiments, the operation is transmitted as part of a short messaging service (SMS) message. The interactive computing system may process the operation, and return the results to the computing device from which the message was received. The data management service may also enable a merchant or other user to specify one or more custom operations for future use.