Abstract: A background module in a multi-tiered encryption system verifies the integrity of keys used to encrypt and decrypt data. Each encryption tier in the system can include a node programmed to service encryption and/or decryption requests, a key store to store encryption keys, and an audit log to store key identifiers. Each computing node may include a background module that continuously or periodically verifies the integrity of keys. For example, the background module may retrieve an identifier in the audit log, retrieve the object stored at a location in the key data store identified by the identifier, decrypt the encrypted key in the object, and use the decrypted key to decrypt the encrypted identifier in the object. The identifier is compared with the decrypted identifier, and if the identifiers do not match, the background module generates an alert indicating that the key is not valid.

Abstract: A re-encryption service module in a multi-tiered encryption system that manages key rotation policies continuously or periodically re-encrypts data. Each encryption tier in the system can include a node programmed to service encryption, decryption, and/or re-encryption requests and a key store to store encryption keys. A computing node that interfaces with a requesting device may include the re-encryption service module. The re-encryption module may receive encrypted data and a key identifier identifying the key used to encrypt the data. The re-encryption module may decrypt the encrypted data using the identified key, retrieve a new key if the identified key is exhausted, and use the new key to encrypt the decrypted data. The key identifier may be updated to identify the new key and the re-encrypted data and the updated key identifier may be transmitted to the requesting device.

Abstract: A multi-tiered encryption system efficiently regulates the use of encryption keys to encrypt and decrypt data. The system can include one or more encryption tiers. Each encryption tier can include a computing node programmed to service encryption and/or decryption requests and a key store to store encryption keys. At a root encryption tier, an unencrypted root encryption key can be stored in the key store. Each subsequent encryption tier includes encryption keys that are encrypted by encryption keys stored at a lower encryption tier. The encryption tiers collectively implement an encryption policy in which keys are automatically created and rotated such that a requesting device can request encryption services from the multi-tiered encryption system and receive the encryption services independent of key creation or key rotation and without access to the unencrypted root encryption key.

Abstract: Methods and systems for allowing system administrators to effectively debug access control issues experience by users without comprising security. In some embodiment, when a user's request to access services provided by a service provider is denied, the user may be issued a token that encodes some of debugging information useful for determining the cause of the denial of access. The debugging information may be encoded such that it is inaccessible to the user. Subsequently, the user may give the token to an administrator. The administrator may submit the token to the service provider, which may decode the token and provide the administrator access to debugging information that is useful for debugging access control policies causing the denial of access.