Abstract: A method includes receiving input data that includes a plurality of input parts, wherein the input data corresponds to a data schema, wherein the data schema includes a plurality of schema parts, wherein each schema part specifies a set of one or more possible values, and wherein each input part satisfies a respective schema part. The method further includes generating an intermediate numeric value that represents the input data, generating, using a format-preserving encryption algorithm, an encrypted numeric value based on the intermediate numeric value, determining a number of possible values that satisfy the data schema, determining whether the encrypted numeric value satisfies a threshold criterion based on the number of possible values that satisfy the data schema, and responsive to determining that the encrypted numeric value satisfies the threshold criterion, generating, based on the encrypted numeric value, output data that conforms to the data schema.

Abstract: A request may be received from an application for a performance of an operation associated with a cryptographic key that is stored at a secure enclave. A plugin of the secure enclave may be identified from the request for performance of the operation. The operation associated with the cryptographic key may be performed by using the plugin of the secure enclave to generate an output within the secure enclave. The output generated within the secure enclave and based on the plugin may be provided to the application.

Abstract: A request to perform an operation with a cryptographic item may be received. A request for approval to perform the requested operation with the cryptographic item may be transmitted to a set of entities based on a policy associated with the cryptographic item. Indications of approval to perform the requested operation may be received from corresponding entities of the set of entities. A determination as to whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number may be made. In response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, the requested operation may be performed with the cryptographic item.

Abstract: A request to perform an operation with a cryptographic item may be received. A request for approval to perform the requested operation with the cryptographic item may be transmitted to a set of entities based on a policy associated with the cryptographic item. Indications of approval to perform the requested operation may be received from corresponding entities of the set of entities. A determination as to whether a number of the received indications of approval to perform the requested operation with the cryptographic item satisfies a threshold number may be made. In response to determining that the number of the received indications of approval from the corresponding entities of the set of entities satisfies the threshold number, the requested operation may be performed with the cryptographic item.

Abstract: A first connection between a first network server and a second network server may be established where the first connection is based on a connection key stored at a secure location of the first network server. A request for one or more cryptographic keys may be transmitted from the first network server to the second network server. The first network server may receive the one or more cryptographic keys from the second network server over the first connection. The one or more cryptographic keys from the second server may be stored at the secure location of the first network server that is storing the connection key used to establish the first connection.

Abstract: A request may be received from an application for a performance of an operation associated with a cryptographic key that is stored at a secure enclave. A plugin of the secure enclave may be identified from the request for performance of the operation. The operation associated with the cryptographic key may be performed by using the plugin of the secure enclave to generate an output within the secure enclave. The output generated within the secure enclave and based on the plugin may be provided to the application.

Abstract: A first connection between a first network server and a second network server may be established where the first connection is based on a connection key stored at a secure location of the first network server. A request for one or more cryptographic keys may be transmitted from the first network server to the second network server. The first network server may receive the one or more cryptographic keys from the second network server over the first connection. The one or more cryptographic keys from the second server may be stored at the secure location of the first network server that is storing the connection key used to establish the first connection.