Content delivery services typically provide encrypted digital content, such as videos, music, movies, video games, etc., to various receiving entities requesting such content. To encrypt such content, the content delivery service may utilize one or more cryptographic algorithms that utilize cryptographic keys, such as symmetric keys and asymmetric keys, to encrypt and decrypt the content. In some examples, the cryptographic keys may be derived by inputting a cryptographic seed into the cryptographic algorithm. In many environments, and particularly where the sensitivity and business value of the digital content is high, such cryptographic seeds may have a correspondingly high business value that warrants high levels of security to protect the seeds.
Managing the use, storage and overall security of multiple cryptographic seeds within an enterprise may present challenges. In some examples, a content delivery service may include various content-related workflows that utilize cryptographic seeds. Typically, such content delivery services physically duplicate the cryptographic seeds that are used to derive content encryption keys across the various workflows. Such physical duplication of the cryptographic seeds results in increasing the risk surface area that is exposed to potential security breaches and leaks of the seeds. Additionally, systems that secure two physical copies of the cryptographic seeds in two separate locations employ duplicate security measures for each location, thereby increasing system expenses and complexities.
In some examples an enterprise may have two or more content delivery services that each utilizes specific protection schemes for protecting cryptographic seeds and other sensitive content-related assets. In these examples, the multiple protection schemes may have varying levels of robustness that, when combined, reduce the overall level of system security.