This invention relates to security, encryption, and key management, and more specifically, to such operations, functions, and capabilities for use in accordance with operations based on communication systems and communications related to one or more Key Management Systems (KMSs) that operate based on one or more Threshold Partially-Oblivious Pseudorandom Functions (TP-OPRFs).
In certain prior art communication system systems, ever-increasing quantities of data is stored online. Some data therein is critical, encrypted, secure, and/or private. For example, much of this data is private and some may be protected by confidentiality laws and regulations. Some of the data is encrypted to guard data from malicious insiders, external attackers, and/or accidental exposure requires. Encryption can operate using one or more encryption keys. Without appropriate encryption key(s), encrypted data cannot be deciphered. Therefore, reliable supply and management of keys is essential whenever dealing with encrypted data.
In addition, more recently, certain information is stored within one or more remote storage devices that are operated and maintained by another party. In certain prior art implementations, this other party service provider will have access to and be able to see the one or more encryption keys that is stores, manages, and provides to the clients and/or users that it services. In such situations, such a client and/or user can be totally susceptible and vulnerable to any bad intentions, behavior, lack of trust, etc. of such another party service provider.
Prior art approaches that are implemented to store keys for such uses can be vulnerable to attacks based on their architecture having a potential single point of failure or compromise. For example, without a replication mechanism, given the potential single point of failure or compromise, the prior art does not provide a high degree of reliability. Also, within such prior art systems, a prior art KMS service learns and/or possesses root keys as may be used therein thereby requiring absolute or an acceptably very high degree of trust for such a prior art KMS service. Also, within such prior art systems, a breach of such a KMS service may be result in a situation that cannot be mitigated or may be totally unrecoverable.