Amazon.com, Inc.
Hierarchically encrypted data management system

Abstract:

A data storage and retrieval system stores a collection of data in which a first portion is encrypted using a first cryptographic key, and comprises a second portion encrypting using a second cryptographic key. The data storage and retrieval system receives a request to query the collection on behalf of a security principal. The request comprises information indicative of the first and second keys. The system confirms the authorization of the security principal to access at least some of the collection of data, and generates intermediate results which comprise the encrypted first and second portions. The system causes the intermediate results to be decrypted using the first and second key information.