US Patent 11075753 System and method for cryptographic key fragments management

A system, a method and a computer program product and a system, for Key Fragment Management (KFM). The KFM system comprises a plurality of KFM instances and a client device. At least two KFM instances are executed on execution platforms of two different service providers. Each KFM instance retains a root key fragment. The client device is configured to perform a cryptographic process relating to a data item using a data-specific key. Each KFM instance is configured to generate a data-specific key fragment based on a data identifier of the data item and based on the root key fragment in response to the client device requesting to generate the data-specific key for the data item. The data-specific key is generated based on a plurality of data-specific key fragments generated by the each KFM instances.