公开(公告)号：US10129034B2

公开(公告)日：2018-11-13

申请号：US15946614

申请日：2018-04-05

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Gregory Alan Rubin ,  Nicholas Alexander Allen ,  Andrew Kyle Driggs ,  Eric Jason Brandwine

IPC: H04L9/32 ,  H04L9/30 ,  H04L9/14 ,  H04L9/08 ,  H04L9/06

Abstract: A signature authority generates a master seed value that is used to generate a seed tree of subordinate nodes. Each subordinate node of the seed tree is generated from the value of its parent node using a cryptographic hash or one-way function. The signature authority selects subordinate seed values from the seed tree which are distributed to one or more subordinates, each of which generates a set of one-time-use cryptographic keys from the provided seed. Each subordinate generates a hash tree from its set of one-time-use cryptographic keys, and returns the root of its hash tree to the signature authority. The signature authority integrates the hashes provided by the key generators into a comprehensive hash tree, and the root of the hash tree acts as a public key for the signature authority.

公开(公告)号：US20180183592A1

公开(公告)日：2018-06-28

申请号：US15389686

申请日：2016-12-23

Applicant: Amazon Technologies, Inc.

Inventor： Matthew John Campagna ,  Eric Jason Brandwine ,  Andrew Kyle Driggs

IPC: H04L9/30 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

CPC classification number: H04L9/0836 ,  H04L2209/30

Abstract: An organizational signature authority delegates signature authority to one or more subordinate signature authorities by rolling up public keys from the subordinate signature authorities into a public key for the organization. A subordinate signature authority of the organizational signature authority generates cryptographic keys for use by the subordinate signature authority, and cryptographically derives a public key for the subordinate signature authority based at least in part on the cryptographic keys. In some examples, the subordinate signature authority acquires public keys from a lower subordinate signature authority, and the public key of the subordinate signature authority is cryptographically derived in part from the public key of the lower subordinate signature authority. The public key of the subordinate signature authority is provided to the organizational signature authority. A hash tree is generated from the public keys of the subordinate signature authorities to create the public key for the organization.